package org.apache.pdfbox.pdmodel.encryption;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.IdentityHashMap;
import java.util.Map;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.pdfbox.cos.COSArray;
import org.apache.pdfbox.cos.COSBase;
import org.apache.pdfbox.cos.COSDictionary;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.cos.COSStream;
import org.apache.pdfbox.cos.COSString;
import org.apache.pdfbox.io.IOUtils;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.util.Charsets;

/* loaded from: input_file:pdfbox-2.0.23.jar:org/apache/pdfbox/pdmodel/encryption/SecurityHandler.class */
public abstract class SecurityHandler {
    private static final int DEFAULT_KEY_LENGTH = 40;
    protected byte[] encryptionKey;
    private boolean decryptMetadata;
    private SecureRandom customSecureRandom;
    private boolean useAES;
    private COSName streamFilterName;
    private COSName stringFilterName;
    private static final Log LOG = LogFactory.getLog(SecurityHandler.class);
    private static final byte[] AES_SALT = {115, 65, 108, 84};
    protected int keyLength = 40;
    private final RC4Cipher rc4 = new RC4Cipher();
    private final Set<COSBase> objects = Collections.newSetFromMap(new IdentityHashMap());
    private ProtectionPolicy protectionPolicy = null;
    private AccessPermission currentAccessPermission = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public void setDecryptMetadata(boolean z) {
        this.decryptMetadata = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setStringFilterName(COSName cOSName) {
        this.stringFilterName = cOSName;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setStreamFilterName(COSName cOSName) {
        this.streamFilterName = cOSName;
    }

    public void setCustomSecureRandom(SecureRandom secureRandom) {
        this.customSecureRandom = secureRandom;
    }

    public abstract void prepareDocumentForEncryption(PDDocument pDDocument) throws IOException;

    public abstract void prepareForDecryption(PDEncryption pDEncryption, COSArray cOSArray, DecryptionMaterial decryptionMaterial) throws IOException;

    private void encryptData(long j, long j2, InputStream inputStream, OutputStream outputStream, boolean z) throws IOException {
        if (this.useAES && this.encryptionKey.length == 32) {
            encryptDataAES256(inputStream, outputStream, z);
        } else {
            byte[] calcFinalKey = calcFinalKey(j, j2);
            if (this.useAES) {
                encryptDataAESother(calcFinalKey, inputStream, outputStream, z);
            } else {
                encryptDataRC4(calcFinalKey, inputStream, outputStream);
            }
        }
        outputStream.flush();
    }

    private byte[] calcFinalKey(long j, long j2) {
        byte[] bArr = new byte[this.encryptionKey.length + 5];
        System.arraycopy(this.encryptionKey, 0, bArr, 0, this.encryptionKey.length);
        bArr[bArr.length - 5] = (byte) (j & 255);
        bArr[bArr.length - 4] = (byte) ((j >> 8) & 255);
        bArr[bArr.length - 3] = (byte) ((j >> 16) & 255);
        bArr[bArr.length - 2] = (byte) (j2 & 255);
        bArr[bArr.length - 1] = (byte) ((j2 >> 8) & 255);
        MessageDigest md5 = MessageDigests.getMD5();
        md5.update(bArr);
        if (this.useAES) {
            md5.update(AES_SALT);
        }
        byte[] digest = md5.digest();
        int min = Math.min(bArr.length, 16);
        byte[] bArr2 = new byte[min];
        System.arraycopy(digest, 0, bArr2, 0, min);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void encryptDataRC4(byte[] bArr, InputStream inputStream, OutputStream outputStream) throws IOException {
        this.rc4.setKey(bArr);
        this.rc4.write(inputStream, outputStream);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void encryptDataRC4(byte[] bArr, byte[] bArr2, OutputStream outputStream) throws IOException {
        this.rc4.setKey(bArr);
        this.rc4.write(bArr2, outputStream);
    }

    private void encryptDataAESother(byte[] bArr, InputStream inputStream, OutputStream outputStream, boolean z) throws IOException {
        byte[] bArr2 = new byte[16];
        if (!prepareAESInitializationVector(z, bArr2, inputStream, outputStream)) {
            return;
        }
        try {
            Cipher createCipher = createCipher(bArr, bArr2, z);
            byte[] bArr3 = new byte[256];
            while (true) {
                int read = inputStream.read(bArr3);
                if (read == -1) {
                    outputStream.write(createCipher.doFinal());
                    return;
                } else {
                    byte[] update = createCipher.update(bArr3, 0, read);
                    if (update != null) {
                        outputStream.write(update);
                    }
                }
            }
        } catch (GeneralSecurityException e) {
            throw new IOException(e);
        }
    }

    private void encryptDataAES256(InputStream inputStream, OutputStream outputStream, boolean z) throws IOException {
        byte[] bArr = new byte[16];
        if (prepareAESInitializationVector(z, bArr, inputStream, outputStream)) {
            try {
                CipherInputStream cipherInputStream = new CipherInputStream(inputStream, createCipher(this.encryptionKey, bArr, z));
                try {
                    try {
                        IOUtils.copy(cipherInputStream, outputStream);
                        cipherInputStream.close();
                    } catch (IOException e) {
                        if (!(e.getCause() instanceof GeneralSecurityException)) {
                            throw e;
                        }
                        LOG.debug("A GeneralSecurityException occurred when decrypting some stream data", e);
                        cipherInputStream.close();
                    }
                } catch (Throwable th) {
                    cipherInputStream.close();
                    throw th;
                }
            } catch (GeneralSecurityException e2) {
                throw new IOException(e2);
            }
        }
    }

    private Cipher createCipher(byte[] bArr, byte[] bArr2, boolean z) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(z ? 2 : 1, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr2));
        return cipher;
    }

    private boolean prepareAESInitializationVector(boolean z, byte[] bArr, InputStream inputStream, OutputStream outputStream) throws IOException {
        if (!z) {
            getSecureRandom().nextBytes(bArr);
            outputStream.write(bArr);
            return true;
        }
        int populateBuffer = (int) IOUtils.populateBuffer(inputStream, bArr);
        if (populateBuffer == -1) {
            return false;
        }
        if (populateBuffer != bArr.length) {
            throw new IOException("AES initialization vector not fully read: only " + populateBuffer + " bytes read instead of " + bArr.length);
        }
        return true;
    }

    private SecureRandom getSecureRandom() {
        return this.customSecureRandom != null ? this.customSecureRandom : new SecureRandom();
    }

    public void decrypt(COSBase cOSBase, long j, long j2) throws IOException {
        if ((cOSBase instanceof COSString) || (cOSBase instanceof COSDictionary) || (cOSBase instanceof COSArray)) {
            if (cOSBase instanceof COSString) {
                if (this.objects.contains(cOSBase)) {
                    return;
                }
                this.objects.add(cOSBase);
                decryptString((COSString) cOSBase, j, j2);
                return;
            }
            if (cOSBase instanceof COSStream) {
                if (this.objects.contains(cOSBase)) {
                    return;
                }
                this.objects.add(cOSBase);
                decryptStream((COSStream) cOSBase, j, j2);
                return;
            }
            if (cOSBase instanceof COSDictionary) {
                decryptDictionary((COSDictionary) cOSBase, j, j2);
            } else if (cOSBase instanceof COSArray) {
                decryptArray((COSArray) cOSBase, j, j2);
            }
        }
    }

    public void decryptStream(COSStream cOSStream, long j, long j2) throws IOException {
        if (COSName.IDENTITY.equals(this.streamFilterName)) {
            return;
        }
        COSName cOSName = cOSStream.getCOSName(COSName.TYPE);
        if ((this.decryptMetadata || !COSName.METADATA.equals(cOSName)) && !COSName.XREF.equals(cOSName)) {
            if (COSName.METADATA.equals(cOSName)) {
                InputStream createRawInputStream = cOSStream.createRawInputStream();
                byte[] bArr = new byte[10];
                IOUtils.populateBuffer(createRawInputStream, bArr);
                createRawInputStream.close();
                if (Arrays.equals(bArr, "<?xpacket ".getBytes(Charsets.ISO_8859_1))) {
                    LOG.warn("Metadata is not encrypted, but was expected to be");
                    LOG.warn("Read PDF specification about EncryptMetadata (default value: true)");
                    return;
                }
            }
            decryptDictionary(cOSStream, j, j2);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(IOUtils.toByteArray(cOSStream.createRawInputStream()));
            OutputStream createRawOutputStream = cOSStream.createRawOutputStream();
            try {
                try {
                    encryptData(j, j2, byteArrayInputStream, createRawOutputStream, true);
                    createRawOutputStream.close();
                } catch (IOException e) {
                    LOG.error(e.getClass().getSimpleName() + " thrown when decrypting object " + j + StringUtils.SPACE + j2 + " obj");
                    throw e;
                }
            } catch (Throwable th) {
                createRawOutputStream.close();
                throw th;
            }
        }
    }

    public void encryptStream(COSStream cOSStream, long j, int i) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(IOUtils.toByteArray(cOSStream.createRawInputStream()));
        OutputStream createRawOutputStream = cOSStream.createRawOutputStream();
        try {
            encryptData(j, i, byteArrayInputStream, createRawOutputStream, false);
            createRawOutputStream.close();
        } catch (Throwable th) {
            createRawOutputStream.close();
            throw th;
        }
    }

    private void decryptDictionary(COSDictionary cOSDictionary, long j, long j2) throws IOException {
        if (cOSDictionary.getItem(COSName.CF) != null) {
            return;
        }
        COSBase dictionaryObject = cOSDictionary.getDictionaryObject(COSName.TYPE);
        boolean z = COSName.SIG.equals(dictionaryObject) || COSName.DOC_TIME_STAMP.equals(dictionaryObject) || ((cOSDictionary.getDictionaryObject(COSName.CONTENTS) instanceof COSString) && (cOSDictionary.getDictionaryObject(COSName.BYTERANGE) instanceof COSArray));
        for (Map.Entry<COSName, COSBase> entry : cOSDictionary.entrySet()) {
            if (!z || !COSName.CONTENTS.equals(entry.getKey())) {
                COSBase value = entry.getValue();
                if ((value instanceof COSString) || (value instanceof COSArray) || (value instanceof COSDictionary)) {
                    decrypt(value, j, j2);
                }
            }
        }
    }

    private void decryptString(COSString cOSString, long j, long j2) throws IOException {
        if (COSName.IDENTITY.equals(this.stringFilterName)) {
            return;
        }
        InputStream byteArrayInputStream = new ByteArrayInputStream(cOSString.getBytes());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            encryptData(j, j2, byteArrayInputStream, byteArrayOutputStream, true);
            cOSString.setValue(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            LOG.error("Failed to decrypt COSString of length " + cOSString.getBytes().length + " in object " + j + ": " + e.getMessage());
        }
    }

    public void encryptString(COSString cOSString, long j, int i) throws IOException {
        InputStream byteArrayInputStream = new ByteArrayInputStream(cOSString.getBytes());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        encryptData(j, i, byteArrayInputStream, byteArrayOutputStream, false);
        cOSString.setValue(byteArrayOutputStream.toByteArray());
    }

    private void decryptArray(COSArray cOSArray, long j, long j2) throws IOException {
        for (int i = 0; i < cOSArray.size(); i++) {
            decrypt(cOSArray.get(i), j, j2);
        }
    }

    public int getKeyLength() {
        return this.keyLength;
    }

    public void setKeyLength(int i) {
        this.keyLength = i;
    }

    public void setCurrentAccessPermission(AccessPermission accessPermission) {
        this.currentAccessPermission = accessPermission;
    }

    public AccessPermission getCurrentAccessPermission() {
        return this.currentAccessPermission;
    }

    public boolean isAES() {
        return this.useAES;
    }

    public void setAES(boolean z) {
        this.useAES = z;
    }

    public boolean hasProtectionPolicy() {
        return this.protectionPolicy != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ProtectionPolicy getProtectionPolicy() {
        return this.protectionPolicy;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setProtectionPolicy(ProtectionPolicy protectionPolicy) {
        this.protectionPolicy = protectionPolicy;
    }

    public byte[] getEncryptionKey() {
        return this.encryptionKey;
    }

    public void setEncryptionKey(byte[] bArr) {
        this.encryptionKey = bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int computeVersionNumber() {
        if (this.keyLength == 40) {
            return 1;
        }
        if (this.keyLength == 128 && this.protectionPolicy.isPreferAES()) {
            return 4;
        }
        return this.keyLength == 256 ? 5 : 2;
    }
}
