package org.apache.poi.poifs.crypt.agile;

import cn.hutool.crypto.KeyUtil;
import com.microsoft.schemas.office.x2006.encryption.CTKeyEncryptor;
import com.microsoft.schemas.office.x2006.encryption.EncryptionDocument;
import com.microsoft.schemas.office.x2006.keyEncryptor.certificate.CTCertificateKeyEncryptor;
import com.microsoft.schemas.office.x2006.keyEncryptor.password.CTPasswordKeyEncryptor;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Stream;
import org.apache.commons.compress.compressors.bzip2.BZip2Constants;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.poifs.crypt.ChainingMode;
import org.apache.poi.poifs.crypt.CipherAlgorithm;
import org.apache.poi.poifs.crypt.EncryptionVerifier;
import org.apache.poi.poifs.crypt.HashAlgorithm;

/* loaded from: input_file:WEB-INF/lib/poi-ooxml-4.1.2.jar:org/apache/poi/poifs/crypt/agile/AgileEncryptionVerifier.class */
public class AgileEncryptionVerifier extends EncryptionVerifier {
    private final List<AgileCertificateEntry> certList;
    private int keyBits;
    private int blockSize;

    /* loaded from: input_file:WEB-INF/lib/poi-ooxml-4.1.2.jar:org/apache/poi/poifs/crypt/agile/AgileEncryptionVerifier$AgileCertificateEntry.class */
    public static class AgileCertificateEntry {
        X509Certificate x509;
        byte[] encryptedKey;
        byte[] certVerifier;

        public AgileCertificateEntry() {
        }

        public AgileCertificateEntry(AgileCertificateEntry agileCertificateEntry) {
            this.x509 = agileCertificateEntry.x509;
            this.encryptedKey = agileCertificateEntry.encryptedKey == null ? null : (byte[]) agileCertificateEntry.encryptedKey.clone();
            this.certVerifier = agileCertificateEntry.certVerifier == null ? null : (byte[]) agileCertificateEntry.certVerifier.clone();
        }
    }

    public AgileEncryptionVerifier(String str) {
        this(AgileEncryptionInfoBuilder.parseDescriptor(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AgileEncryptionVerifier(EncryptionDocument encryptionDocument) {
        this.certList = new ArrayList();
        this.keyBits = -1;
        this.blockSize = -1;
        Iterator<CTKeyEncryptor> it = encryptionDocument.getEncryption().getKeyEncryptors().getKeyEncryptorList().iterator();
        try {
            CTPasswordKeyEncryptor encryptedPasswordKey = it.next().getEncryptedPasswordKey();
            if (encryptedPasswordKey == null) {
                throw new NullPointerException("encryptedKey not set");
            }
            int keyBits = (int) encryptedPasswordKey.getKeyBits();
            setCipherAlgorithm(CipherAlgorithm.fromXmlId(encryptedPasswordKey.getCipherAlgorithm().toString(), keyBits));
            setKeySize(keyBits);
            setBlockSize(encryptedPasswordKey.getBlockSize());
            int hashSize = encryptedPasswordKey.getHashSize();
            setHashAlgorithm(HashAlgorithm.fromEcmaId(encryptedPasswordKey.getHashAlgorithm().toString()));
            if (getHashAlgorithm().hashSize != hashSize) {
                throw new EncryptedDocumentException("Unsupported hash algorithm: " + encryptedPasswordKey.getHashAlgorithm() + " @ " + hashSize + " bytes");
            }
            setSpinCount(encryptedPasswordKey.getSpinCount());
            setEncryptedVerifier(encryptedPasswordKey.getEncryptedVerifierHashInput());
            setSalt(encryptedPasswordKey.getSaltValue());
            setEncryptedKey(encryptedPasswordKey.getEncryptedKeyValue());
            setEncryptedVerifierHash(encryptedPasswordKey.getEncryptedVerifierHashValue());
            if (encryptedPasswordKey.getSaltSize() != getSalt().length) {
                throw new EncryptedDocumentException("Invalid salt size");
            }
            switch (encryptedPasswordKey.getCipherChaining().intValue()) {
                case 1:
                    setChainingMode(ChainingMode.cbc);
                    break;
                case 2:
                    setChainingMode(ChainingMode.cfb);
                    break;
                default:
                    throw new EncryptedDocumentException("Unsupported chaining mode - " + encryptedPasswordKey.getCipherChaining());
            }
            if (it.hasNext()) {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance(KeyUtil.CERT_TYPE_X509);
                    while (it.hasNext()) {
                        CTCertificateKeyEncryptor encryptedCertificateKey = it.next().getEncryptedCertificateKey();
                        AgileCertificateEntry agileCertificateEntry = new AgileCertificateEntry();
                        agileCertificateEntry.certVerifier = encryptedCertificateKey.getCertVerifier();
                        agileCertificateEntry.encryptedKey = encryptedCertificateKey.getEncryptedKeyValue();
                        agileCertificateEntry.x509 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(encryptedCertificateKey.getX509Certificate()));
                        this.certList.add(agileCertificateEntry);
                    }
                } catch (GeneralSecurityException e) {
                    throw new EncryptedDocumentException("can't parse X509 certificate", e);
                }
            }
        } catch (Exception e2) {
            throw new EncryptedDocumentException("Unable to parse keyData", e2);
        }
    }

    public AgileEncryptionVerifier(CipherAlgorithm cipherAlgorithm, HashAlgorithm hashAlgorithm, int i, int i2, ChainingMode chainingMode) {
        this.certList = new ArrayList();
        this.keyBits = -1;
        this.blockSize = -1;
        setCipherAlgorithm(cipherAlgorithm);
        setHashAlgorithm(hashAlgorithm);
        setChainingMode(chainingMode);
        setKeySize(i);
        setBlockSize(i2);
        setSpinCount(BZip2Constants.BASEBLOCKSIZE);
    }

    public AgileEncryptionVerifier(AgileEncryptionVerifier agileEncryptionVerifier) {
        super(agileEncryptionVerifier);
        this.certList = new ArrayList();
        this.keyBits = -1;
        this.blockSize = -1;
        this.keyBits = agileEncryptionVerifier.keyBits;
        this.blockSize = agileEncryptionVerifier.blockSize;
        Stream<R> map = agileEncryptionVerifier.certList.stream().map(AgileCertificateEntry::new);
        List<AgileCertificateEntry> list = this.certList;
        list.getClass();
        map.forEach((v1) -> {
            r1.add(v1);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setSalt(byte[] bArr) {
        if (bArr == null || bArr.length != getCipherAlgorithm().blockSize) {
            throw new EncryptedDocumentException("invalid verifier salt");
        }
        super.setSalt(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedVerifier(byte[] bArr) {
        super.setEncryptedVerifier(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedVerifierHash(byte[] bArr) {
        super.setEncryptedVerifierHash(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedKey(byte[] bArr) {
        super.setEncryptedKey(bArr);
    }

    public void addCertificate(X509Certificate x509Certificate) {
        AgileCertificateEntry agileCertificateEntry = new AgileCertificateEntry();
        agileCertificateEntry.x509 = x509Certificate;
        this.certList.add(agileCertificateEntry);
    }

    public List<AgileCertificateEntry> getCertificates() {
        return this.certList;
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier, org.apache.poi.common.Duplicatable
    public AgileEncryptionVerifier copy() {
        return new AgileEncryptionVerifier(this);
    }

    public int getKeySize() {
        return this.keyBits;
    }

    public int getBlockSize() {
        return this.blockSize;
    }

    protected void setKeySize(int i) {
        this.keyBits = i;
        for (int i2 : getCipherAlgorithm().allowedKeySize) {
            if (i2 == i) {
                return;
            }
        }
        throw new EncryptedDocumentException("KeySize " + i + " not allowed for cipher " + getCipherAlgorithm());
    }

    protected void setBlockSize(int i) {
        this.blockSize = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public final void setCipherAlgorithm(CipherAlgorithm cipherAlgorithm) {
        super.setCipherAlgorithm(cipherAlgorithm);
        if (cipherAlgorithm.allowedKeySize.length == 1) {
            setKeySize(cipherAlgorithm.defaultKeySize);
        }
    }
}
