package org.apache.poi.poifs.crypt.agile;

import com.itextpdf.text.pdf.security.SecurityConstants;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.poifs.crypt.ChainingMode;
import org.apache.poi.poifs.crypt.ChunkedCipherInputStream;
import org.apache.poi.poifs.crypt.CipherAlgorithm;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.Decryptor;
import org.apache.poi.poifs.crypt.EncryptionHeader;
import org.apache.poi.poifs.crypt.EncryptionInfo;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.agile.AgileEncryptionVerifier;
import org.apache.poi.poifs.filesystem.DirectoryNode;
import org.apache.poi.poifs.filesystem.DocumentInputStream;
import org.apache.poi.util.LittleEndian;

/* loaded from: input_file:WEB-INF/lib/poi-ooxml-4.0.1.jar:org/apache/poi/poifs/crypt/agile/AgileDecryptor.class */
public class AgileDecryptor extends Decryptor implements Cloneable {
    private long _length = -1;
    static final byte[] kVerifierInputBlock = {-2, -89, -46, 118, 59, 75, -98, 121};
    static final byte[] kHashedVerifierBlock = {-41, -86, 15, 109, 48, 97, 52, 78};
    static final byte[] kCryptoKeyBlock = {20, 110, 11, -25, -85, -84, -48, -42};
    static final byte[] kIntegrityKeyBlock = {95, -78, -83, 1, 12, -71, -31, -10};
    static final byte[] kIntegrityValueBlock = {-96, 103, Byte.MAX_VALUE, 2, -78, 44, -124, 51};

    /* loaded from: input_file:WEB-INF/lib/poi-ooxml-4.0.1.jar:org/apache/poi/poifs/crypt/agile/AgileDecryptor$AgileCipherInputStream.class */
    private class AgileCipherInputStream extends ChunkedCipherInputStream {
        public AgileCipherInputStream(DocumentInputStream documentInputStream, long j) throws GeneralSecurityException {
            super(documentInputStream, j, 4096);
        }

        @Override // org.apache.poi.poifs.crypt.ChunkedCipherInputStream
        protected Cipher initCipherForBlock(Cipher cipher, int i) throws GeneralSecurityException {
            return AgileDecryptor.initCipherForBlock(cipher, i, false, AgileDecryptor.this.getEncryptionInfo(), AgileDecryptor.this.getSecretKey(), 2);
        }
    }

    @Override // org.apache.poi.poifs.crypt.Decryptor
    public boolean verifyPassword(String str) throws GeneralSecurityException {
        AgileEncryptionVerifier agileEncryptionVerifier = (AgileEncryptionVerifier) getEncryptionInfo().getVerifier();
        AgileEncryptionHeader agileEncryptionHeader = (AgileEncryptionHeader) getEncryptionInfo().getHeader();
        int blockSize = agileEncryptionHeader.getBlockSize();
        byte[] hashPassword = CryptoFunctions.hashPassword(str, agileEncryptionVerifier.getHashAlgorithm(), agileEncryptionVerifier.getSalt(), agileEncryptionVerifier.getSpinCount());
        byte[] hashInput = hashInput(agileEncryptionVerifier, hashPassword, kVerifierInputBlock, agileEncryptionVerifier.getEncryptedVerifier(), 2);
        setVerifier(hashInput);
        byte[] digest = CryptoFunctions.getMessageDigest(agileEncryptionVerifier.getHashAlgorithm()).digest(hashInput);
        byte[] block0 = CryptoFunctions.getBlock0(hashInput(agileEncryptionVerifier, hashPassword, kHashedVerifierBlock, agileEncryptionVerifier.getEncryptedVerifierHash(), 2), agileEncryptionVerifier.getHashAlgorithm().hashSize);
        SecretKeySpec secretKeySpec = new SecretKeySpec(CryptoFunctions.getBlock0(hashInput(agileEncryptionVerifier, hashPassword, kCryptoKeyBlock, agileEncryptionVerifier.getEncryptedKey(), 2), agileEncryptionHeader.getKeySize() / 8), agileEncryptionHeader.getCipherAlgorithm().jceId);
        byte[] generateIv = CryptoFunctions.generateIv(agileEncryptionHeader.getHashAlgorithm(), agileEncryptionHeader.getKeySalt(), kIntegrityKeyBlock, blockSize);
        CipherAlgorithm cipherAlgorithm = agileEncryptionHeader.getCipherAlgorithm();
        byte[] block02 = CryptoFunctions.getBlock0(CryptoFunctions.getCipher(secretKeySpec, cipherAlgorithm, agileEncryptionHeader.getChainingMode(), generateIv, 2).doFinal(agileEncryptionHeader.getEncryptedHmacKey()), agileEncryptionHeader.getHashAlgorithm().hashSize);
        byte[] block03 = CryptoFunctions.getBlock0(CryptoFunctions.getCipher(secretKeySpec, cipherAlgorithm, agileEncryptionVerifier.getChainingMode(), CryptoFunctions.generateIv(agileEncryptionHeader.getHashAlgorithm(), agileEncryptionHeader.getKeySalt(), kIntegrityValueBlock, blockSize), 2).doFinal(agileEncryptionHeader.getEncryptedHmacValue()), agileEncryptionHeader.getHashAlgorithm().hashSize);
        if (!Arrays.equals(block0, digest)) {
            return false;
        }
        setSecretKey(secretKeySpec);
        setIntegrityHmacKey(block02);
        setIntegrityHmacValue(block03);
        return true;
    }

    public boolean verifyPassword(KeyPair keyPair, X509Certificate x509Certificate) throws GeneralSecurityException {
        AgileEncryptionVerifier agileEncryptionVerifier = (AgileEncryptionVerifier) getEncryptionInfo().getVerifier();
        AgileEncryptionHeader agileEncryptionHeader = (AgileEncryptionHeader) getEncryptionInfo().getHeader();
        HashAlgorithm hashAlgorithm = agileEncryptionHeader.getHashAlgorithm();
        CipherAlgorithm cipherAlgorithm = agileEncryptionHeader.getCipherAlgorithm();
        int blockSize = agileEncryptionHeader.getBlockSize();
        AgileEncryptionVerifier.AgileCertificateEntry agileCertificateEntry = null;
        Iterator<AgileEncryptionVerifier.AgileCertificateEntry> it = agileEncryptionVerifier.getCertificates().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AgileEncryptionVerifier.AgileCertificateEntry next = it.next();
            if (x509Certificate.equals(next.x509)) {
                agileCertificateEntry = next;
                break;
            }
        }
        if (agileCertificateEntry == null) {
            return false;
        }
        Cipher cipher = Cipher.getInstance(SecurityConstants.RSA);
        cipher.init(2, keyPair.getPrivate());
        SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(agileCertificateEntry.encryptedKey), agileEncryptionVerifier.getCipherAlgorithm().jceId);
        Mac mac = CryptoFunctions.getMac(hashAlgorithm);
        mac.init(secretKeySpec);
        byte[] doFinal = mac.doFinal(agileCertificateEntry.x509.getEncoded());
        byte[] block0 = CryptoFunctions.getBlock0(CryptoFunctions.getCipher(secretKeySpec, cipherAlgorithm, agileEncryptionHeader.getChainingMode(), CryptoFunctions.generateIv(hashAlgorithm, agileEncryptionHeader.getKeySalt(), kIntegrityKeyBlock, blockSize), 2).doFinal(agileEncryptionHeader.getEncryptedHmacKey()), hashAlgorithm.hashSize);
        byte[] block02 = CryptoFunctions.getBlock0(CryptoFunctions.getCipher(secretKeySpec, cipherAlgorithm, agileEncryptionHeader.getChainingMode(), CryptoFunctions.generateIv(hashAlgorithm, agileEncryptionHeader.getKeySalt(), kIntegrityValueBlock, blockSize), 2).doFinal(agileEncryptionHeader.getEncryptedHmacValue()), hashAlgorithm.hashSize);
        if (!Arrays.equals(agileCertificateEntry.certVerifier, doFinal)) {
            return false;
        }
        setSecretKey(secretKeySpec);
        setIntegrityHmacKey(block0);
        setIntegrityHmacValue(block02);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int getNextBlockSize(int i, int i2) {
        int i3 = i2;
        while (true) {
            int i4 = i3;
            if (i4 >= i) {
                return i4;
            }
            i3 = i4 + i2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] hashInput(AgileEncryptionVerifier agileEncryptionVerifier, byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        CipherAlgorithm cipherAlgorithm = agileEncryptionVerifier.getCipherAlgorithm();
        ChainingMode chainingMode = agileEncryptionVerifier.getChainingMode();
        int keySize = agileEncryptionVerifier.getKeySize() / 8;
        int blockSize = agileEncryptionVerifier.getBlockSize();
        HashAlgorithm hashAlgorithm = agileEncryptionVerifier.getHashAlgorithm();
        try {
            return CryptoFunctions.getCipher(new SecretKeySpec(CryptoFunctions.generateKey(bArr, hashAlgorithm, bArr2, keySize), cipherAlgorithm.jceId), cipherAlgorithm, chainingMode, CryptoFunctions.generateIv(hashAlgorithm, agileEncryptionVerifier.getSalt(), null, blockSize), i).doFinal(CryptoFunctions.getBlock0(bArr3, getNextBlockSize(bArr3.length, blockSize)));
        } catch (GeneralSecurityException e) {
            throw new EncryptedDocumentException(e);
        }
    }

    @Override // org.apache.poi.poifs.crypt.Decryptor
    public InputStream getDataStream(DirectoryNode directoryNode) throws IOException, GeneralSecurityException {
        DocumentInputStream createDocumentInputStream = directoryNode.createDocumentInputStream(Decryptor.DEFAULT_POIFS_ENTRY);
        this._length = createDocumentInputStream.readLong();
        return new AgileCipherInputStream(createDocumentInputStream, this._length);
    }

    @Override // org.apache.poi.poifs.crypt.Decryptor
    public long getLength() {
        if (this._length == -1) {
            throw new IllegalStateException("EcmaDecryptor.getDataStream() was not called");
        }
        return this._length;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Cipher initCipherForBlock(Cipher cipher, int i, boolean z, EncryptionInfo encryptionInfo, SecretKey secretKey, int i2) throws GeneralSecurityException {
        EncryptionHeader header = encryptionInfo.getHeader();
        String str = z ? "PKCS5Padding" : "NoPadding";
        if (cipher == null || !cipher.getAlgorithm().endsWith(str)) {
            cipher = CryptoFunctions.getCipher(secretKey, header.getCipherAlgorithm(), header.getChainingMode(), header.getKeySalt(), i2, str);
        }
        byte[] bArr = new byte[4];
        LittleEndian.putInt(bArr, 0, i);
        byte[] generateIv = CryptoFunctions.generateIv(header.getHashAlgorithm(), header.getKeySalt(), bArr, header.getBlockSize());
        cipher.init(i2, secretKey, header.getCipherAlgorithm() == CipherAlgorithm.rc2 ? new RC2ParameterSpec(secretKey.getEncoded().length * 8, generateIv) : new IvParameterSpec(generateIv));
        return cipher;
    }

    @Override // org.apache.poi.poifs.crypt.Decryptor
    /* renamed from: clone */
    public AgileDecryptor mo8882clone() throws CloneNotSupportedException {
        return (AgileDecryptor) super.mo8882clone();
    }
}
