package org.docx4j.org.apache.poi.poifs.crypt.agile;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import org.docx4j.com.microsoft.schemas.office.x2006.encryption.CTDataIntegrity;
import org.docx4j.com.microsoft.schemas.office.x2006.encryption.CTEncryption;
import org.docx4j.com.microsoft.schemas.office.x2006.encryption.CTKeyData;
import org.docx4j.com.microsoft.schemas.office.x2006.encryption.CTKeyEncryptor;
import org.docx4j.com.microsoft.schemas.office.x2006.encryption.CTKeyEncryptors;
import org.docx4j.com.microsoft.schemas.office.x2006.encryption.STCipherChaining;
import org.docx4j.com.microsoft.schemas.office.x2006.encryption.STHashAlgorithm;
import org.docx4j.com.microsoft.schemas.office.x2006.keyEncryptor.certificate.CTCertificateKeyEncryptor;
import org.docx4j.com.microsoft.schemas.office.x2006.keyEncryptor.password.CTPasswordKeyEncryptor;
import org.docx4j.jaxb.Context;
import org.docx4j.jaxb.NamespacePrefixMapperUtils;
import org.docx4j.org.apache.poi.EncryptedDocumentException;
import org.docx4j.org.apache.poi.poifs.crypt.ChunkedCipherOutputStream;
import org.docx4j.org.apache.poi.poifs.crypt.CryptoFunctions;
import org.docx4j.org.apache.poi.poifs.crypt.DataSpaceMapUtils;
import org.docx4j.org.apache.poi.poifs.crypt.EncryptionInfo;
import org.docx4j.org.apache.poi.poifs.crypt.Encryptor;
import org.docx4j.org.apache.poi.poifs.crypt.HashAlgorithm;
import org.docx4j.org.apache.poi.poifs.crypt.agile.AgileEncryptionVerifier;
import org.docx4j.org.apache.poi.poifs.crypt.standard.EncryptionRecord;
import org.docx4j.org.apache.poi.poifs.filesystem.DirectoryNode;
import org.docx4j.org.apache.poi.util.LittleEndian;
import org.docx4j.org.apache.poi.util.LittleEndianByteArrayOutputStream;

/* loaded from: input_file:org/docx4j/org/apache/poi/poifs/crypt/agile/AgileEncryptor.class */
public class AgileEncryptor extends Encryptor {
    private final AgileEncryptionInfoBuilder builder;
    private byte[] integritySalt;
    private byte[] pwHash;
    static final String HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_PASSWORD = "http://schemas.microsoft.com/office/2006/keyEncryptor/password";
    static final String HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_CERTIFICATE = "http://schemas.microsoft.com/office/2006/keyEncryptor/certificate";
    private final String passwordUri = HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_PASSWORD;
    private final String certificateUri = HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_CERTIFICATE;

    /* loaded from: input_file:org/docx4j/org/apache/poi/poifs/crypt/agile/AgileEncryptor$AgileCipherOutputStream.class */
    private class AgileCipherOutputStream extends ChunkedCipherOutputStream {
        public AgileCipherOutputStream(DirectoryNode directoryNode) throws IOException, GeneralSecurityException {
            super(directoryNode, 4096);
        }

        @Override // org.docx4j.org.apache.poi.poifs.crypt.ChunkedCipherOutputStream
        protected Cipher initCipherForBlock(Cipher cipher, int i, boolean z) throws GeneralSecurityException {
            return AgileDecryptor.initCipherForBlock(cipher, i, z, AgileEncryptor.this.builder, AgileEncryptor.this.getSecretKey(), 1);
        }

        @Override // org.docx4j.org.apache.poi.poifs.crypt.ChunkedCipherOutputStream
        protected void calculateChecksum(File file, int i) throws GeneralSecurityException, IOException {
            AgileEncryptor.this.updateIntegrityHMAC(file, i);
        }

        @Override // org.docx4j.org.apache.poi.poifs.crypt.ChunkedCipherOutputStream
        protected void createEncryptionInfoEntry(DirectoryNode directoryNode, File file) throws IOException, GeneralSecurityException {
            AgileEncryptor.this.createEncryptionInfoEntry(directoryNode, file);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AgileEncryptor(AgileEncryptionInfoBuilder agileEncryptionInfoBuilder) {
        this.builder = agileEncryptionInfoBuilder;
    }

    @Override // org.docx4j.org.apache.poi.poifs.crypt.Encryptor
    public void confirmPassword(String str) {
        SecureRandom secureRandom = new SecureRandom();
        int blockSize = this.builder.getHeader().getBlockSize();
        int keySize = this.builder.getHeader().getKeySize() / 8;
        byte[] bArr = new byte[blockSize];
        byte[] bArr2 = new byte[blockSize];
        byte[] bArr3 = new byte[blockSize];
        byte[] bArr4 = new byte[keySize];
        byte[] bArr5 = new byte[this.builder.getHeader().getHashAlgorithmEx().hashSize];
        secureRandom.nextBytes(bArr);
        secureRandom.nextBytes(bArr2);
        secureRandom.nextBytes(bArr3);
        secureRandom.nextBytes(bArr4);
        secureRandom.nextBytes(bArr5);
        confirmPassword(str, bArr4, bArr3, bArr, bArr2, bArr5);
    }

    @Override // org.docx4j.org.apache.poi.poifs.crypt.Encryptor
    public void confirmPassword(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        AgileEncryptionVerifier verifier = this.builder.getVerifier();
        verifier.setSalt(bArr4);
        AgileEncryptionHeader header = this.builder.getHeader();
        header.setKeySalt(bArr2);
        HashAlgorithm hashAlgorithm = verifier.getHashAlgorithm();
        int blockSize = header.getBlockSize();
        this.pwHash = CryptoFunctions.hashPassword(str, hashAlgorithm, bArr4, verifier.getSpinCount());
        verifier.setEncryptedVerifier(AgileDecryptor.hashInput(this.builder, this.pwHash, AgileDecryptor.kVerifierInputBlock, bArr3, 1));
        verifier.setEncryptedVerifierHash(AgileDecryptor.hashInput(this.builder, this.pwHash, AgileDecryptor.kHashedVerifierBlock, CryptoFunctions.getMessageDigest(hashAlgorithm).digest(bArr3), 1));
        verifier.setEncryptedKey(AgileDecryptor.hashInput(this.builder, this.pwHash, AgileDecryptor.kCryptoKeyBlock, bArr, 1));
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, verifier.getCipherAlgorithm().jceId);
        setSecretKey(secretKeySpec);
        this.integritySalt = bArr5;
        try {
            header.setEncryptedHmacKey(CryptoFunctions.getCipher(secretKeySpec, verifier.getCipherAlgorithm(), verifier.getChainingMode(), CryptoFunctions.generateIv(hashAlgorithm, header.getKeySalt(), AgileDecryptor.kIntegrityKeyBlock, header.getBlockSize()), 1).doFinal(CryptoFunctions.getBlock0(bArr5, AgileDecryptor.getNextBlockSize(bArr5.length, blockSize))));
            Cipher cipher = Cipher.getInstance("RSA");
            for (AgileEncryptionVerifier.AgileCertificateEntry agileCertificateEntry : verifier.getCertificates()) {
                cipher.init(1, agileCertificateEntry.x509.getPublicKey());
                agileCertificateEntry.encryptedKey = cipher.doFinal(getSecretKey().getEncoded());
                Mac mac = CryptoFunctions.getMac(hashAlgorithm);
                mac.init(getSecretKey());
                agileCertificateEntry.certVerifier = mac.doFinal(agileCertificateEntry.x509.getEncoded());
            }
        } catch (GeneralSecurityException e) {
            throw new EncryptedDocumentException(e);
        }
    }

    @Override // org.docx4j.org.apache.poi.poifs.crypt.Encryptor
    public OutputStream getDataStream(DirectoryNode directoryNode) throws IOException, GeneralSecurityException {
        return new AgileCipherOutputStream(directoryNode);
    }

    protected void updateIntegrityHMAC(File file, int i) throws GeneralSecurityException, IOException {
        HashAlgorithm hashAlgorithm = this.builder.getVerifier().getHashAlgorithm();
        Mac mac = CryptoFunctions.getMac(hashAlgorithm);
        mac.init(new SecretKeySpec(this.integritySalt, hashAlgorithm.jceHmacId));
        byte[] bArr = new byte[1024];
        LittleEndian.putLong(bArr, 0, i);
        mac.update(bArr, 0, 8);
        FileInputStream fileInputStream = new FileInputStream(file);
        while (true) {
            try {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    byte[] doFinal = mac.doFinal();
                    AgileEncryptionHeader header = this.builder.getHeader();
                    int blockSize = header.getBlockSize();
                    header.setEncryptedHmacValue(CryptoFunctions.getCipher(getSecretKey(), header.getCipherAlgorithm(), header.getChainingMode(), CryptoFunctions.generateIv(header.getHashAlgorithmEx(), header.getKeySalt(), AgileDecryptor.kIntegrityValueBlock, blockSize), 1).doFinal(CryptoFunctions.getBlock0(doFinal, AgileDecryptor.getNextBlockSize(doFinal.length, blockSize))));
                    return;
                }
                mac.update(bArr, 0, read);
            } finally {
                fileInputStream.close();
            }
        }
    }

    protected CTEncryption createEncryptionDocument() {
        AgileEncryptionVerifier verifier = this.builder.getVerifier();
        AgileEncryptionHeader header = this.builder.getHeader();
        CTEncryption cTEncryption = new CTEncryption();
        CTKeyData cTKeyData = new CTKeyData();
        cTEncryption.setKeyData(cTKeyData);
        CTKeyEncryptors cTKeyEncryptors = new CTKeyEncryptors();
        cTEncryption.setKeyEncryptors(cTKeyEncryptors);
        CTKeyEncryptor cTKeyEncryptor = new CTKeyEncryptor();
        cTKeyEncryptors.getKeyEncryptor().add(cTKeyEncryptor);
        cTKeyEncryptor.setUri(HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_PASSWORD);
        CTPasswordKeyEncryptor cTPasswordKeyEncryptor = new CTPasswordKeyEncryptor();
        cTKeyEncryptor.setEncryptedPasswordKey(cTPasswordKeyEncryptor);
        cTPasswordKeyEncryptor.setSpinCount(verifier.getSpinCount());
        cTKeyData.setSaltSize(header.getBlockSize());
        cTPasswordKeyEncryptor.setSaltSize(header.getBlockSize());
        cTKeyData.setBlockSize(header.getBlockSize());
        cTPasswordKeyEncryptor.setBlockSize(header.getBlockSize());
        cTKeyData.setKeyBits(header.getKeySize());
        cTPasswordKeyEncryptor.setKeyBits(header.getKeySize());
        HashAlgorithm hashAlgorithmEx = header.getHashAlgorithmEx();
        cTKeyData.setHashSize(hashAlgorithmEx.hashSize);
        cTPasswordKeyEncryptor.setHashSize(hashAlgorithmEx.hashSize);
        String str = header.getCipherAlgorithm().xmlId;
        if (str == null) {
            throw new EncryptedDocumentException("CipherAlgorithm " + header.getCipherAlgorithm() + " not supported.");
        }
        cTKeyData.setCipherAlgorithm(str);
        cTPasswordKeyEncryptor.setCipherAlgorithm(str);
        switch (header.getChainingMode()) {
            case cbc:
                cTKeyData.setCipherChaining(STCipherChaining.CHAINING_MODE_CBC);
                cTPasswordKeyEncryptor.setCipherChaining(STCipherChaining.CHAINING_MODE_CBC);
                break;
            case cfb:
                cTKeyData.setCipherChaining(STCipherChaining.CHAINING_MODE_CFB);
                cTPasswordKeyEncryptor.setCipherChaining(STCipherChaining.CHAINING_MODE_CFB);
                break;
            default:
                throw new EncryptedDocumentException("ChainingMode " + header.getChainingMode() + " not supported.");
        }
        STHashAlgorithm fromValue = STHashAlgorithm.fromValue(hashAlgorithmEx.ecmaString);
        if (fromValue == null) {
            throw new EncryptedDocumentException("HashAlgorithm " + hashAlgorithmEx + " not supported.");
        }
        cTKeyData.setHashAlgorithm(fromValue);
        cTPasswordKeyEncryptor.setHashAlgorithm(fromValue);
        cTKeyData.setSaltValue(header.getKeySalt());
        cTPasswordKeyEncryptor.setSaltValue(verifier.getSalt());
        cTPasswordKeyEncryptor.setEncryptedVerifierHashInput(verifier.getEncryptedVerifier());
        cTPasswordKeyEncryptor.setEncryptedVerifierHashValue(verifier.getEncryptedVerifierHash());
        cTPasswordKeyEncryptor.setEncryptedKeyValue(verifier.getEncryptedKey());
        CTDataIntegrity cTDataIntegrity = new CTDataIntegrity();
        cTEncryption.setDataIntegrity(cTDataIntegrity);
        cTDataIntegrity.setEncryptedHmacKey(header.getEncryptedHmacKey());
        cTDataIntegrity.setEncryptedHmacValue(header.getEncryptedHmacValue());
        for (AgileEncryptionVerifier.AgileCertificateEntry agileCertificateEntry : verifier.getCertificates()) {
            CTKeyEncryptor cTKeyEncryptor2 = new CTKeyEncryptor();
            cTKeyEncryptors.getKeyEncryptor().add(cTKeyEncryptor2);
            cTKeyEncryptor2.setUri(HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_CERTIFICATE);
            CTCertificateKeyEncryptor cTCertificateKeyEncryptor = new CTCertificateKeyEncryptor();
            cTKeyEncryptor2.setEncryptedCertificateKey(cTCertificateKeyEncryptor);
            try {
                cTCertificateKeyEncryptor.setX509Certificate(agileCertificateEntry.x509.getEncoded());
                cTCertificateKeyEncryptor.setEncryptedKeyValue(agileCertificateEntry.encryptedKey);
                cTCertificateKeyEncryptor.setCertVerifier(agileCertificateEntry.certVerifier);
            } catch (CertificateEncodingException e) {
                throw new EncryptedDocumentException(e);
            }
        }
        return cTEncryption;
    }

    protected void marshallEncryptionDocument(CTEncryption cTEncryption, LittleEndianByteArrayOutputStream littleEndianByteArrayOutputStream) {
        try {
            Marshaller createMarshaller = Context.jcEncryption.createMarshaller();
            createMarshaller.setProperty("jaxb.formatted.output", false);
            NamespacePrefixMapperUtils.setProperty(createMarshaller, NamespacePrefixMapperUtils.getPrefixMapper());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            createMarshaller.marshal(cTEncryption, byteArrayOutputStream);
            littleEndianByteArrayOutputStream.write(byteArrayOutputStream.toByteArray());
        } catch (JAXBException e) {
            throw new EncryptedDocumentException("error marshalling encryption info document", e);
        }
    }

    protected void createEncryptionInfoEntry(DirectoryNode directoryNode, File file) throws IOException, GeneralSecurityException {
        DataSpaceMapUtils.addDefaultDataSpace(directoryNode);
        final EncryptionInfo info = this.builder.getInfo();
        DataSpaceMapUtils.createEncryptionEntry(directoryNode, "EncryptionInfo", new EncryptionRecord() { // from class: org.docx4j.org.apache.poi.poifs.crypt.agile.AgileEncryptor.1
            @Override // org.docx4j.org.apache.poi.poifs.crypt.standard.EncryptionRecord
            public void write(LittleEndianByteArrayOutputStream littleEndianByteArrayOutputStream) {
                littleEndianByteArrayOutputStream.writeShort(info.getVersionMajor());
                littleEndianByteArrayOutputStream.writeShort(info.getVersionMinor());
                littleEndianByteArrayOutputStream.writeInt(info.getEncryptionFlags());
                AgileEncryptor.this.marshallEncryptionDocument(AgileEncryptor.this.createEncryptionDocument(), littleEndianByteArrayOutputStream);
            }
        });
    }
}
