package org.apache.poi.poifs.crypt.agile;

import com.microsoft.schemas.office.x2006.encryption.CTDataIntegrity;
import com.microsoft.schemas.office.x2006.encryption.CTEncryption;
import com.microsoft.schemas.office.x2006.encryption.CTKeyData;
import com.microsoft.schemas.office.x2006.encryption.CTKeyEncryptor;
import com.microsoft.schemas.office.x2006.encryption.CTKeyEncryptors;
import com.microsoft.schemas.office.x2006.encryption.EncryptionDocument;
import com.microsoft.schemas.office.x2006.encryption.STCipherAlgorithm;
import com.microsoft.schemas.office.x2006.encryption.STCipherChaining;
import com.microsoft.schemas.office.x2006.encryption.STHashAlgorithm;
import com.microsoft.schemas.office.x2006.keyEncryptor.certificate.CTCertificateKeyEncryptor;
import com.microsoft.schemas.office.x2006.keyEncryptor.password.CTPasswordKeyEncryptor;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.util.HashMap;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.poifs.crypt.CipherAlgorithm;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.DataSpaceMapUtils;
import org.apache.poi.poifs.crypt.EncryptionInfo;
import org.apache.poi.poifs.crypt.Encryptor;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.agile.AgileEncryptionVerifier;
import org.apache.poi.poifs.filesystem.DirectoryNode;
import org.apache.poi.poifs.filesystem.POIFSWriterEvent;
import org.apache.poi.poifs.filesystem.POIFSWriterListener;
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianByteArrayOutputStream;
import org.apache.poi.util.LittleEndianOutputStream;
import org.apache.poi.util.TempFile;
import org.apache.xmlbeans.XmlOptions;
import org.drools.core.util.codec.CharEncoding;

/* loaded from: input_file:lib/poi-ooxml.jar:org/apache/poi/poifs/crypt/agile/AgileEncryptor.class */
public class AgileEncryptor extends Encryptor {
    private final AgileEncryptionInfoBuilder builder;
    private byte[] integritySalt;
    private Mac integrityMD;
    private byte[] pwHash;

    /* loaded from: input_file:lib/poi-ooxml.jar:org/apache/poi/poifs/crypt/agile/AgileEncryptor$ChunkedCipherOutputStream.class */
    private class ChunkedCipherOutputStream extends FilterOutputStream implements POIFSWriterListener {
        private long _pos;
        private final byte[] _chunk;
        private Cipher _cipher;
        private final File fileOut;
        protected final DirectoryNode dir;

        public ChunkedCipherOutputStream(DirectoryNode directoryNode) throws IOException {
            super(null);
            this._pos = 0L;
            this._chunk = new byte[4096];
            this.fileOut = TempFile.createTempFile("encrypted_package", "crypt");
            this.out = new FileOutputStream(this.fileOut);
            this.dir = directoryNode;
            AgileEncryptionHeader header = AgileEncryptor.this.builder.getHeader();
            this._cipher = CryptoFunctions.getCipher(AgileEncryptor.this.getSecretKey(), header.getCipherAlgorithm(), header.getChainingMode(), null, 1);
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(int i) throws IOException {
            write(new byte[]{(byte) i});
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            write(bArr, 0, bArr.length);
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            if (i2 == 0) {
                return;
            }
            if (i2 < 0 || bArr.length < i + i2) {
                throw new IOException("not enough bytes in your input buffer");
            }
            while (i2 > 0) {
                int i3 = (int) (this._pos & 4095);
                int min = Math.min(4096 - i3, i2);
                System.arraycopy(bArr, i, this._chunk, i3, min);
                this._pos += min;
                i += min;
                i2 -= min;
                if ((this._pos & 4095) == 0) {
                    writeChunk();
                }
            }
        }

        private void writeChunk() throws IOException {
            AgileEncryptionHeader header = AgileEncryptor.this.builder.getHeader();
            int blockSize = header.getBlockSize();
            int i = (int) (this._pos & 4095);
            int i2 = (int) (this._pos >> 12);
            if (i == 0) {
                i2--;
                i = 4096;
            } else {
                this._cipher = CryptoFunctions.getCipher(AgileEncryptor.this.getSecretKey(), header.getCipherAlgorithm(), header.getChainingMode(), null, 1, "PKCS5Padding");
            }
            byte[] bArr = new byte[4];
            LittleEndian.putInt(bArr, 0, i2);
            byte[] generateIv = CryptoFunctions.generateIv(header.getHashAlgorithmEx(), header.getKeySalt(), bArr, blockSize);
            try {
                this._cipher.init(1, AgileEncryptor.this.getSecretKey(), header.getCipherAlgorithm() == CipherAlgorithm.rc2 ? new RC2ParameterSpec(AgileEncryptor.this.getSecretKey().getEncoded().length * 8, generateIv) : new IvParameterSpec(generateIv));
                this.out.write(this._chunk, 0, this._cipher.doFinal(this._chunk, 0, i, this._chunk));
            } catch (GeneralSecurityException e) {
                throw ((IOException) new IOException().initCause(e));
            }
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            writeChunk();
            super.close();
            writeToPOIFS();
        }

        void writeToPOIFS() throws IOException {
            DataSpaceMapUtils.addDefaultDataSpace(this.dir);
            byte[] bArr = new byte[4096];
            LittleEndian.putLong(bArr, 0, this._pos);
            AgileEncryptor.this.integrityMD.update(bArr, 0, 8);
            FileInputStream fileInputStream = new FileInputStream(this.fileOut);
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    fileInputStream.close();
                    AgileEncryptionHeader header = AgileEncryptor.this.builder.getHeader();
                    int blockSize = header.getBlockSize();
                    byte[] doFinal = AgileEncryptor.this.integrityMD.doFinal();
                    try {
                        header.setEncryptedHmacValue(CryptoFunctions.getCipher(AgileEncryptor.this.getSecretKey(), header.getCipherAlgorithm(), header.getChainingMode(), CryptoFunctions.generateIv(header.getHashAlgorithmEx(), header.getKeySalt(), AgileDecryptor.kIntegrityValueBlock, header.getBlockSize()), 1).doFinal(CryptoFunctions.getBlock0(doFinal, AgileDecryptor.getNextBlockSize(doFinal.length, blockSize))));
                        AgileEncryptor.this.createEncryptionInfoEntry(this.dir);
                        this.dir.createDocument("EncryptedPackage", (int) (this.fileOut.length() + 8), this);
                        return;
                    } catch (GeneralSecurityException e) {
                        throw new EncryptedDocumentException(e);
                    }
                }
                AgileEncryptor.this.integrityMD.update(bArr, 0, read);
            }
        }

        @Override // org.apache.poi.poifs.filesystem.POIFSWriterListener
        public void processPOIFSWriterEvent(POIFSWriterEvent pOIFSWriterEvent) {
            try {
                LittleEndianOutputStream littleEndianOutputStream = new LittleEndianOutputStream(pOIFSWriterEvent.getStream());
                littleEndianOutputStream.writeLong(this._pos);
                FileInputStream fileInputStream = new FileInputStream(this.fileOut);
                IOUtils.copy(fileInputStream, littleEndianOutputStream);
                fileInputStream.close();
                this.fileOut.delete();
                littleEndianOutputStream.close();
            } catch (IOException e) {
                throw new EncryptedDocumentException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AgileEncryptor(AgileEncryptionInfoBuilder agileEncryptionInfoBuilder) {
        this.builder = agileEncryptionInfoBuilder;
    }

    @Override // org.apache.poi.poifs.crypt.Encryptor
    public void confirmPassword(String str) {
        SecureRandom secureRandom = new SecureRandom();
        int blockSize = this.builder.getHeader().getBlockSize();
        int keySize = this.builder.getHeader().getKeySize() / 8;
        byte[] bArr = new byte[blockSize];
        byte[] bArr2 = new byte[blockSize];
        byte[] bArr3 = new byte[blockSize];
        byte[] bArr4 = new byte[keySize];
        byte[] bArr5 = new byte[this.builder.getHeader().getHashAlgorithmEx().hashSize];
        secureRandom.nextBytes(bArr);
        secureRandom.nextBytes(bArr2);
        secureRandom.nextBytes(bArr3);
        secureRandom.nextBytes(bArr4);
        secureRandom.nextBytes(bArr5);
        confirmPassword(str, bArr4, bArr3, bArr, bArr2, bArr5);
    }

    @Override // org.apache.poi.poifs.crypt.Encryptor
    public void confirmPassword(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        AgileEncryptionVerifier verifier = this.builder.getVerifier();
        verifier.setSalt(bArr4);
        AgileEncryptionHeader header = this.builder.getHeader();
        header.setKeySalt(bArr2);
        HashAlgorithm hashAlgorithm = verifier.getHashAlgorithm();
        int blockSize = header.getBlockSize();
        this.pwHash = CryptoFunctions.hashPassword(str, hashAlgorithm, bArr4, verifier.getSpinCount());
        verifier.setEncryptedVerifier(AgileDecryptor.hashInput(this.builder, this.pwHash, AgileDecryptor.kVerifierInputBlock, bArr3, 1));
        verifier.setEncryptedVerifierHash(AgileDecryptor.hashInput(this.builder, this.pwHash, AgileDecryptor.kHashedVerifierBlock, CryptoFunctions.getMessageDigest(hashAlgorithm).digest(bArr3), 1));
        verifier.setEncryptedKey(AgileDecryptor.hashInput(this.builder, this.pwHash, AgileDecryptor.kCryptoKeyBlock, bArr, 1));
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, verifier.getCipherAlgorithm().jceId);
        setSecretKey(secretKeySpec);
        this.integritySalt = bArr5;
        try {
            header.setEncryptedHmacKey(CryptoFunctions.getCipher(secretKeySpec, verifier.getCipherAlgorithm(), verifier.getChainingMode(), CryptoFunctions.generateIv(hashAlgorithm, header.getKeySalt(), AgileDecryptor.kIntegrityKeyBlock, header.getBlockSize()), 1).doFinal(CryptoFunctions.getBlock0(bArr5, AgileDecryptor.getNextBlockSize(bArr5.length, blockSize))));
            this.integrityMD = CryptoFunctions.getMac(hashAlgorithm);
            this.integrityMD.init(new SecretKeySpec(bArr5, hashAlgorithm.jceHmacId));
            Cipher cipher = Cipher.getInstance("RSA");
            for (AgileEncryptionVerifier.AgileCertificateEntry agileCertificateEntry : verifier.getCertificates()) {
                cipher.init(1, agileCertificateEntry.x509.getPublicKey());
                agileCertificateEntry.encryptedKey = cipher.doFinal(getSecretKey().getEncoded());
                Mac mac = CryptoFunctions.getMac(hashAlgorithm);
                mac.init(getSecretKey());
                agileCertificateEntry.certVerifier = mac.doFinal(agileCertificateEntry.x509.getEncoded());
            }
        } catch (GeneralSecurityException e) {
            throw new EncryptedDocumentException(e);
        }
    }

    @Override // org.apache.poi.poifs.crypt.Encryptor
    public OutputStream getDataStream(DirectoryNode directoryNode) throws IOException, GeneralSecurityException {
        return new ChunkedCipherOutputStream(directoryNode);
    }

    protected void createEncryptionInfoEntry(DirectoryNode directoryNode) throws IOException {
        AgileEncryptionVerifier verifier = this.builder.getVerifier();
        AgileEncryptionHeader header = this.builder.getHeader();
        EncryptionDocument newInstance = EncryptionDocument.Factory.newInstance();
        CTEncryption addNewEncryption = newInstance.addNewEncryption();
        CTKeyData addNewKeyData = addNewEncryption.addNewKeyData();
        CTKeyEncryptors addNewKeyEncryptors = addNewEncryption.addNewKeyEncryptors();
        CTKeyEncryptor addNewKeyEncryptor = addNewKeyEncryptors.addNewKeyEncryptor();
        addNewKeyEncryptor.setUri(CTKeyEncryptor.Uri.HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_PASSWORD);
        CTPasswordKeyEncryptor addNewEncryptedPasswordKey = addNewKeyEncryptor.addNewEncryptedPasswordKey();
        addNewEncryptedPasswordKey.setSpinCount(verifier.getSpinCount());
        addNewKeyData.setSaltSize(header.getBlockSize());
        addNewEncryptedPasswordKey.setSaltSize(header.getBlockSize());
        addNewKeyData.setBlockSize(header.getBlockSize());
        addNewEncryptedPasswordKey.setBlockSize(header.getBlockSize());
        addNewKeyData.setKeyBits(header.getKeySize());
        addNewEncryptedPasswordKey.setKeyBits(header.getKeySize());
        HashAlgorithm hashAlgorithmEx = header.getHashAlgorithmEx();
        addNewKeyData.setHashSize(hashAlgorithmEx.hashSize);
        addNewEncryptedPasswordKey.setHashSize(hashAlgorithmEx.hashSize);
        STCipherAlgorithm.Enum forString = STCipherAlgorithm.Enum.forString(header.getCipherAlgorithm().xmlId);
        if (forString == null) {
            throw new EncryptedDocumentException("CipherAlgorithm " + header.getCipherAlgorithm() + " not supported.");
        }
        addNewKeyData.setCipherAlgorithm(forString);
        addNewEncryptedPasswordKey.setCipherAlgorithm(forString);
        switch (header.getChainingMode()) {
            case cbc:
                addNewKeyData.setCipherChaining(STCipherChaining.CHAINING_MODE_CBC);
                addNewEncryptedPasswordKey.setCipherChaining(STCipherChaining.CHAINING_MODE_CBC);
                break;
            case cfb:
                addNewKeyData.setCipherChaining(STCipherChaining.CHAINING_MODE_CFB);
                addNewEncryptedPasswordKey.setCipherChaining(STCipherChaining.CHAINING_MODE_CFB);
                break;
            default:
                throw new EncryptedDocumentException("ChainingMode " + header.getChainingMode() + " not supported.");
        }
        STHashAlgorithm.Enum forString2 = STHashAlgorithm.Enum.forString(hashAlgorithmEx.ecmaString);
        if (forString2 == null) {
            throw new EncryptedDocumentException("HashAlgorithm " + hashAlgorithmEx + " not supported.");
        }
        addNewKeyData.setHashAlgorithm(forString2);
        addNewEncryptedPasswordKey.setHashAlgorithm(forString2);
        addNewKeyData.setSaltValue(header.getKeySalt());
        addNewEncryptedPasswordKey.setSaltValue(verifier.getSalt());
        addNewEncryptedPasswordKey.setEncryptedVerifierHashInput(verifier.getEncryptedVerifier());
        addNewEncryptedPasswordKey.setEncryptedVerifierHashValue(verifier.getEncryptedVerifierHash());
        addNewEncryptedPasswordKey.setEncryptedKeyValue(verifier.getEncryptedKey());
        CTDataIntegrity addNewDataIntegrity = addNewEncryption.addNewDataIntegrity();
        addNewDataIntegrity.setEncryptedHmacKey(header.getEncryptedHmacKey());
        addNewDataIntegrity.setEncryptedHmacValue(header.getEncryptedHmacValue());
        for (AgileEncryptionVerifier.AgileCertificateEntry agileCertificateEntry : verifier.getCertificates()) {
            CTKeyEncryptor addNewKeyEncryptor2 = addNewKeyEncryptors.addNewKeyEncryptor();
            addNewKeyEncryptor2.setUri(CTKeyEncryptor.Uri.HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_CERTIFICATE);
            CTCertificateKeyEncryptor addNewEncryptedCertificateKey = addNewKeyEncryptor2.addNewEncryptedCertificateKey();
            try {
                addNewEncryptedCertificateKey.setX509Certificate(agileCertificateEntry.x509.getEncoded());
                addNewEncryptedCertificateKey.setEncryptedKeyValue(agileCertificateEntry.encryptedKey);
                addNewEncryptedCertificateKey.setCertVerifier(agileCertificateEntry.certVerifier);
            } catch (CertificateEncodingException e) {
                throw new EncryptedDocumentException(e);
            }
        }
        XmlOptions xmlOptions = new XmlOptions();
        xmlOptions.setCharacterEncoding(CharEncoding.UTF_8);
        HashMap hashMap = new HashMap();
        hashMap.put("http://schemas.microsoft.com/office/2006/keyEncryptor/password", "p");
        hashMap.put("http://schemas.microsoft.com/office/2006/keyEncryptor/certificate", "c");
        hashMap.put("http://schemas.microsoft.com/office/2006/encryption", "");
        xmlOptions.setSaveSuggestedPrefixes(hashMap);
        xmlOptions.setSaveNamespacesFirst();
        xmlOptions.setSaveAggressiveNamespaces();
        xmlOptions.setSaveNoXmlDecl();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n".getBytes(CharEncoding.UTF_8));
        newInstance.save(byteArrayOutputStream, xmlOptions);
        final byte[] bArr = new byte[5000];
        LittleEndianByteArrayOutputStream littleEndianByteArrayOutputStream = new LittleEndianByteArrayOutputStream(bArr, 0);
        EncryptionInfo info = this.builder.getInfo();
        littleEndianByteArrayOutputStream.writeShort(info.getVersionMajor());
        littleEndianByteArrayOutputStream.writeShort(info.getVersionMinor());
        littleEndianByteArrayOutputStream.writeInt(64);
        littleEndianByteArrayOutputStream.write(byteArrayOutputStream.toByteArray());
        directoryNode.createDocument("EncryptionInfo", littleEndianByteArrayOutputStream.getWriteIndex(), new POIFSWriterListener() { // from class: org.apache.poi.poifs.crypt.agile.AgileEncryptor.1
            @Override // org.apache.poi.poifs.filesystem.POIFSWriterListener
            public void processPOIFSWriterEvent(POIFSWriterEvent pOIFSWriterEvent) {
                try {
                    pOIFSWriterEvent.getStream().write(bArr, 0, pOIFSWriterEvent.getLimit());
                } catch (IOException e2) {
                    throw new EncryptedDocumentException(e2);
                }
            }
        });
    }
}
