package org.apache.poi.poifs.crypt.agile;

import g.m.a.a.d.b.d;
import g.m.a.a.d.b.f;
import g.m.a.a.d.c.b.a;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.poifs.crypt.ChainingMode;
import org.apache.poi.poifs.crypt.CipherAlgorithm;
import org.apache.poi.poifs.crypt.EncryptionVerifier;
import org.apache.poi.poifs.crypt.HashAlgorithm;

/* loaded from: classes3.dex */
public class AgileEncryptionVerifier extends EncryptionVerifier implements Cloneable {
    private int blockSize;
    private List<AgileCertificateEntry> certList;
    private int keyBits;

    /* loaded from: classes3.dex */
    public static class AgileCertificateEntry {
        public byte[] certVerifier;
        public byte[] encryptedKey;
        public X509Certificate x509;
    }

    public AgileEncryptionVerifier(f fVar) {
        this.certList = new ArrayList();
        this.keyBits = -1;
        this.blockSize = -1;
        Iterator<d> it2 = fVar.QD().pF().Yw().iterator();
        try {
            a Iq = it2.next().Iq();
            if (Iq == null) {
                throw new NullPointerException("encryptedKey not set");
            }
            int u3 = (int) Iq.u3();
            setCipherAlgorithm(CipherAlgorithm.fromXmlId(Iq.m6().a, u3));
            setKeySize(u3);
            setBlockSize(Iq.W2());
            int g5 = Iq.g5();
            setHashAlgorithm(HashAlgorithm.fromEcmaId(Iq.x1().a));
            if (getHashAlgorithm().hashSize != g5) {
                StringBuilder z = g.c.a.a.a.z("Unsupported hash algorithm: ");
                z.append(Iq.x1());
                z.append(" @ ");
                z.append(g5);
                z.append(" bytes");
                throw new EncryptedDocumentException(z.toString());
            }
            setSpinCount(Iq.Py());
            setEncryptedVerifier(Iq.hr());
            setSalt(Iq.P4());
            setEncryptedKey(Iq.H3());
            setEncryptedVerifierHash(Iq.cE());
            if (Iq.w3() != getSalt().length) {
                throw new EncryptedDocumentException("Invalid salt size");
            }
            int i2 = Iq.B5().b;
            if (i2 == 1) {
                setChainingMode(ChainingMode.cbc);
            } else {
                if (i2 != 2) {
                    StringBuilder z2 = g.c.a.a.a.z("Unsupported chaining mode - ");
                    z2.append(Iq.B5());
                    throw new EncryptedDocumentException(z2.toString());
                }
                setChainingMode(ChainingMode.cfb);
            }
            if (it2.hasNext()) {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    while (it2.hasNext()) {
                        g.m.a.a.d.c.a.a zD = it2.next().zD();
                        AgileCertificateEntry agileCertificateEntry = new AgileCertificateEntry();
                        agileCertificateEntry.certVerifier = zD.w9();
                        agileCertificateEntry.encryptedKey = zD.H3();
                        agileCertificateEntry.x509 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(zD.oe()));
                        this.certList.add(agileCertificateEntry);
                    }
                } catch (GeneralSecurityException e2) {
                    throw new EncryptedDocumentException("can't parse X509 certificate", e2);
                }
            }
        } catch (Exception e3) {
            throw new EncryptedDocumentException("Unable to parse keyData", e3);
        }
    }

    public AgileEncryptionVerifier(String str) {
        this(AgileEncryptionInfoBuilder.parseDescriptor(str));
    }

    public AgileEncryptionVerifier(CipherAlgorithm cipherAlgorithm, HashAlgorithm hashAlgorithm, int i2, int i3, ChainingMode chainingMode) {
        this.certList = new ArrayList();
        this.keyBits = -1;
        this.blockSize = -1;
        setCipherAlgorithm(cipherAlgorithm);
        setHashAlgorithm(hashAlgorithm);
        setChainingMode(chainingMode);
        setKeySize(i2);
        setBlockSize(i3);
        setSpinCount(100000);
    }

    public void addCertificate(X509Certificate x509Certificate) {
        AgileCertificateEntry agileCertificateEntry = new AgileCertificateEntry();
        agileCertificateEntry.x509 = x509Certificate;
        this.certList.add(agileCertificateEntry);
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public AgileEncryptionVerifier clone() throws CloneNotSupportedException {
        AgileEncryptionVerifier agileEncryptionVerifier = (AgileEncryptionVerifier) super.clone();
        agileEncryptionVerifier.certList = new ArrayList(this.certList);
        return agileEncryptionVerifier;
    }

    public int getBlockSize() {
        return this.blockSize;
    }

    public List<AgileCertificateEntry> getCertificates() {
        return this.certList;
    }

    public int getKeySize() {
        return this.keyBits;
    }

    public void setBlockSize(int i2) {
        this.blockSize = i2;
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public final void setCipherAlgorithm(CipherAlgorithm cipherAlgorithm) {
        super.setCipherAlgorithm(cipherAlgorithm);
        if (cipherAlgorithm.allowedKeySize.length == 1) {
            setKeySize(cipherAlgorithm.defaultKeySize);
        }
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedKey(byte[] bArr) {
        super.setEncryptedKey(bArr);
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedVerifier(byte[] bArr) {
        super.setEncryptedVerifier(bArr);
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedVerifierHash(byte[] bArr) {
        super.setEncryptedVerifierHash(bArr);
    }

    public void setKeySize(int i2) {
        this.keyBits = i2;
        for (int i3 : getCipherAlgorithm().allowedKeySize) {
            if (i3 == i2) {
                return;
            }
        }
        StringBuilder A = g.c.a.a.a.A("KeySize ", i2, " not allowed for cipher ");
        A.append(getCipherAlgorithm());
        throw new EncryptedDocumentException(A.toString());
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setSalt(byte[] bArr) {
        if (bArr == null || bArr.length != getCipherAlgorithm().blockSize) {
            throw new EncryptedDocumentException("invalid verifier salt");
        }
        super.setSalt(bArr);
    }
}
