package org.apache.poi.poifs.crypt.agile;

import com.a.a.a.d.b.d;
import com.a.a.a.d.b.h;
import com.a.a.a.d.c.b.a;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.poifs.crypt.ChainingMode;
import org.apache.poi.poifs.crypt.CipherAlgorithm;
import org.apache.poi.poifs.crypt.EncryptionVerifier;
import org.apache.poi.poifs.crypt.HashAlgorithm;

/* loaded from: classes2.dex */
public class AgileEncryptionVerifier extends EncryptionVerifier implements Cloneable {

    /* renamed from: a, reason: collision with root package name */
    private List<AgileCertificateEntry> f2944a;

    /* renamed from: b, reason: collision with root package name */
    private int f2945b;
    private int c;

    /* loaded from: classes2.dex */
    public class AgileCertificateEntry {

        /* renamed from: a, reason: collision with root package name */
        X509Certificate f2946a;

        /* renamed from: b, reason: collision with root package name */
        byte[] f2947b;
        byte[] c;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AgileEncryptionVerifier(h hVar) {
        ChainingMode chainingMode;
        this.f2944a = new ArrayList();
        this.f2945b = -1;
        this.c = -1;
        Iterator<d> it = hVar.a().c().a().iterator();
        try {
            a a2 = it.next().a();
            if (a2 == null) {
                throw new NullPointerException("encryptedKey not set");
            }
            int c = (int) a2.c();
            setCipherAlgorithm(CipherAlgorithm.fromXmlId(a2.e().toString(), c));
            setKeySize(c);
            setBlockSize(a2.b());
            int d = a2.d();
            setHashAlgorithm(HashAlgorithm.fromEcmaId(a2.g().toString()));
            if (getHashAlgorithm().hashSize != d) {
                throw new EncryptedDocumentException("Unsupported hash algorithm: " + a2.g() + " @ " + d + " bytes");
            }
            setSpinCount(a2.i());
            setEncryptedVerifier(a2.j());
            setSalt(a2.h());
            setEncryptedKey(a2.l());
            setEncryptedVerifierHash(a2.k());
            if (a2.a() != getSalt().length) {
                throw new EncryptedDocumentException("Invalid salt size");
            }
            int intValue = a2.f().intValue();
            if (intValue == 1) {
                chainingMode = ChainingMode.cbc;
            } else {
                if (intValue != 2) {
                    throw new EncryptedDocumentException("Unsupported chaining mode - " + a2.f());
                }
                chainingMode = ChainingMode.cfb;
            }
            setChainingMode(chainingMode);
            if (it.hasNext()) {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    while (it.hasNext()) {
                        com.a.a.a.d.c.a.a b2 = it.next().b();
                        AgileCertificateEntry agileCertificateEntry = new AgileCertificateEntry();
                        agileCertificateEntry.c = b2.c();
                        agileCertificateEntry.f2947b = b2.a();
                        agileCertificateEntry.f2946a = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b2.b()));
                        this.f2944a.add(agileCertificateEntry);
                    }
                } catch (GeneralSecurityException e) {
                    throw new EncryptedDocumentException("can't parse X509 certificate", e);
                }
            }
        } catch (Exception e2) {
            throw new EncryptedDocumentException("Unable to parse keyData", e2);
        }
    }

    public AgileEncryptionVerifier(String str) {
        this(AgileEncryptionInfoBuilder.parseDescriptor(str));
    }

    public AgileEncryptionVerifier(CipherAlgorithm cipherAlgorithm, HashAlgorithm hashAlgorithm, int i, int i2, ChainingMode chainingMode) {
        this.f2944a = new ArrayList();
        this.f2945b = -1;
        this.c = -1;
        setCipherAlgorithm(cipherAlgorithm);
        setHashAlgorithm(hashAlgorithm);
        setChainingMode(chainingMode);
        setKeySize(i);
        setBlockSize(i2);
        setSpinCount(100000);
    }

    public void addCertificate(X509Certificate x509Certificate) {
        AgileCertificateEntry agileCertificateEntry = new AgileCertificateEntry();
        agileCertificateEntry.f2946a = x509Certificate;
        this.f2944a.add(agileCertificateEntry);
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public AgileEncryptionVerifier clone() {
        AgileEncryptionVerifier agileEncryptionVerifier = (AgileEncryptionVerifier) super.clone();
        agileEncryptionVerifier.f2944a = new ArrayList(this.f2944a);
        return agileEncryptionVerifier;
    }

    public int getBlockSize() {
        return this.c;
    }

    public List<AgileCertificateEntry> getCertificates() {
        return this.f2944a;
    }

    public int getKeySize() {
        return this.f2945b;
    }

    protected void setBlockSize(int i) {
        this.c = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public final void setCipherAlgorithm(CipherAlgorithm cipherAlgorithm) {
        super.setCipherAlgorithm(cipherAlgorithm);
        if (cipherAlgorithm.allowedKeySize.length == 1) {
            setKeySize(cipherAlgorithm.defaultKeySize);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedKey(byte[] bArr) {
        super.setEncryptedKey(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedVerifier(byte[] bArr) {
        super.setEncryptedVerifier(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedVerifierHash(byte[] bArr) {
        super.setEncryptedVerifierHash(bArr);
    }

    protected void setKeySize(int i) {
        this.f2945b = i;
        for (int i2 : getCipherAlgorithm().allowedKeySize) {
            if (i2 == i) {
                return;
            }
        }
        throw new EncryptedDocumentException("KeySize " + i + " not allowed for cipher " + getCipherAlgorithm());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setSalt(byte[] bArr) {
        if (bArr == null || bArr.length != getCipherAlgorithm().blockSize) {
            throw new EncryptedDocumentException("invalid verifier salt");
        }
        super.setSalt(bArr);
    }
}
