package org.apache.poi.poifs.crypt.agile;

import c.f.a.a.a.a.d;
import c.f.a.a.a.a.f;
import c.f.a.a.a.b.b.a;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.poifs.crypt.ChainingMode;
import org.apache.poi.poifs.crypt.CipherAlgorithm;
import org.apache.poi.poifs.crypt.EncryptionVerifier;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.xmlbeans.XmlBeans;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlOptions;

/* loaded from: classes.dex */
public class AgileEncryptionVerifier extends EncryptionVerifier {
    public List certList = new ArrayList();

    /* loaded from: classes.dex */
    public static class AgileCertificateEntry {
        public byte[] certVerifier;
        public byte[] encryptedKey;
        public X509Certificate x509;
    }

    public AgileEncryptionVerifier(String str) {
        ChainingMode chainingMode;
        try {
            Iterator it = ((f) XmlBeans.getContextTypeLoader().parse(str, f.f3505d, (XmlOptions) null)).Yi().jk().Sb().iterator();
            try {
                a H5 = ((d) it.next()).H5();
                if (H5 == null) {
                    throw new NullPointerException("encryptedKey not set");
                }
                setCipherAlgorithm(CipherAlgorithm.fromXmlId(H5.u3().toString(), (int) H5.t3()));
                int c2 = H5.c2();
                setHashAlgorithm(HashAlgorithm.fromEcmaId(H5.J0().toString()));
                if (getHashAlgorithm().hashSize != c2) {
                    StringBuilder b2 = c.a.a.a.a.b("Unsupported hash algorithm: ");
                    b2.append(H5.J0());
                    b2.append(" @ ");
                    b2.append(c2);
                    b2.append(" bytes");
                    throw new EncryptedDocumentException(b2.toString());
                }
                setSpinCount(H5.Gd());
                setEncryptedVerifier(H5.m6());
                setSalt(H5.y1());
                setEncryptedKey(H5.L3());
                setEncryptedVerifierHash(H5.ij());
                if (H5.v3() != getSalt().length) {
                    throw new EncryptedDocumentException("Invalid salt size");
                }
                int intValue = H5.A2().intValue();
                if (intValue == 1) {
                    chainingMode = ChainingMode.cbc;
                } else {
                    if (intValue != 2) {
                        StringBuilder b3 = c.a.a.a.a.b("Unsupported chaining mode - ");
                        b3.append(H5.A2().toString());
                        throw new EncryptedDocumentException(b3.toString());
                    }
                    chainingMode = ChainingMode.cfb;
                }
                setChainingMode(chainingMode);
                if (it.hasNext()) {
                    try {
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                        while (it.hasNext()) {
                            c.f.a.a.a.b.a.a Hi = ((d) it.next()).Hi();
                            AgileCertificateEntry agileCertificateEntry = new AgileCertificateEntry();
                            agileCertificateEntry.certVerifier = Hi.K6();
                            agileCertificateEntry.encryptedKey = Hi.L3();
                            agileCertificateEntry.x509 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Hi.qb()));
                            this.certList.add(agileCertificateEntry);
                        }
                    } catch (GeneralSecurityException e2) {
                        throw new EncryptedDocumentException("can't parse X509 certificate", e2);
                    }
                }
            } catch (Exception e3) {
                throw new EncryptedDocumentException("Unable to parse keyData", e3);
            }
        } catch (XmlException e4) {
            throw new EncryptedDocumentException("Unable to parse encryption descriptor", e4);
        }
    }

    public AgileEncryptionVerifier(CipherAlgorithm cipherAlgorithm, HashAlgorithm hashAlgorithm, int i2, int i3, ChainingMode chainingMode) {
        setCipherAlgorithm(cipherAlgorithm);
        setHashAlgorithm(hashAlgorithm);
        setChainingMode(chainingMode);
        setSpinCount(100000);
    }

    public void addCertificate(X509Certificate x509Certificate) {
        AgileCertificateEntry agileCertificateEntry = new AgileCertificateEntry();
        agileCertificateEntry.x509 = x509Certificate;
        this.certList.add(agileCertificateEntry);
    }

    public List getCertificates() {
        return this.certList;
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedKey(byte[] bArr) {
        super.setEncryptedKey(bArr);
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedVerifier(byte[] bArr) {
        super.setEncryptedVerifier(bArr);
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setEncryptedVerifierHash(byte[] bArr) {
        super.setEncryptedVerifierHash(bArr);
    }

    @Override // org.apache.poi.poifs.crypt.EncryptionVerifier
    public void setSalt(byte[] bArr) {
        if (bArr == null || bArr.length != getCipherAlgorithm().blockSize) {
            throw new EncryptedDocumentException("invalid verifier salt");
        }
        super.setSalt(bArr);
    }
}
