package org.apache.poi.poifs.crypt.agile;

import com.microsoft.schemas.office.x2006.encryption.CTDataIntegrity;
import com.microsoft.schemas.office.x2006.encryption.CTEncryption;
import com.microsoft.schemas.office.x2006.encryption.CTKeyData;
import com.microsoft.schemas.office.x2006.encryption.CTKeyEncryptor;
import com.microsoft.schemas.office.x2006.encryption.CTKeyEncryptors;
import com.microsoft.schemas.office.x2006.encryption.EncryptionDocument;
import com.microsoft.schemas.office.x2006.encryption.STCipherAlgorithm;
import com.microsoft.schemas.office.x2006.encryption.STCipherChaining;
import com.microsoft.schemas.office.x2006.encryption.STHashAlgorithm;
import com.microsoft.schemas.office.x2006.keyEncryptor.certificate.CTCertificateKeyEncryptor;
import com.microsoft.schemas.office.x2006.keyEncryptor.password.CTPasswordKeyEncryptor;
import com.odianyun.mq.common.inner.dao.impl.mongodb.MessageDAOImpl;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.poifs.crypt.ChunkedCipherOutputStream;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.DataSpaceMapUtils;
import org.apache.poi.poifs.crypt.EncryptionInfo;
import org.apache.poi.poifs.crypt.Encryptor;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.agile.AgileEncryptionVerifier;
import org.apache.poi.poifs.crypt.standard.EncryptionRecord;
import org.apache.poi.poifs.filesystem.DirectoryNode;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianByteArrayOutputStream;
import org.apache.xmlbeans.XmlOptions;

/* loaded from: input_file:BOOT-INF/lib/poi-ooxml-3.17.jar:org/apache/poi/poifs/crypt/agile/AgileEncryptor.class */
public class AgileEncryptor extends Encryptor implements Cloneable {
    private byte[] integritySalt;
    private byte[] pwHash;
    private final CTKeyEncryptor.Uri.Enum passwordUri = CTKeyEncryptor.Uri.HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_PASSWORD;
    private final CTKeyEncryptor.Uri.Enum certificateUri = CTKeyEncryptor.Uri.HTTP_SCHEMAS_MICROSOFT_COM_OFFICE_2006_KEY_ENCRYPTOR_CERTIFICATE;

    /* loaded from: input_file:BOOT-INF/lib/poi-ooxml-3.17.jar:org/apache/poi/poifs/crypt/agile/AgileEncryptor$AgileCipherOutputStream.class */
    private class AgileCipherOutputStream extends ChunkedCipherOutputStream {
        public AgileCipherOutputStream(DirectoryNode directoryNode) throws IOException, GeneralSecurityException {
            super(directoryNode, 4096);
        }

        @Override // org.apache.poi.poifs.crypt.ChunkedCipherOutputStream
        protected Cipher initCipherForBlock(Cipher cipher, int i, boolean z) throws GeneralSecurityException {
            return AgileDecryptor.initCipherForBlock(cipher, i, z, AgileEncryptor.this.getEncryptionInfo(), AgileEncryptor.this.getSecretKey(), 1);
        }

        @Override // org.apache.poi.poifs.crypt.ChunkedCipherOutputStream
        protected void calculateChecksum(File file, int i) throws GeneralSecurityException, IOException {
            AgileEncryptor.this.updateIntegrityHMAC(file, i);
        }

        @Override // org.apache.poi.poifs.crypt.ChunkedCipherOutputStream
        protected void createEncryptionInfoEntry(DirectoryNode directoryNode, File file) throws IOException, GeneralSecurityException {
            AgileEncryptor.this.createEncryptionInfoEntry(directoryNode, file);
        }
    }

    @Override // org.apache.poi.poifs.crypt.Encryptor
    public void confirmPassword(String str) {
        SecureRandom secureRandom = new SecureRandom();
        AgileEncryptionHeader agileEncryptionHeader = (AgileEncryptionHeader) getEncryptionInfo().getHeader();
        int blockSize = agileEncryptionHeader.getBlockSize();
        int keySize = agileEncryptionHeader.getKeySize() / 8;
        int i = agileEncryptionHeader.getHashAlgorithm().hashSize;
        byte[] bArr = new byte[blockSize];
        byte[] bArr2 = new byte[blockSize];
        byte[] bArr3 = new byte[blockSize];
        byte[] bArr4 = new byte[keySize];
        byte[] bArr5 = new byte[i];
        secureRandom.nextBytes(bArr);
        secureRandom.nextBytes(bArr2);
        secureRandom.nextBytes(bArr3);
        secureRandom.nextBytes(bArr4);
        secureRandom.nextBytes(bArr5);
        confirmPassword(str, bArr4, bArr3, bArr, bArr2, bArr5);
    }

    @Override // org.apache.poi.poifs.crypt.Encryptor
    public void confirmPassword(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        AgileEncryptionVerifier agileEncryptionVerifier = (AgileEncryptionVerifier) getEncryptionInfo().getVerifier();
        AgileEncryptionHeader agileEncryptionHeader = (AgileEncryptionHeader) getEncryptionInfo().getHeader();
        agileEncryptionVerifier.setSalt(bArr4);
        agileEncryptionHeader.setKeySalt(bArr2);
        int blockSize = agileEncryptionHeader.getBlockSize();
        this.pwHash = CryptoFunctions.hashPassword(str, agileEncryptionVerifier.getHashAlgorithm(), bArr4, agileEncryptionVerifier.getSpinCount());
        agileEncryptionVerifier.setEncryptedVerifier(AgileDecryptor.hashInput(agileEncryptionVerifier, this.pwHash, AgileDecryptor.kVerifierInputBlock, bArr3, 1));
        agileEncryptionVerifier.setEncryptedVerifierHash(AgileDecryptor.hashInput(agileEncryptionVerifier, this.pwHash, AgileDecryptor.kHashedVerifierBlock, CryptoFunctions.getMessageDigest(agileEncryptionVerifier.getHashAlgorithm()).digest(bArr3), 1));
        agileEncryptionVerifier.setEncryptedKey(AgileDecryptor.hashInput(agileEncryptionVerifier, this.pwHash, AgileDecryptor.kCryptoKeyBlock, bArr, 1));
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, agileEncryptionHeader.getCipherAlgorithm().jceId);
        setSecretKey(secretKeySpec);
        this.integritySalt = (byte[]) bArr5.clone();
        try {
            agileEncryptionHeader.setEncryptedHmacKey(CryptoFunctions.getCipher(secretKeySpec, agileEncryptionHeader.getCipherAlgorithm(), agileEncryptionHeader.getChainingMode(), CryptoFunctions.generateIv(agileEncryptionHeader.getHashAlgorithm(), agileEncryptionHeader.getKeySalt(), AgileDecryptor.kIntegrityKeyBlock, agileEncryptionHeader.getBlockSize()), 1).doFinal(CryptoFunctions.getBlock0(this.integritySalt, AgileDecryptor.getNextBlockSize(this.integritySalt.length, blockSize))));
            Cipher cipher = Cipher.getInstance("RSA");
            for (AgileEncryptionVerifier.AgileCertificateEntry agileCertificateEntry : agileEncryptionVerifier.getCertificates()) {
                cipher.init(1, agileCertificateEntry.x509.getPublicKey());
                agileCertificateEntry.encryptedKey = cipher.doFinal(getSecretKey().getEncoded());
                Mac mac = CryptoFunctions.getMac(agileEncryptionHeader.getHashAlgorithm());
                mac.init(getSecretKey());
                agileCertificateEntry.certVerifier = mac.doFinal(agileCertificateEntry.x509.getEncoded());
            }
        } catch (GeneralSecurityException e) {
            throw new EncryptedDocumentException(e);
        }
    }

    @Override // org.apache.poi.poifs.crypt.Encryptor
    public OutputStream getDataStream(DirectoryNode directoryNode) throws IOException, GeneralSecurityException {
        return new AgileCipherOutputStream(directoryNode);
    }

    protected void updateIntegrityHMAC(File file, int i) throws GeneralSecurityException, IOException {
        AgileEncryptionHeader agileEncryptionHeader = (AgileEncryptionHeader) getEncryptionInfo().getHeader();
        int blockSize = agileEncryptionHeader.getBlockSize();
        HashAlgorithm hashAlgorithm = agileEncryptionHeader.getHashAlgorithm();
        Mac mac = CryptoFunctions.getMac(hashAlgorithm);
        mac.init(new SecretKeySpec(CryptoFunctions.getBlock0(this.integritySalt, AgileDecryptor.getNextBlockSize(this.integritySalt.length, blockSize)), hashAlgorithm.jceHmacId));
        byte[] bArr = new byte[1024];
        LittleEndian.putLong(bArr, 0, i);
        mac.update(bArr, 0, 8);
        FileInputStream fileInputStream = new FileInputStream(file);
        while (true) {
            try {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    byte[] doFinal = mac.doFinal();
                    agileEncryptionHeader.setEncryptedHmacValue(CryptoFunctions.getCipher(getSecretKey(), agileEncryptionHeader.getCipherAlgorithm(), agileEncryptionHeader.getChainingMode(), CryptoFunctions.generateIv(agileEncryptionHeader.getHashAlgorithm(), agileEncryptionHeader.getKeySalt(), AgileDecryptor.kIntegrityValueBlock, blockSize), 1).doFinal(CryptoFunctions.getBlock0(doFinal, AgileDecryptor.getNextBlockSize(doFinal.length, blockSize))));
                    return;
                }
                mac.update(bArr, 0, read);
            } finally {
                fileInputStream.close();
            }
        }
    }

    protected EncryptionDocument createEncryptionDocument() {
        AgileEncryptionVerifier agileEncryptionVerifier = (AgileEncryptionVerifier) getEncryptionInfo().getVerifier();
        AgileEncryptionHeader agileEncryptionHeader = (AgileEncryptionHeader) getEncryptionInfo().getHeader();
        EncryptionDocument newInstance = EncryptionDocument.Factory.newInstance();
        CTEncryption addNewEncryption = newInstance.addNewEncryption();
        CTKeyData addNewKeyData = addNewEncryption.addNewKeyData();
        CTKeyEncryptors addNewKeyEncryptors = addNewEncryption.addNewKeyEncryptors();
        CTKeyEncryptor addNewKeyEncryptor = addNewKeyEncryptors.addNewKeyEncryptor();
        addNewKeyEncryptor.setUri(this.passwordUri);
        CTPasswordKeyEncryptor addNewEncryptedPasswordKey = addNewKeyEncryptor.addNewEncryptedPasswordKey();
        addNewEncryptedPasswordKey.setSpinCount(agileEncryptionVerifier.getSpinCount());
        addNewKeyData.setSaltSize(agileEncryptionHeader.getBlockSize());
        addNewEncryptedPasswordKey.setSaltSize(agileEncryptionVerifier.getBlockSize());
        addNewKeyData.setBlockSize(agileEncryptionHeader.getBlockSize());
        addNewEncryptedPasswordKey.setBlockSize(agileEncryptionVerifier.getBlockSize());
        addNewKeyData.setKeyBits(agileEncryptionHeader.getKeySize());
        addNewEncryptedPasswordKey.setKeyBits(agileEncryptionVerifier.getKeySize());
        addNewKeyData.setHashSize(agileEncryptionHeader.getHashAlgorithm().hashSize);
        addNewEncryptedPasswordKey.setHashSize(agileEncryptionVerifier.getHashAlgorithm().hashSize);
        if (!agileEncryptionHeader.getCipherAlgorithm().xmlId.equals(agileEncryptionVerifier.getCipherAlgorithm().xmlId)) {
            throw new EncryptedDocumentException("Cipher algorithm of header and verifier have to match");
        }
        STCipherAlgorithm.Enum forString = STCipherAlgorithm.Enum.forString(agileEncryptionHeader.getCipherAlgorithm().xmlId);
        if (forString == null) {
            throw new EncryptedDocumentException("CipherAlgorithm " + agileEncryptionHeader.getCipherAlgorithm() + " not supported.");
        }
        addNewKeyData.setCipherAlgorithm(forString);
        addNewEncryptedPasswordKey.setCipherAlgorithm(forString);
        switch (agileEncryptionHeader.getChainingMode()) {
            case cbc:
                addNewKeyData.setCipherChaining(STCipherChaining.CHAINING_MODE_CBC);
                addNewEncryptedPasswordKey.setCipherChaining(STCipherChaining.CHAINING_MODE_CBC);
                break;
            case cfb:
                addNewKeyData.setCipherChaining(STCipherChaining.CHAINING_MODE_CFB);
                addNewEncryptedPasswordKey.setCipherChaining(STCipherChaining.CHAINING_MODE_CFB);
                break;
            default:
                throw new EncryptedDocumentException("ChainingMode " + agileEncryptionHeader.getChainingMode() + " not supported.");
        }
        addNewKeyData.setHashAlgorithm(mapHashAlgorithm(agileEncryptionHeader.getHashAlgorithm()));
        addNewEncryptedPasswordKey.setHashAlgorithm(mapHashAlgorithm(agileEncryptionVerifier.getHashAlgorithm()));
        addNewKeyData.setSaltValue(agileEncryptionHeader.getKeySalt());
        addNewEncryptedPasswordKey.setSaltValue(agileEncryptionVerifier.getSalt());
        addNewEncryptedPasswordKey.setEncryptedVerifierHashInput(agileEncryptionVerifier.getEncryptedVerifier());
        addNewEncryptedPasswordKey.setEncryptedVerifierHashValue(agileEncryptionVerifier.getEncryptedVerifierHash());
        addNewEncryptedPasswordKey.setEncryptedKeyValue(agileEncryptionVerifier.getEncryptedKey());
        CTDataIntegrity addNewDataIntegrity = addNewEncryption.addNewDataIntegrity();
        addNewDataIntegrity.setEncryptedHmacKey(agileEncryptionHeader.getEncryptedHmacKey());
        addNewDataIntegrity.setEncryptedHmacValue(agileEncryptionHeader.getEncryptedHmacValue());
        for (AgileEncryptionVerifier.AgileCertificateEntry agileCertificateEntry : agileEncryptionVerifier.getCertificates()) {
            CTKeyEncryptor addNewKeyEncryptor2 = addNewKeyEncryptors.addNewKeyEncryptor();
            addNewKeyEncryptor2.setUri(this.certificateUri);
            CTCertificateKeyEncryptor addNewEncryptedCertificateKey = addNewKeyEncryptor2.addNewEncryptedCertificateKey();
            try {
                addNewEncryptedCertificateKey.setX509Certificate(agileCertificateEntry.x509.getEncoded());
                addNewEncryptedCertificateKey.setEncryptedKeyValue(agileCertificateEntry.encryptedKey);
                addNewEncryptedCertificateKey.setCertVerifier(agileCertificateEntry.certVerifier);
            } catch (CertificateEncodingException e) {
                throw new EncryptedDocumentException(e);
            }
        }
        return newInstance;
    }

    private static STHashAlgorithm.Enum mapHashAlgorithm(HashAlgorithm hashAlgorithm) {
        STHashAlgorithm.Enum forString = STHashAlgorithm.Enum.forString(hashAlgorithm.ecmaString);
        if (forString == null) {
            throw new EncryptedDocumentException("HashAlgorithm " + hashAlgorithm + " not supported.");
        }
        return forString;
    }

    protected void marshallEncryptionDocument(EncryptionDocument encryptionDocument, LittleEndianByteArrayOutputStream littleEndianByteArrayOutputStream) {
        XmlOptions xmlOptions = new XmlOptions();
        xmlOptions.setCharacterEncoding("UTF-8");
        Map hashMap = new HashMap();
        hashMap.put(this.passwordUri.toString(), MessageDAOImpl.PROPERTIES);
        hashMap.put(this.certificateUri.toString(), "c");
        xmlOptions.setUseDefaultNamespace();
        xmlOptions.setSaveSuggestedPrefixes(hashMap);
        xmlOptions.setSaveNamespacesFirst();
        xmlOptions.setSaveAggressiveNamespaces();
        xmlOptions.setSaveNoXmlDecl();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n".getBytes("UTF-8"));
            encryptionDocument.save(byteArrayOutputStream, xmlOptions);
            byteArrayOutputStream.writeTo(littleEndianByteArrayOutputStream);
        } catch (IOException e) {
            throw new EncryptedDocumentException("error marshalling encryption info document", e);
        }
    }

    protected void createEncryptionInfoEntry(DirectoryNode directoryNode, File file) throws IOException, GeneralSecurityException {
        DataSpaceMapUtils.addDefaultDataSpace(directoryNode);
        final EncryptionInfo encryptionInfo = getEncryptionInfo();
        DataSpaceMapUtils.createEncryptionEntry(directoryNode, "EncryptionInfo", new EncryptionRecord() { // from class: org.apache.poi.poifs.crypt.agile.AgileEncryptor.1
            @Override // org.apache.poi.poifs.crypt.standard.EncryptionRecord
            public void write(LittleEndianByteArrayOutputStream littleEndianByteArrayOutputStream) {
                littleEndianByteArrayOutputStream.writeShort(encryptionInfo.getVersionMajor());
                littleEndianByteArrayOutputStream.writeShort(encryptionInfo.getVersionMinor());
                littleEndianByteArrayOutputStream.writeInt(encryptionInfo.getEncryptionFlags());
                AgileEncryptor.this.marshallEncryptionDocument(AgileEncryptor.this.createEncryptionDocument(), littleEndianByteArrayOutputStream);
            }
        });
    }

    @Override // org.apache.poi.poifs.crypt.Encryptor
    /* renamed from: clone */
    public AgileEncryptor mo9683clone() throws CloneNotSupportedException {
        AgileEncryptor agileEncryptor = (AgileEncryptor) super.mo9683clone();
        agileEncryptor.integritySalt = this.integritySalt == null ? null : (byte[]) this.integritySalt.clone();
        agileEncryptor.pwHash = this.pwHash == null ? null : (byte[]) this.pwHash.clone();
        return agileEncryptor;
    }
}
