package org.apache.ws.security.message;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.DOMX509Data;
import org.apache.ws.security.message.token.DOMX509IssuerSerial;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.UUIDGenerator;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;

/* loaded from: input_file:org/apache/ws/security/message/WSSecEncryptedKey.class */
public class WSSecEncryptedKey extends WSSecBase {
    private static Log log = LogFactory.getLog(WSSecEncryptedKey.class);
    protected Document document;
    protected Element envelope;
    protected byte[] ephemeralKey;
    protected SecretKey symmetricKey;
    protected byte[] encryptedEphemeralKey;
    protected String encrUser;
    protected String keyEncAlgo;
    protected String symEncAlgo;
    protected Element encryptedKeyElement;
    protected String encKeyId;
    protected String customEKTokenValueType;
    protected String customEKTokenId;
    protected BinarySecurity bstToken;
    protected X509Certificate useThisCert;

    public WSSecEncryptedKey() {
        this.envelope = null;
        this.symmetricKey = null;
        this.encrUser = null;
        this.keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
        this.symEncAlgo = WSConstants.AES_128;
        this.encryptedKeyElement = null;
        this.encKeyId = null;
        this.bstToken = null;
        this.useThisCert = null;
    }

    public WSSecEncryptedKey(WSSConfig wSSConfig) {
        super(wSSConfig);
        this.envelope = null;
        this.symmetricKey = null;
        this.encrUser = null;
        this.keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
        this.symEncAlgo = WSConstants.AES_128;
        this.encryptedKeyElement = null;
        this.encKeyId = null;
        this.bstToken = null;
        this.useThisCert = null;
    }

    public void setUserInfo(String str) {
        this.user = str;
    }

    public String getId() {
        return this.encKeyId;
    }

    public void prepare(Document document, Crypto crypto) throws WSSecurityException {
        this.document = document;
        if (this.ephemeralKey == null) {
            if (this.symmetricKey == null) {
                this.symmetricKey = getKeyGenerator().generateKey();
            }
            this.ephemeralKey = this.symmetricKey.getEncoded();
        }
        if (this.symmetricKey == null) {
            this.symmetricKey = WSSecurityUtil.prepareSecretKey(this.symEncAlgo, this.ephemeralKey);
        }
        X509Certificate x509Certificate = this.useThisCert;
        if (x509Certificate == null) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            cryptoType.setAlias(this.user);
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates == null || x509Certificates.length <= 0) {
                throw new WSSecurityException(0, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            x509Certificate = x509Certificates[0];
        }
        prepareInternal(this.symmetricKey, x509Certificate, crypto);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void prepareInternal(SecretKey secretKey, X509Certificate x509Certificate, Crypto crypto) throws WSSecurityException {
        Cipher cipherInstance = WSSecurityUtil.getCipherInstance(this.keyEncAlgo);
        try {
            OAEPParameterSpec oAEPParameterSpec = null;
            if (WSConstants.KEYTRANSPORT_RSAOEP.equals(this.keyEncAlgo)) {
                oAEPParameterSpec = new OAEPParameterSpec("SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT);
            }
            if (oAEPParameterSpec == null) {
                cipherInstance.init(3, x509Certificate);
            } else {
                cipherInstance.init(3, x509Certificate.getPublicKey(), oAEPParameterSpec);
            }
            int blockSize = cipherInstance.getBlockSize();
            if (this.doDebug) {
                log.debug("cipher blksize: " + blockSize + ", symm key: " + secretKey.toString());
            }
            try {
                this.encryptedEphemeralKey = cipherInstance.wrap(secretKey);
                Text createBase64EncodedTextNode = WSSecurityUtil.createBase64EncodedTextNode(this.document, this.encryptedEphemeralKey);
                this.encryptedKeyElement = createEncryptedKey(this.document, this.keyEncAlgo);
                if (this.encKeyId == null || "".equals(this.encKeyId)) {
                    this.encKeyId = "EK-" + UUIDGenerator.getUUID();
                }
                this.encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(this.document);
                switch (this.keyIdentifierType) {
                    case 1:
                        Reference reference = new Reference(this.document);
                        String uuid = UUIDGenerator.getUUID();
                        reference.setURI("#" + uuid);
                        this.bstToken = new X509Security(this.document);
                        ((X509Security) this.bstToken).setX509Certificate(x509Certificate);
                        this.bstToken.setID(uuid);
                        reference.setValueType(this.bstToken.getValueType());
                        securityTokenReference.setReference(reference);
                        break;
                    case 2:
                        securityTokenReference.setX509Data(new DOMX509Data(this.document, new DOMX509IssuerSerial(this.document, x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber())));
                        break;
                    case 3:
                        securityTokenReference.setKeyIdentifier(x509Certificate);
                        break;
                    case 4:
                        securityTokenReference.setKeyIdentifierSKI(x509Certificate, crypto);
                        break;
                    case 5:
                    case 6:
                    case 7:
                    default:
                        throw new WSSecurityException(0, "unsupportedKeyId");
                    case 8:
                    case 10:
                        securityTokenReference.setKeyIdentifierThumb(x509Certificate);
                        break;
                    case 9:
                        Reference reference2 = new Reference(this.document);
                        if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                            reference2.setValueType(this.customEKTokenValueType);
                        } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
                        } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                            reference2.setValueType(this.customEKTokenValueType);
                        } else {
                            reference2.setValueType(this.customEKTokenValueType);
                        }
                        reference2.setURI("#" + this.customEKTokenId);
                        securityTokenReference.setReference(reference2);
                        break;
                    case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT /* 11 */:
                        Reference reference3 = new Reference(this.document);
                        if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                            reference3.setValueType(this.customEKTokenValueType);
                        } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
                        } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                            reference3.setValueType(this.customEKTokenValueType);
                        } else {
                            reference3.setValueType(this.customEKTokenValueType);
                        }
                        reference3.setURI(this.customEKTokenId);
                        securityTokenReference.setReference(reference3);
                        break;
                    case WSConstants.CUSTOM_KEY_IDENTIFIER /* 12 */:
                        securityTokenReference.setKeyIdentifier(this.customEKTokenValueType, this.customEKTokenId);
                        if (!WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(this.customEKTokenValueType)) {
                            if (!WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(this.customEKTokenValueType)) {
                                if (!WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(this.customEKTokenValueType)) {
                                    if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(this.customEKTokenValueType)) {
                                        securityTokenReference.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                                        break;
                                    }
                                } else {
                                    securityTokenReference.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                                    break;
                                }
                            } else {
                                securityTokenReference.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
                                break;
                            }
                        } else {
                            securityTokenReference.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                            break;
                        }
                        break;
                }
                Element createElementNS = this.document.createElementNS(WSConstants.SIG_NS, "ds:KeyInfo");
                createElementNS.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:ds", WSConstants.SIG_NS);
                createElementNS.appendChild(securityTokenReference.getElement());
                this.encryptedKeyElement.appendChild(createElementNS);
                createCipherValue(this.document, this.encryptedKeyElement).appendChild(createBase64EncodedTextNode);
                this.envelope = this.document.getDocumentElement();
            } catch (IllegalStateException e) {
                throw new WSSecurityException(9, null, null, e);
            } catch (InvalidKeyException e2) {
                throw new WSSecurityException(9, null, null, e2);
            } catch (IllegalBlockSizeException e3) {
                throw new WSSecurityException(9, null, null, e3);
            }
        } catch (InvalidAlgorithmParameterException e4) {
            throw new WSSecurityException(9, null, null, e4);
        } catch (InvalidKeyException e5) {
            throw new WSSecurityException(9, null, null, e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyGenerator getKeyGenerator() throws WSSecurityException {
        try {
            String jCEKeyAlgorithmFromURI = JCEMapper.getJCEKeyAlgorithmFromURI(this.symEncAlgo);
            if (jCEKeyAlgorithmFromURI == null || "".equals(jCEKeyAlgorithmFromURI)) {
                jCEKeyAlgorithmFromURI = JCEMapper.translateURItoJCEID(this.symEncAlgo);
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(jCEKeyAlgorithmFromURI);
            if (this.symEncAlgo.equalsIgnoreCase(WSConstants.AES_128) || this.symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
                keyGenerator.init(WSConstants.SC);
            } else if (this.symEncAlgo.equalsIgnoreCase(WSConstants.AES_192) || this.symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
                keyGenerator.init(192);
            } else if (this.symEncAlgo.equalsIgnoreCase(WSConstants.AES_256) || this.symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
                keyGenerator.init(WSConstants.NO_SERIALIZE);
            }
            return keyGenerator;
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(2, null, null, e);
        }
    }

    protected Element createEncryptedKey(Document document, String str) {
        Element createElementNS = document.createElementNS(WSConstants.ENC_NS, "xenc:EncryptedKey");
        WSSecurityUtil.setNamespace(createElementNS, WSConstants.ENC_NS, WSConstants.ENC_PREFIX);
        Element createElementNS2 = document.createElementNS(WSConstants.ENC_NS, "xenc:EncryptionMethod");
        createElementNS2.setAttributeNS(null, "Algorithm", str);
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    protected Element createCipherValue(Document document, Element element) {
        Element createElementNS = document.createElementNS(WSConstants.ENC_NS, "xenc:CipherData");
        Element createElementNS2 = document.createElementNS(WSConstants.ENC_NS, "xenc:CipherValue");
        createElementNS.appendChild(createElementNS2);
        element.appendChild(createElementNS);
        return createElementNS2;
    }

    public void prependToHeader(WSSecHeader wSSecHeader) {
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.encryptedKeyElement);
    }

    public void appendToHeader(WSSecHeader wSSecHeader) {
        wSSecHeader.getSecurityHeader().appendChild(this.encryptedKeyElement);
    }

    public void prependBSTElementToHeader(WSSecHeader wSSecHeader) {
        if (this.bstToken != null) {
            WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.bstToken.getElement());
        }
        this.bstToken = null;
    }

    public void appendBSTElementToHeader(WSSecHeader wSSecHeader) {
        if (this.bstToken != null) {
            wSSecHeader.getSecurityHeader().appendChild(this.bstToken.getElement());
        }
        this.bstToken = null;
    }

    public byte[] getEphemeralKey() {
        return this.ephemeralKey;
    }

    public void setUseThisCert(X509Certificate x509Certificate) {
        this.useThisCert = x509Certificate;
    }

    public Element getEncryptedKeyElement() {
        return this.encryptedKeyElement;
    }

    public void setEncryptedKeyElement(Element element) {
        this.encryptedKeyElement = element;
    }

    public Element getBinarySecurityTokenElement() {
        if (this.bstToken != null) {
            return this.bstToken.getElement();
        }
        return null;
    }

    public void setKeyEncAlgo(String str) {
        this.keyEncAlgo = str;
    }

    public void setEphemeralKey(byte[] bArr) {
        this.ephemeralKey = bArr;
    }

    public String getBSTTokenId() {
        if (this.bstToken == null) {
            return null;
        }
        return this.bstToken.getID();
    }

    public void setDocument(Document document) {
        this.document = document;
    }

    public void setEncKeyId(String str) {
        this.encKeyId = str;
    }

    public boolean isCertSet() {
        return this.useThisCert == null;
    }

    public byte[] getEncryptedEphemeralKey() {
        return this.encryptedEphemeralKey;
    }

    public void setCustomEKTokenValueType(String str) {
        this.customEKTokenValueType = str;
    }

    public void setCustomEKTokenId(String str) {
        this.customEKTokenId = str;
    }

    public void setSymmetricEncAlgorithm(String str) {
        this.symEncAlgo = str;
    }

    public String getSymmetricEncAlgorithm() {
        return this.symEncAlgo;
    }

    public SecretKey getSymmetricKey() {
        return this.symmetricKey;
    }

    public void setSymmetricKey(SecretKey secretKey) {
        this.symmetricKey = secretKey;
    }
}
