package org.apache.wss4j.dom.action;

import java.util.ArrayList;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.EncryptionActionToken;
import org.apache.wss4j.common.SecurityActionToken;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandler;
import org.apache.wss4j.dom.message.WSSecDKEncrypt;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/wss4j/dom/action/EncryptionDerivedAction.class */
public class EncryptionDerivedAction extends AbstractDerivedAction implements Action {
    @Override // org.apache.wss4j.dom.action.Action
    public void execute(WSHandler wSHandler, SecurityActionToken securityActionToken, Document document, RequestData requestData) throws WSSecurityException {
        CallbackHandler callbackHandler = requestData.getCallbackHandler();
        if (callbackHandler == null) {
            callbackHandler = wSHandler.getPasswordCallbackHandler(requestData);
        }
        EncryptionActionToken encryptionActionToken = null;
        if (securityActionToken instanceof EncryptionActionToken) {
            encryptionActionToken = (EncryptionActionToken) securityActionToken;
        }
        if (encryptionActionToken == null) {
            encryptionActionToken = requestData.getEncryptionToken();
        }
        WSPasswordCallback passwordCB = wSHandler.getPasswordCB(encryptionActionToken.getUser(), WSConstants.DKT_ENCR, callbackHandler, requestData);
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt(requestData.getWssConfig());
        if (encryptionActionToken.getKeyIdentifierId() != 0) {
            wSSecDKEncrypt.setKeyIdentifierType(encryptionActionToken.getKeyIdentifierId());
        }
        if (encryptionActionToken.getSymmetricAlgorithm() != null) {
            wSSecDKEncrypt.setSymmetricEncAlgorithm(encryptionActionToken.getSymmetricAlgorithm());
        }
        wSSecDKEncrypt.setUserInfo(encryptionActionToken.getUser(), passwordCB.getPassword());
        if (requestData.isUse200512Namespace()) {
            wSSecDKEncrypt.setWscVersion(2);
        } else {
            wSSecDKEncrypt.setWscVersion(1);
        }
        if (encryptionActionToken.getDerivedKeyLength() > 0) {
            wSSecDKEncrypt.setDerivedKeyLength(encryptionActionToken.getDerivedKeyLength());
        }
        Element element = setupTokenReference(requestData, encryptionActionToken, wSSecDKEncrypt, passwordCB, document);
        wSSecDKEncrypt.setAttachmentCallbackHandler(requestData.getAttachmentCallbackHandler());
        try {
            List<WSEncryptionPart> parts = encryptionActionToken.getParts();
            if (parts == null || parts.isEmpty()) {
                WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(requestData.getSoapConstants().getBodyQName().getLocalPart(), requestData.getSoapConstants().getEnvelopeURI(), "Content");
                parts = new ArrayList();
                parts.add(wSEncryptionPart);
            }
            wSSecDKEncrypt.setParts(parts);
            wSSecDKEncrypt.prepare(document);
            Element encryptForExternalRef = wSSecDKEncrypt.encryptForExternalRef(null, parts);
            Node node = null;
            if (element == null && "EncryptedKey".equals(encryptionActionToken.getDerivedKeyTokenReference())) {
                node = findEncryptedKeySibling(requestData);
            } else if (element == null && "SecurityContextToken".equals(encryptionActionToken.getDerivedKeyTokenReference())) {
                node = findSCTSibling(requestData);
            }
            if (node == null) {
                wSSecDKEncrypt.prependDKElementToHeader(requestData.getSecHeader());
            } else {
                requestData.getSecHeader().getSecurityHeader().insertBefore(wSSecDKEncrypt.getdktElement(), node);
            }
            wSSecDKEncrypt.addExternalRefElement(encryptForExternalRef, requestData.getSecHeader());
            if (element != null) {
                WSSecurityUtil.prependChildElement(requestData.getSecHeader().getSecurityHeader(), element);
            }
        } catch (WSSecurityException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, new Object[]{"Error during Encryption: "});
        }
    }

    private Element setupTokenReference(RequestData requestData, EncryptionActionToken encryptionActionToken, WSSecDKEncrypt wSSecDKEncrypt, WSPasswordCallback wSPasswordCallback, Document document) throws WSSecurityException {
        if ("SecurityContextToken".equals(encryptionActionToken.getDerivedKeyTokenReference())) {
            if (requestData.isUse200512Namespace()) {
                wSSecDKEncrypt.setCustomValueType(WSConstants.WSC_SCT_05_12);
            } else {
                wSSecDKEncrypt.setCustomValueType(WSConstants.WSC_SCT);
            }
            if (requestData.getSignatureToken() != null && requestData.getSignatureToken().getKey() != null && requestData.getSignatureToken().getKeyIdentifier() != null) {
                wSSecDKEncrypt.setExternalKey(requestData.getSignatureToken().getKey(), requestData.getSignatureToken().getKeyIdentifier());
                return null;
            }
            String generateID = IDGenerator.generateID("uuid:");
            wSSecDKEncrypt.setExternalKey(wSPasswordCallback.getKey(), generateID);
            encryptionActionToken.setKey(wSPasswordCallback.getKey());
            encryptionActionToken.setKeyIdentifier(generateID);
            int i = 2;
            if (!requestData.isUse200512Namespace()) {
                i = 1;
            }
            return new SecurityContextToken(i, document, generateID).getElement();
        }
        wSSecDKEncrypt.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
        if (requestData.getSignatureToken() != null && requestData.getSignatureToken().getKey() != null && requestData.getSignatureToken().getKeyIdentifier() != null) {
            wSSecDKEncrypt.setExternalKey(requestData.getSignatureToken().getKey(), requestData.getSignatureToken().getKeyIdentifier());
            return null;
        }
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        wSSecEncryptedKey.setUserInfo(encryptionActionToken.getUser());
        if (encryptionActionToken.getDerivedKeyIdentifier() != 0) {
            wSSecEncryptedKey.setKeyIdentifierType(encryptionActionToken.getDerivedKeyIdentifier());
        } else {
            wSSecEncryptedKey.setKeyIdentifierType(8);
        }
        if (encryptionActionToken.getKeyTransportAlgorithm() != null) {
            wSSecEncryptedKey.setKeyEncAlgo(encryptionActionToken.getKeyTransportAlgorithm());
        }
        if (encryptionActionToken.getDigestAlgorithm() != null) {
            wSSecEncryptedKey.setDigestAlgorithm(encryptionActionToken.getDigestAlgorithm());
        }
        if (encryptionActionToken.getMgfAlgorithm() != null) {
            wSSecEncryptedKey.setMGFAlgorithm(encryptionActionToken.getMgfAlgorithm());
        }
        wSSecEncryptedKey.prepare(document, encryptionActionToken.getCrypto());
        byte[] ephemeralKey = wSSecEncryptedKey.getEphemeralKey();
        String id = wSSecEncryptedKey.getId();
        wSSecDKEncrypt.setExternalKey(ephemeralKey, id);
        encryptionActionToken.setKey(ephemeralKey);
        encryptionActionToken.setKeyIdentifier(id);
        return wSSecEncryptedKey.getEncryptedKeyElement();
    }
}
