package org.apache.ws.security.message;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Vector;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
import org.compass.core.util.SystemPropertyUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:lib/wss4j-1.5.11.wso2v17.jar:org/apache/ws/security/message/WSSecEncrypt.class */
public class WSSecEncrypt extends WSSecEncryptedKey {
    private static Log log = LogFactory.getLog(WSSecEncrypt.class.getName());
    protected boolean useKeyIdentifier;
    private String customReferenceValue;
    private String encKeyValueType;
    private boolean encKeyIdDirectId;
    protected String symEncAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    protected String encCanonAlgo = null;
    protected byte[] embeddedKey = null;
    protected String embeddedKeyName = null;
    protected SecretKey symmetricKey = null;
    protected SecurityTokenReference securityTokenReference = null;
    private boolean encryptSymmKey = true;

    public void setKey(byte[] bArr) {
        this.embeddedKey = bArr;
    }

    public void setKeyEnc(String str) {
        this.keyEncAlgo = str;
    }

    public void setEmbeddedKeyName(String str) {
        this.embeddedKeyName = str;
    }

    public void setUseKeyIdentifier(boolean z) {
        this.useKeyIdentifier = z;
    }

    public void setSymmetricEncAlgorithm(String str) {
        this.symEncAlgo = str;
    }

    public void setEncCanonicalization(String str) {
        this.encCanonAlgo = str;
    }

    public String getSymmetricEncAlgorithm() {
        return this.symEncAlgo;
    }

    public boolean getUseKeyIdentifier() {
        return this.useKeyIdentifier;
    }

    @Override // org.apache.ws.security.message.WSSecEncryptedKey
    public void prepare(Document document, Crypto crypto) throws WSSecurityException {
        X509Certificate x509Certificate;
        this.document = document;
        if (this.ephemeralKey == null) {
            if (this.symmetricKey == null) {
                this.symmetricKey = getKeyGenerator().generateKey();
            }
            this.ephemeralKey = this.symmetricKey.getEncoded();
        }
        if (this.symmetricKey == null) {
            this.symmetricKey = WSSecurityUtil.prepareSecretKey(this.symEncAlgo, this.ephemeralKey);
        }
        if (!this.encryptSymmKey) {
            this.encryptedEphemeralKey = this.ephemeralKey;
            return;
        }
        if (this.useThisCert != null) {
            x509Certificate = this.useThisCert;
        } else {
            X509Certificate[] certificates = crypto.getCertificates(this.user);
            if (certificates == null || certificates.length <= 0) {
                throw new WSSecurityException(0, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            x509Certificate = certificates[0];
        }
        prepareInternal(this.ephemeralKey, x509Certificate, crypto);
    }

    public Document build(Document document, Crypto crypto, WSSecHeader wSSecHeader) throws WSSecurityException {
        this.doDebug = log.isDebugEnabled();
        if (this.keyIdentifierType == 5 || this.keyIdentifierType == 6) {
            return buildEmbedded(document, wSSecHeader);
        }
        if (this.doDebug) {
            log.debug("Beginning Encryption...");
        }
        prepare(document, crypto);
        if (this.envelope == null) {
            this.envelope = this.document.getDocumentElement();
        }
        if (this.parts == null) {
            this.parts = new Vector();
            SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(this.envelope);
            this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        }
        Element encryptForInternalRef = encryptForInternalRef(null, this.parts);
        if (this.encryptedKeyElement != null) {
            addInternalRefElement(encryptForInternalRef);
            prependToHeader(wSSecHeader);
        } else {
            WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), encryptForInternalRef);
        }
        if (this.bstToken != null) {
            prependBSTElementToHeader(wSSecHeader);
        }
        log.debug("Encryption complete.");
        return document;
    }

    public Element encryptForInternalRef(Element element, Vector vector) throws WSSecurityException {
        Vector doEncryption = doEncryption(this.document, this.symmetricKey, vector);
        Element element2 = element;
        if (element2 == null) {
            element2 = this.document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:ReferenceList");
        }
        createDataRefList(this.document, element2, doEncryption);
        return element2;
    }

    public Element encryptForExternalRef(Element element, Vector vector) throws WSSecurityException {
        Vector doEncryption = doEncryption(this.document, this.symmetricKey, vector);
        Element element2 = element;
        if (element2 == null) {
            element2 = this.document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:ReferenceList");
            if (!this.encryptSymmKey) {
                WSSecurityUtil.setNamespace(element2, "http://www.w3.org/2001/04/xmlenc#", "xenc");
            }
        }
        createDataRefList(this.document, element2, doEncryption);
        return element2;
    }

    public void addInternalRefElement(Element element) {
        this.encryptedKeyElement.appendChild(element);
    }

    public void addExternalRefElement(Element element, WSSecHeader wSSecHeader) {
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), element);
    }

    private Vector doEncryption(Document document, SecretKey secretKey, Vector vector) throws WSSecurityException {
        KeyInfo keyInfo = null;
        if (this.useKeyIdentifier && this.keyIdentifierType == 10) {
            keyInfo = new KeyInfo(this.document);
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(this.document);
            if (this.customReferenceValue != null) {
                securityTokenReference.setKeyIdentifierEncKeySHA1(this.customReferenceValue);
            } else {
                securityTokenReference.setKeyIdentifierEncKeySHA1(getSHA1(this.encryptedEphemeralKey));
            }
            keyInfo.addUnknownElement(securityTokenReference.getElement());
            keyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
        }
        return doEncryption(document, secretKey, keyInfo, vector);
    }

    private Vector doEncryption(Document document, SecretKey secretKey, KeyInfo keyInfo, Vector vector) throws WSSecurityException {
        Element element;
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(this.symEncAlgo);
            Vector vector2 = new Vector();
            for (int i = 0; i < vector.size(); i++) {
                WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) vector.get(i);
                String id = wSEncryptionPart.getId();
                String name = wSEncryptionPart.getName();
                String namespace = wSEncryptionPart.getNamespace();
                String encModifier = wSEncryptionPart.getEncModifier();
                if (id != null) {
                    element = WSSecurityUtil.findElementById(this.document.getDocumentElement(), id, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                    if (element == null) {
                        element = WSSecurityUtil.findElementById(this.document.getDocumentElement(), id, null);
                    }
                } else {
                    element = (Element) WSSecurityUtil.findElement(this.document, name, namespace);
                }
                if (element == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{"{" + namespace + SystemPropertyUtils.PLACEHOLDER_SUFFIX + name});
                }
                boolean z = encModifier.equals("Content");
                String createId = this.wssConfig.getIdAllocator().createId("EncDataId-", element);
                wSEncryptionPart.setEncId(createId);
                if (keyInfo == null) {
                    keyInfo = new KeyInfo(this.document);
                    SecurityTokenReference securityTokenReference = new SecurityTokenReference(this.document);
                    if (this.useKeyIdentifier && "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customReferenceValue)) {
                        securityTokenReference.setSAMLKeyIdentifier((this.encKeyIdDirectId ? "" : "#") + this.encKeyId);
                    } else {
                        Reference reference = new Reference(this.document);
                        if (this.encKeyIdDirectId) {
                            reference.setURI(this.encKeyId);
                        } else {
                            reference.setURI("#" + this.encKeyId);
                        }
                        if (this.encKeyValueType != null) {
                            reference.setValueType(this.encKeyValueType);
                        }
                        securityTokenReference.setReference(reference);
                    }
                    keyInfo.addUnknownElement(securityTokenReference.getElement());
                    keyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                }
                try {
                    if (encModifier.equals("Header")) {
                        Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:EncryptedHeader");
                        WSSecurityUtil.setNamespace(createElementNS, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
                        createElementNS.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", WSSecurityUtil.setNamespace(createElementNS, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu") + ":Id", this.wssConfig.getIdAllocator().createId("EncHeader-", element));
                        NamedNodeMap attributes = element.getAttributes();
                        for (int i2 = 0; i2 < attributes.getLength(); i2++) {
                            Attr attr = (Attr) attributes.item(i2);
                            if (attr.getNamespaceURI().equals("http://schemas.xmlsoap.org/soap/envelope/") || attr.getNamespaceURI().equals("http://www.w3.org/2003/05/soap-envelope")) {
                                createElementNS.setAttributeNS(attr.getNamespaceURI(), WSSecurityUtil.setNamespace(createElementNS, attr.getNamespaceURI(), "soapenv") + ":" + attr.getLocalName(), attr.getValue());
                            }
                        }
                        xMLCipher.init(1, secretKey);
                        EncryptedData encryptedData = xMLCipher.getEncryptedData();
                        encryptedData.setId(createId);
                        encryptedData.setKeyInfo(keyInfo);
                        xMLCipher.doFinal(document, element, z);
                        Node findElementById = WSSecurityUtil.findElementById(this.document.getDocumentElement(), createId, null);
                        createElementNS.appendChild(findElementById.cloneNode(true));
                        findElementById.getParentNode().appendChild(createElementNS);
                        findElementById.getParentNode().removeChild(findElementById);
                    } else {
                        xMLCipher.init(1, secretKey);
                        EncryptedData encryptedData2 = xMLCipher.getEncryptedData();
                        encryptedData2.setId(createId);
                        encryptedData2.setKeyInfo(keyInfo);
                        xMLCipher.doFinal(document, element, z);
                    }
                    if (1 != 0) {
                        keyInfo = new KeyInfo((Element) keyInfo.getElement().cloneNode(true), null);
                    }
                    vector2.add("#" + createId);
                } catch (Exception e) {
                    throw new WSSecurityException(9, null, null, e);
                }
            }
            return vector2;
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(2, null, null, e2);
        }
    }

    private Document buildEmbedded(Document document, WSSecHeader wSSecHeader) throws WSSecurityException {
        this.doDebug = log.isDebugEnabled();
        if (this.doDebug) {
            log.debug("Beginning Encryption embedded...");
        }
        this.envelope = document.getDocumentElement();
        this.envelope.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#");
        if (this.symmetricKey == null) {
            if (this.embeddedKey == null) {
                throw new WSSecurityException(0, "noKeySupplied");
            }
            this.symmetricKey = WSSecurityUtil.prepareSecretKey(this.symEncAlgo, this.embeddedKey);
        }
        KeyInfo keyInfo = null;
        if (this.keyIdentifierType == 5) {
            keyInfo = new KeyInfo(document);
            keyInfo.addKeyName(this.embeddedKeyName == null ? this.user : this.embeddedKeyName);
        } else if (this.keyIdentifierType == 6) {
            if (this.securityTokenReference == null) {
                throw new WSSecurityException(7, "You must set keyInfo element, if the keyIdentifier == EMBED_SECURITY_TOKEN_REF");
            }
            keyInfo = new KeyInfo(document);
            Element element = this.securityTokenReference.getElement();
            element.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + element.getPrefix(), element.getNamespaceURI());
            keyInfo.addUnknownElement(this.securityTokenReference.getElement());
        }
        keyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(this.envelope);
        if (this.parts == null) {
            this.parts = new Vector();
            this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        }
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), createDataRefList(document, document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:ReferenceList"), doEncryption(document, this.symmetricKey, keyInfo, this.parts)));
        return document;
    }

    private KeyGenerator getKeyGenerator() throws WSSecurityException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(JCEMapper.getJCEKeyAlgorithmFromURI(this.symEncAlgo));
            if (this.symEncAlgo.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes128-cbc")) {
                keyGenerator.init(128);
            } else if (this.symEncAlgo.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes192-cbc")) {
                keyGenerator.init(192);
            } else if (this.symEncAlgo.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes256-cbc")) {
                keyGenerator.init(256);
            }
            return keyGenerator;
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(2, null, null, e);
        }
    }

    public static Element createDataRefList(Document document, Element element, Vector vector) {
        for (int i = 0; i < vector.size(); i++) {
            String str = (String) vector.get(i);
            Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:DataReference");
            createElementNS.setAttributeNS(null, "URI", str);
            element.appendChild(createElementNS);
        }
        return element;
    }

    public SecretKey getSymmetricKey() {
        return this.symmetricKey;
    }

    public void setSymmetricKey(SecretKey secretKey) {
        this.symmetricKey = secretKey;
    }

    public SecurityTokenReference getSecurityTokenReference() {
        return this.securityTokenReference;
    }

    public void setSecurityTokenReference(SecurityTokenReference securityTokenReference) {
        this.securityTokenReference = securityTokenReference;
    }

    public boolean isEncryptSymmKey() {
        return this.encryptSymmKey;
    }

    public void setEncryptSymmKey(boolean z) {
        this.encryptSymmKey = z;
    }

    private String getSHA1(byte[] bArr) throws WSSecurityException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_1);
            messageDigest.reset();
            messageDigest.update(bArr);
            return Base64.encode(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(2, null, null, e);
        }
    }

    public void setCustomReferenceValue(String str) {
        this.customReferenceValue = str;
    }

    public void setEncKeyValueType(String str) {
        this.encKeyValueType = str;
    }

    public void setEncKeyIdDirectId(boolean z) {
        this.encKeyIdDirectId = z;
    }
}
