package org.apache.ws.security.message;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Vector;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.compass.core.util.SystemPropertyUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;

/* loaded from: input_file:WEB-INF/lib/wss4j-1.5.11-wso2v18.jar:org/apache/ws/security/message/WSEncryptBody.class */
public class WSEncryptBody extends WSBaseMessage {
    private static Log log = LogFactory.getLog(WSEncryptBody.class.getName());
    private static Log tlog = LogFactory.getLog("org.apache.ws.security.TIME");
    protected String symEncAlgo;
    protected String keyEncAlgo;
    protected String encCanonAlgo;
    protected byte[] embeddedKey;
    protected String embeddedKeyName;
    protected X509Certificate useThisCert;
    protected SecretKey symmetricKey;
    protected SecretKey encryptionKey;
    protected Element parentNode;
    protected SecurityTokenReference securityTokenReference;

    public WSEncryptBody() {
        this.symEncAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
        this.keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
        this.encCanonAlgo = null;
        this.embeddedKey = null;
        this.embeddedKeyName = null;
        this.useThisCert = null;
        this.symmetricKey = null;
        this.encryptionKey = null;
        this.parentNode = null;
        this.securityTokenReference = null;
    }

    public WSEncryptBody(String str) {
        super(str);
        this.symEncAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
        this.keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
        this.encCanonAlgo = null;
        this.embeddedKey = null;
        this.embeddedKeyName = null;
        this.useThisCert = null;
        this.symmetricKey = null;
        this.encryptionKey = null;
        this.parentNode = null;
        this.securityTokenReference = null;
    }

    public WSEncryptBody(String str, boolean z) {
        super(str, z);
        this.symEncAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
        this.keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
        this.encCanonAlgo = null;
        this.embeddedKey = null;
        this.embeddedKeyName = null;
        this.useThisCert = null;
        this.symmetricKey = null;
        this.encryptionKey = null;
        this.parentNode = null;
        this.securityTokenReference = null;
    }

    public void setKey(byte[] bArr) {
        this.embeddedKey = bArr;
    }

    public void setKeyEnc(String str) {
        this.keyEncAlgo = str;
    }

    public void setUserInfo(String str) {
        this.user = str;
    }

    public void setEmbeddedKeyName(String str) {
        this.embeddedKeyName = str;
    }

    public void setUseThisCert(X509Certificate x509Certificate) {
        this.useThisCert = x509Certificate;
    }

    public void setSymmetricEncAlgorithm(String str) {
        this.symEncAlgo = str;
    }

    public void setEncCanonicalization(String str) {
        this.encCanonAlgo = str;
    }

    public String getSymmetricEncAlgorithm() {
        return this.symEncAlgo;
    }

    public Document build(Document document, Crypto crypto) throws WSSecurityException {
        X509Certificate x509Certificate;
        this.doDebug = log.isDebugEnabled();
        if (this.keyIdentifierType == 5 || this.keyIdentifierType == 6) {
            return buildEmbedded(document);
        }
        long j = 0;
        long j2 = 0;
        long j3 = 0;
        if (tlog.isDebugEnabled()) {
            j = System.currentTimeMillis();
        }
        if (this.doDebug) {
            log.debug("Beginning Encryption...");
        }
        this.encryptionKey = this.symmetricKey;
        if (this.encryptionKey == null) {
            this.encryptionKey = getKeyGenerator().generateKey();
        }
        Vector doEncryption = doEncryption(document, this.encryptionKey);
        if (tlog.isDebugEnabled()) {
            j2 = System.currentTimeMillis();
        }
        if (this.useThisCert != null) {
            x509Certificate = this.useThisCert;
        } else {
            X509Certificate[] certificates = crypto.getCertificates(this.user);
            if (certificates == null || certificates.length <= 0) {
                throw new WSSecurityException(0, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            x509Certificate = certificates[0];
        }
        if (tlog.isDebugEnabled()) {
            j3 = System.currentTimeMillis();
        }
        Cipher cipherInstance = WSSecurityUtil.getCipherInstance(this.keyEncAlgo);
        try {
            cipherInstance.init(1, x509Certificate);
            byte[] encoded = this.encryptionKey.getEncoded();
            if (this.doDebug) {
                log.debug("cipher blksize: " + cipherInstance.getBlockSize() + ", symm key length: " + encoded.length);
            }
            if (cipherInstance.getBlockSize() < encoded.length) {
                throw new WSSecurityException(0, "unsupportedKeyTransp", new Object[]{"public key algorithm too weak to encrypt symmetric key"});
            }
            try {
                Text createBase64EncodedTextNode = WSSecurityUtil.createBase64EncodedTextNode(document, cipherInstance.doFinal(encoded));
                Element insertSecurityHeader = insertSecurityHeader(document);
                Element createEncryptedKey = createEncryptedKey(document, this.keyEncAlgo);
                if (this.parentNode == null) {
                    WSSecurityUtil.prependChildElement(insertSecurityHeader, createEncryptedKey);
                } else {
                    WSSecurityUtil.prependChildElement(this.parentNode, createEncryptedKey);
                }
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
                switch (this.keyIdentifierType) {
                    case 1:
                        Reference reference = new Reference(document);
                        String createId = this.wssConfig.getIdAllocator().createId("EncCertId-", x509Certificate);
                        reference.setURI("#" + createId);
                        X509Security x509Security = new X509Security(document);
                        x509Security.setX509Certificate(x509Certificate);
                        x509Security.setID(createId);
                        reference.setValueType(x509Security.getValueType());
                        securityTokenReference.setReference(reference);
                        WSSecurityUtil.prependChildElement(insertSecurityHeader, x509Security.getElement());
                        break;
                    case 2:
                        XMLX509IssuerSerial xMLX509IssuerSerial = new XMLX509IssuerSerial(document, x509Certificate);
                        X509Data x509Data = new X509Data(document);
                        x509Data.add(xMLX509IssuerSerial);
                        securityTokenReference.setX509IssuerSerial(x509Data);
                        break;
                    case 3:
                        securityTokenReference.setKeyIdentifier(x509Certificate);
                        break;
                    case 4:
                        securityTokenReference.setKeyIdentifierSKI(x509Certificate, crypto);
                        break;
                    case 5:
                    case 6:
                    case 7:
                    default:
                        throw new WSSecurityException(0, "unsupportedKeyId");
                    case 8:
                        securityTokenReference.setKeyIdentifierThumb(x509Certificate);
                        break;
                }
                KeyInfo keyInfo = new KeyInfo(document);
                keyInfo.addUnknownElement(securityTokenReference.getElement());
                createEncryptedKey.appendChild(keyInfo.getElement());
                createCipherValue(document, createEncryptedKey).appendChild(createBase64EncodedTextNode);
                createDataRefList(document, createEncryptedKey, doEncryption);
                log.debug("Encryption complete.");
                if (tlog.isDebugEnabled()) {
                    tlog.debug("EncryptBody: symm-enc " + (j2 - j) + " cert " + (j3 - j2) + " key-encrypt " + (System.currentTimeMillis() - j3));
                }
                return document;
            } catch (IllegalStateException e) {
                throw new WSSecurityException(9, null, null, e);
            } catch (BadPaddingException e2) {
                throw new WSSecurityException(9, null, null, e2);
            } catch (IllegalBlockSizeException e3) {
                throw new WSSecurityException(9, null, null, e3);
            }
        } catch (InvalidKeyException e4) {
            throw new WSSecurityException(9, null, null, e4);
        }
    }

    private Vector doEncryption(Document document, SecretKey secretKey) throws WSSecurityException {
        return doEncryption(document, secretKey, null);
    }

    private Vector doEncryption(Document document, SecretKey secretKey, KeyInfo keyInfo) throws WSSecurityException {
        Element documentElement = document.getDocumentElement();
        documentElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#");
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(documentElement);
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(this.symEncAlgo);
            if (this.parts == null) {
                this.parts = new Vector();
                this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
            }
            Vector vector = new Vector();
            for (int i = 0; i < this.parts.size(); i++) {
                WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) this.parts.get(i);
                String name = wSEncryptionPart.getName();
                String namespace = wSEncryptionPart.getNamespace();
                String encModifier = wSEncryptionPart.getEncModifier();
                Element element = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                if (element == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{"{" + namespace + SystemPropertyUtils.PLACEHOLDER_SUFFIX + name});
                }
                boolean z = encModifier.equals("Content");
                String createId = this.wssConfig.getIdAllocator().createId("EncDataId-", element);
                try {
                    xMLCipher.init(1, secretKey);
                    EncryptedData encryptedData = xMLCipher.getEncryptedData();
                    encryptedData.setId(createId);
                    encryptedData.setKeyInfo(keyInfo);
                    xMLCipher.doFinal(document, element, z);
                    vector.add(new String("#" + createId));
                } catch (Exception e) {
                    throw new WSSecurityException(9, null, null, e);
                }
            }
            return vector;
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(2, null, null, e2);
        }
    }

    private Document buildEmbedded(Document document) throws WSSecurityException {
        this.doDebug = log.isDebugEnabled();
        long j = 0;
        if (tlog.isDebugEnabled()) {
            j = System.currentTimeMillis();
        }
        if (this.doDebug) {
            log.debug("Beginning Encryption embedded...");
        }
        this.encryptionKey = this.symmetricKey;
        if (this.encryptionKey == null) {
            if (this.embeddedKey == null) {
                throw new WSSecurityException(0, "noKeySupplied");
            }
            this.encryptionKey = WSSecurityUtil.prepareSecretKey(this.symEncAlgo, this.embeddedKey);
        }
        KeyInfo keyInfo = null;
        if (this.keyIdentifierType == 5) {
            keyInfo = new KeyInfo(document);
            keyInfo.addKeyName(this.embeddedKeyName == null ? this.user : this.embeddedKeyName);
        } else if (this.keyIdentifierType == 6) {
            if (this.securityTokenReference == null) {
                throw new WSSecurityException(7, "You must set keyInfo element, if the keyIdentifier == EMBED_SECURITY_TOKEN_REF");
            }
            keyInfo = new KeyInfo(document);
            Element element = this.securityTokenReference.getElement();
            element.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + element.getPrefix(), element.getNamespaceURI());
            keyInfo.addUnknownElement(this.securityTokenReference.getElement());
        }
        WSSecurityUtil.prependChildElement(insertSecurityHeader(document), createDataRefList(document, document.createElement("temp"), doEncryption(document, this.encryptionKey, keyInfo)));
        if (tlog.isDebugEnabled()) {
            tlog.debug("EncryptBody embedded: symm-enc " + (0 - j));
        }
        return document;
    }

    private KeyGenerator getKeyGenerator() throws WSSecurityException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            if (this.symEncAlgo.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#tripledes-cbc")) {
                keyGenerator = KeyGenerator.getInstance("DESede");
            } else if (this.symEncAlgo.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes128-cbc")) {
                keyGenerator.init(128);
            } else if (this.symEncAlgo.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes192-cbc")) {
                keyGenerator.init(192);
            } else {
                if (!this.symEncAlgo.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes256-cbc")) {
                    return null;
                }
                keyGenerator.init(256);
            }
            return keyGenerator;
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(2, null, null, e);
        }
    }

    public static Element createEncryptedKey(Document document, String str) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptedKey");
        WSSecurityUtil.setNamespace(createElementNS, "http://www.w3.org/2001/04/xmlenc#", "xenc");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptionMethod");
        createElementNS2.setAttributeNS(null, "Algorithm", str);
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    public static Element createEnrcyptedKey(Document document, String str) {
        return createEncryptedKey(document, str);
    }

    public static Element createCipherValue(Document document, Element element) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherData");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherValue");
        createElementNS.appendChild(createElementNS2);
        element.appendChild(createElementNS);
        return createElementNS2;
    }

    public static Element createDataRefList(Document document, Element element, Vector vector) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:ReferenceList");
        for (int i = 0; i < vector.size(); i++) {
            String str = (String) vector.get(i);
            Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:DataReference");
            createElementNS2.setAttributeNS(null, "URI", str);
            createElementNS.appendChild(createElementNS2);
        }
        element.appendChild(createElementNS);
        return createElementNS;
    }

    public void setParentNode(Element element) {
        this.parentNode = element;
    }

    public SecretKey getSymmetricKey() {
        return this.symmetricKey;
    }

    public void setSymmetricKey(SecretKey secretKey) {
        this.symmetricKey = secretKey;
    }

    public SecretKey getEncryptionKey() {
        return this.encryptionKey;
    }

    public SecurityTokenReference getSecurityTokenReference() {
        return this.securityTokenReference;
    }

    public void setSecurityTokenReference(SecurityTokenReference securityTokenReference) {
        this.securityTokenReference = securityTokenReference;
    }
}
