package org.apache.ws.security.message;

import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.UUIDGenerator;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;

/* loaded from: input_file:lib/wss4j-1.5.11-wso2v20.jar:org/apache/ws/security/message/WSSecEncryptedKey.class */
public class WSSecEncryptedKey extends WSSecBase {
    private static final Log log = LogFactory.getLog(WSSecEncryptedKey.class.getName());
    protected Document document;
    protected byte[] ephemeralKey;
    protected byte[] encryptedEphemeralKey;
    protected String customEKTokenValueType;
    protected String customEKTokenId;
    protected Element envelope = null;
    protected String encrUser = null;
    protected String keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
    protected Element encryptedKeyElement = null;
    protected String encKeyId = null;
    protected BinarySecurity bstToken = null;
    protected X509Certificate useThisCert = null;
    protected int keySize = 128;

    public void setUserInfo(String str) {
        this.user = str;
    }

    public String getId() {
        return this.encKeyId;
    }

    public void prepare(Document document, Crypto crypto) throws WSSecurityException {
        X509Certificate x509Certificate;
        this.document = document;
        if (this.ephemeralKey == null) {
            this.ephemeralKey = generateEphemeralKey();
        }
        if (this.useThisCert != null) {
            x509Certificate = this.useThisCert;
        } else {
            X509Certificate[] certificates = crypto.getCertificates(this.user);
            if (certificates == null || certificates.length <= 0) {
                throw new WSSecurityException(0, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            x509Certificate = certificates[0];
        }
        prepareInternal(this.ephemeralKey, x509Certificate, crypto);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void prepareInternal(byte[] bArr, X509Certificate x509Certificate, Crypto crypto) throws WSSecurityException {
        String uuid = UUIDGenerator.getUUID();
        Cipher cipherInstance = WSSecurityUtil.getCipherInstance(this.keyEncAlgo);
        try {
            cipherInstance.init(1, x509Certificate.getPublicKey());
            if (this.doDebug) {
                log.debug("cipher blksize: " + cipherInstance.getBlockSize() + ", symm key length: " + bArr.length);
            }
            int blockSize = cipherInstance.getBlockSize();
            if (blockSize > 0 && blockSize < bArr.length) {
                throw new WSSecurityException(0, "unsupportedKeyTransp", new Object[]{"public key algorithm too weak to encrypt symmetric key"});
            }
            try {
                this.encryptedEphemeralKey = cipherInstance.doFinal(bArr);
                Text createBase64EncodedTextNode = WSSecurityUtil.createBase64EncodedTextNode(this.document, this.encryptedEphemeralKey);
                this.encryptedKeyElement = createEncryptedKey(this.document, this.keyEncAlgo);
                if (this.encKeyId == null || "".equals(this.encKeyId)) {
                    this.encKeyId = "EncKeyId-" + UUIDGenerator.getUUID();
                }
                this.encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);
                KeyInfo keyInfo = new KeyInfo(this.document);
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(this.document);
                switch (this.keyIdentifierType) {
                    case 1:
                        Reference reference = new Reference(this.document);
                        reference.setURI("#" + uuid);
                        this.bstToken = new X509Security(this.document);
                        ((X509Security) this.bstToken).setX509Certificate(x509Certificate);
                        this.bstToken.setID(uuid);
                        reference.setValueType(this.bstToken.getValueType());
                        securityTokenReference.setReference(reference);
                        break;
                    case 2:
                        XMLX509IssuerSerial xMLX509IssuerSerial = new XMLX509IssuerSerial(this.document, x509Certificate);
                        X509Data x509Data = new X509Data(this.document);
                        x509Data.add(xMLX509IssuerSerial);
                        securityTokenReference.setX509IssuerSerial(x509Data);
                        break;
                    case 3:
                        securityTokenReference.setKeyIdentifier(x509Certificate);
                        break;
                    case 4:
                        securityTokenReference.setKeyIdentifierSKI(x509Certificate, crypto);
                        break;
                    case 5:
                    case 6:
                    case 7:
                    case 9:
                    case 11:
                    default:
                        throw new WSSecurityException(0, "unsupportedKeyId");
                    case 8:
                        securityTokenReference.setKeyIdentifierThumb(x509Certificate);
                        break;
                    case 10:
                        securityTokenReference.setKeyIdentifierThumb(x509Certificate);
                        break;
                    case 12:
                        securityTokenReference.setKeyIdentifier(this.customEKTokenValueType, this.customEKTokenId);
                        break;
                }
                keyInfo.addUnknownElement(securityTokenReference.getElement());
                Element element = keyInfo.getElement();
                element.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                this.encryptedKeyElement.appendChild(element);
                createCipherValue(this.document, this.encryptedKeyElement).appendChild(createBase64EncodedTextNode);
                this.envelope = this.document.getDocumentElement();
                this.envelope.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#");
            } catch (IllegalStateException e) {
                throw new WSSecurityException(9, null, null, e);
            } catch (BadPaddingException e2) {
                throw new WSSecurityException(9, null, null, e2);
            } catch (IllegalBlockSizeException e3) {
                throw new WSSecurityException(9, null, null, e3);
            }
        } catch (InvalidKeyException e4) {
            throw new WSSecurityException(9, null, null, e4);
        }
    }

    protected byte[] generateEphemeralKey() throws WSSecurityException {
        try {
            SecureRandom resolveSecureRandom = WSSecurityUtil.resolveSecureRandom();
            if (resolveSecureRandom == null) {
                throw new WSSecurityException("Random generator is not initialzed.");
            }
            byte[] bArr = new byte[this.keySize / 8];
            resolveSecureRandom.nextBytes(bArr);
            return bArr;
        } catch (Exception e) {
            throw new WSSecurityException("Error in creating the ephemeral key", e);
        }
    }

    protected Element createEncryptedKey(Document document, String str) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptedKey");
        WSSecurityUtil.setNamespace(createElementNS, "http://www.w3.org/2001/04/xmlenc#", "xenc");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptionMethod");
        createElementNS2.setAttributeNS(null, "Algorithm", str);
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    protected Element createEnrcyptedKey(Document document, String str) {
        return createEncryptedKey(document, str);
    }

    protected Element createCipherValue(Document document, Element element) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherData");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherValue");
        createElementNS.appendChild(createElementNS2);
        element.appendChild(createElementNS);
        return createElementNS2;
    }

    public void prependToHeader(WSSecHeader wSSecHeader) {
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.encryptedKeyElement);
    }

    public void appendToHeader(WSSecHeader wSSecHeader) {
        wSSecHeader.getSecurityHeader().appendChild(this.encryptedKeyElement);
    }

    public void prependBSTElementToHeader(WSSecHeader wSSecHeader) {
        if (this.bstToken != null) {
            WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.bstToken.getElement());
        }
        this.bstToken = null;
    }

    public void appendBSTElementToHeader(WSSecHeader wSSecHeader) {
        if (this.bstToken != null) {
            wSSecHeader.getSecurityHeader().appendChild(this.bstToken.getElement());
        }
        this.bstToken = null;
    }

    public byte[] getEphemeralKey() {
        return this.ephemeralKey;
    }

    public void setUseThisCert(X509Certificate x509Certificate) {
        this.useThisCert = x509Certificate;
    }

    public Element getEncryptedKeyElement() {
        return this.encryptedKeyElement;
    }

    public void setEncryptedKeyElement(Element element) {
        this.encryptedKeyElement = element;
    }

    public Element getBinarySecurityTokenElement() {
        if (this.bstToken != null) {
            return this.bstToken.getElement();
        }
        return null;
    }

    public void setKeySize(int i) throws WSSecurityException {
        if (i < 64) {
            throw new WSSecurityException("invalidKeySize");
        }
        this.keySize = i;
    }

    public void setKeyEncAlgo(String str) {
        this.keyEncAlgo = str;
    }

    public void setEphemeralKey(byte[] bArr) {
        this.ephemeralKey = bArr;
    }

    public String getBSTTokenId() {
        if (this.bstToken == null) {
            return null;
        }
        return this.bstToken.getID();
    }

    public void setDocument(Document document) {
        this.document = document;
    }

    public void setEncKeyId(String str) {
        this.encKeyId = str;
    }

    public boolean isCertSet() {
        return this.useThisCert == null;
    }

    public byte[] getEncryptedEphemeralKey() {
        return this.encryptedEphemeralKey;
    }

    public void setCustomEKTokenValueType(String str) {
        this.customEKTokenValueType = str;
    }

    public void setCustomEKTokenId(String str) {
        this.customEKTokenId = str;
    }
}
