package org.apache.xml.security.keys.provider;

import java.security.DigestException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.crypto.spec.SecretKeySpec;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.ElementProxy;
import org.apache.xml.security.utils.EncryptionConstants;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/xml/security/keys/provider/KeyElement.class */
public class KeyElement extends KeyBaseType {
    public static final byte[] salt = {-55, 54, 120, -103, 82, 62, -22, -14};

    private void wrap(byte[] bArr) {
    }

    private void wrap(Key key, char[] cArr) {
        try {
            this._constructionElement.appendChild(new EncryptedKey(this._doc, EncryptionConstants.ALGO_ID_KEYWRAP_AES256, null, null, key, createWrapKey(EncryptionConstants.ALGO_ID_KEYWRAP_AES256, cArr), null, null, null, null, null, null).getElement());
            XMLUtils.addReturnToElement(this._constructionElement);
        } catch (XMLSecurityException e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public Key unwrap(char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        try {
            return new EncryptedKey(getChildElementLocalName(0, EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDKEY), this._baseURI).unwrap(createWrapKey(EncryptionConstants.ALGO_ID_KEYWRAP_AES256, cArr), EncryptionConstants.ALGO_ID_KEYWRAP_AES128);
        } catch (XMLSecurityException e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    @Override // org.apache.xml.security.utils.ElementProxy
    public String getBaseLocalName() {
        return ApacheKeyStoreConstants._TAG_KEY;
    }

    public void setCertificateChain(Certificate[] certificateArr) throws XMLSecurityException {
        if (this._state != 0 || certificateArr == null || certificateArr.length <= 0) {
            return;
        }
        Element createElementForFamily = ElementProxy.createElementForFamily(this._doc, getBaseNamespace(), ApacheKeyStoreConstants._TAG_CERTIFICATE_CHAIN);
        XMLUtils.addReturnToElement(createElementForFamily);
        for (int i = 0; i < certificateArr.length; i++) {
            Certificate certificate = certificateArr[i];
            if (certificate != null) {
                if (!certificate.getType().equals(XMLX509Certificate.JCA_CERT_ID)) {
                    throw new IllegalArgumentException(new StringBuffer().append("The certificate ").append(i).append(" is of type ").append(certificate.getType()).append(", but I can only handle X.509 certificates").toString());
                }
                X509Data x509Data = new X509Data(this._doc);
                x509Data.add(new XMLX509Certificate(this._doc, (X509Certificate) certificate));
                createElementForFamily.appendChild(x509Data.getElement());
                XMLUtils.addReturnToElement(createElementForFamily);
            }
        }
        this._constructionElement.appendChild(createElementForFamily);
    }

    public Certificate[] getCertificateChain(String str) {
        try {
            NodeList elementsByTagNameNS = this._constructionElement.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_X509CERTIFICATE);
            Certificate[] certificateArr = new Certificate[elementsByTagNameNS.getLength()];
            for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                certificateArr[i] = new XMLX509Certificate((Element) elementsByTagNameNS.item(i), this._baseURI).getX509Certificate();
            }
            return certificateArr;
        } catch (XMLSecurityException e) {
            return new Certificate[0];
        }
    }

    public static byte[] PKCS12PasswordToBytes(char[] cArr) {
        byte[] bArr = new byte[(cArr.length + 1) * 2];
        for (int i = 0; i != cArr.length; i++) {
            bArr[i * 2] = (byte) (cArr[i] >>> '\b');
            bArr[(i * 2) + 1] = (byte) cArr[i];
        }
        return bArr;
    }

    private static Key createWrapKey(String str, char[] cArr) throws XMLSecurityException {
        int keyLengthFromURI = JCEMapper.getKeyLengthFromURI(str) / 8;
        String jCEKeyAlgorithmFromURI = JCEMapper.getJCEKeyAlgorithmFromURI(str, "BC");
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1", "BC");
            messageDigest.update(PKCS12PasswordToBytes(cArr));
            byte[] bArr = new byte[keyLengthFromURI];
            messageDigest.digest(bArr, 0, bArr.length);
            return new SecretKeySpec(bArr, jCEKeyAlgorithmFromURI);
        } catch (DigestException | NoSuchAlgorithmException | NoSuchProviderException e) {
            return null;
        }
    }

    public KeyElement(Document document, String str, Key key, char[] cArr, Certificate[] certificateArr) throws XMLSecurityException {
        super(document, str);
        wrap(key, cArr);
        setCertificateChain(certificateArr);
    }

    public KeyElement(Document document, String str, byte[] bArr, Certificate[] certificateArr) throws XMLSecurityException {
        super(document, str);
        wrap(bArr);
        setCertificateChain(certificateArr);
    }

    public KeyElement(Element element, String str) throws XMLSecurityException {
        super(element, str);
    }
}
