package org.jboss.ws.extensions.security.element;

import java.security.Key;
import java.security.PrivateKey;
import java.util.HashMap;
import java.util.ResourceBundle;
import javax.crypto.SecretKey;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.jboss.ws.api.util.BundleUtils;
import org.jboss.ws.extensions.security.Constants;
import org.jboss.ws.extensions.security.KeyResolver;
import org.jboss.ws.extensions.security.Util;
import org.jboss.ws.extensions.security.exception.InvalidSecurityHeaderException;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/jboss/ws/extensions/security/element/EncryptedKey.class */
public class EncryptedKey implements SecurityProcess {
    private Document document;
    private SecretKey secretKey;
    private X509Token token;
    private ReferenceList list;
    private String wrapAlgorithm;
    private Element cachedElement;
    private String tokenRefType;
    private static final String DEFAULT_ALGORITHM = "rsa_15";
    private static final ResourceBundle bundle = BundleUtils.getBundle(EncryptedKey.class);
    private static HashMap<String, String> keyWrapAlgorithms = new HashMap<>(2);

    public EncryptedKey(Document document, SecretKey secretKey, X509Token x509Token, String str, String str2) {
        this(document, secretKey, x509Token, new ReferenceList(), str, str2);
    }

    public EncryptedKey(Document document, SecretKey secretKey, X509Token x509Token, ReferenceList referenceList, String str, String str2) {
        this.document = document;
        this.secretKey = secretKey;
        this.token = x509Token;
        this.list = referenceList;
        this.wrapAlgorithm = keyWrapAlgorithms.get(str);
        if (this.wrapAlgorithm == null) {
            this.wrapAlgorithm = keyWrapAlgorithms.get(DEFAULT_ALGORITHM);
        }
        this.tokenRefType = str2;
    }

    public EncryptedKey(Element element, KeyResolver keyResolver) throws WSSecurityException {
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance();
            xMLCipher.init(2, (Key) null);
            org.apache.xml.security.encryption.EncryptedKey loadEncryptedKey = xMLCipher.loadEncryptedKey(element);
            KeyInfo keyInfo = loadEncryptedKey.getKeyInfo();
            if (keyInfo == null) {
                throw new WSSecurityException(BundleUtils.getMessage(bundle, "NOT_CONTAIN_KEYINFO", new Object[0]));
            }
            PrivateKey resolvePrivateKey = keyResolver.resolvePrivateKey(keyInfo);
            Element findElement = Util.findElement(element, Constants.XENC_REFERENCELIST, Constants.XML_ENCRYPTION_NS);
            if (findElement == null) {
                throw new WSSecurityException(BundleUtils.getMessage(bundle, "NOT_CONTAIN_A_REFERENCE_LIST", new Object[0]));
            }
            this.list = new ReferenceList(findElement);
            String keyAlgorithm = getKeyAlgorithm(element);
            if (keyAlgorithm == null) {
                throw new WSSecurityException(BundleUtils.getMessage(bundle, "COULD_NOT_DETERMINE_ALGORITHM", new Object[0]));
            }
            try {
                xMLCipher.init(4, resolvePrivateKey);
                this.secretKey = (SecretKey) xMLCipher.decryptKey(loadEncryptedKey, keyAlgorithm);
                this.document = element.getOwnerDocument();
                this.token = new X509Token(keyResolver.resolveCertificate(keyInfo), this.document);
            } catch (XMLSecurityException e) {
                throw new WSSecurityException(BundleUtils.getMessage(bundle, "COULD_NOT_PARSE_ENCRYPTED_KEY", new Object[]{e.getMessage()}), e);
            }
        } catch (XMLSecurityException e2) {
            throw new WSSecurityException(BundleUtils.getMessage(bundle, "COULD_NOT_PARSE_ENCRYPTED_KEY", new Object[]{e2.getMessage()}), e2);
        }
    }

    private String getKeyAlgorithm(Element element) throws WSSecurityException {
        Element findElementByWsuId;
        String next = this.list.getAllReferences().iterator().next();
        if (next == null || (findElementByWsuId = Util.findElementByWsuId(element.getOwnerDocument().getDocumentElement(), next)) == null) {
            return null;
        }
        return getEncryptionAlgorithm(findElementByWsuId);
    }

    private String getEncryptionAlgorithm(Element element) throws WSSecurityException {
        Element findElement = Util.findElement(element, "EncryptionMethod", Constants.XML_ENCRYPTION_NS);
        if (findElement == null) {
            throw new InvalidSecurityHeaderException(BundleUtils.getMessage(bundle, "NO_ENCRYPTION_METHOD", new Object[0]));
        }
        String attribute = findElement.getAttribute("Algorithm");
        if (attribute == null || attribute.length() == 0) {
            throw new InvalidSecurityHeaderException(BundleUtils.getMessage(bundle, "NO_ALGORITHM_SPECIFIED", new Object[0]));
        }
        return attribute;
    }

    @Override // org.jboss.ws.extensions.security.element.SecurityElement
    public Element getElement() throws WSSecurityException {
        if (this.cachedElement != null) {
            return this.cachedElement;
        }
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(this.wrapAlgorithm);
            xMLCipher.init(3, this.token.getCert().getPublicKey());
            org.apache.xml.security.encryption.EncryptedKey encryptKey = xMLCipher.encryptKey(this.document, this.secretKey);
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(Reference.getReference(this.tokenRefType, this.document, this.token));
            KeyInfo keyInfo = new KeyInfo(this.document);
            keyInfo.addUnknownElement(securityTokenReference.getElement());
            encryptKey.setKeyInfo(keyInfo);
            encryptKey.setReferenceList(xMLCipher.createReferenceList(1));
            this.list.populateRealReferenceList(encryptKey.getReferenceList());
            this.cachedElement = xMLCipher.martial(encryptKey);
            return this.cachedElement;
        } catch (XMLSecurityException e) {
            throw new WSSecurityException(BundleUtils.getMessage(bundle, "ERROR_ENCRYPTING_KEY", new Object[]{e.getMessage()}), e);
        }
    }

    public void addReference(String str) {
        this.list.add(str);
    }

    public SecretKey getSecretKey() {
        return this.secretKey;
    }

    public ReferenceList getReferenceList() {
        return this.list;
    }

    static {
        keyWrapAlgorithms.put(DEFAULT_ALGORITHM, "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        keyWrapAlgorithms.put("rsa_oaep", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
    }
}
