package org.apache.ws.security.message;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Vector;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;

/* loaded from: input_file:org/apache/ws/security/message/WSEncryptBody.class */
public class WSEncryptBody extends WSBaseMessage {
    private static Log log;
    private static Log tlog;
    protected String symEncAlgo;
    protected String keyEncAlgo;
    protected String encCanonAlgo;
    protected byte[] embeddedKey;
    protected String embeddedKeyName;
    protected X509Certificate useThisCert;
    protected SecretKey symmetricKey;
    protected Element parentNode;
    static Class class$org$apache$ws$security$message$WSEncryptBody;

    public WSEncryptBody() {
        this.symEncAlgo = WSConstants.TRIPLE_DES;
        this.keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
        this.encCanonAlgo = null;
        this.embeddedKey = null;
        this.embeddedKeyName = null;
        this.useThisCert = null;
        this.symmetricKey = null;
        this.parentNode = null;
    }

    public WSEncryptBody(String str) {
        super(str);
        this.symEncAlgo = WSConstants.TRIPLE_DES;
        this.keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
        this.encCanonAlgo = null;
        this.embeddedKey = null;
        this.embeddedKeyName = null;
        this.useThisCert = null;
        this.symmetricKey = null;
        this.parentNode = null;
    }

    public WSEncryptBody(String str, boolean z) {
        super(str, z);
        this.symEncAlgo = WSConstants.TRIPLE_DES;
        this.keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
        this.encCanonAlgo = null;
        this.embeddedKey = null;
        this.embeddedKeyName = null;
        this.useThisCert = null;
        this.symmetricKey = null;
        this.parentNode = null;
    }

    public void setKey(byte[] bArr) {
        this.embeddedKey = bArr;
    }

    public void setKeyEnc(String str) {
        this.keyEncAlgo = str;
    }

    public void setUserInfo(String str) {
        this.user = str;
    }

    public void setEmbeddedKeyName(String str) {
        this.embeddedKeyName = str;
    }

    public void setUseThisCert(X509Certificate x509Certificate) {
        this.useThisCert = x509Certificate;
    }

    public void setSymmetricEncAlgorithm(String str) {
        this.symEncAlgo = str;
    }

    public void setEncCanonicalization(String str) {
        this.encCanonAlgo = str;
    }

    public String getSymmetricEncAlgorithm() {
        return this.symEncAlgo;
    }

    public Document build(Document document, Crypto crypto) throws WSSecurityException {
        X509Certificate x509Certificate;
        this.doDebug = log.isDebugEnabled();
        if (this.keyIdentifierType == 5) {
            return buildEmbedded(document, crypto);
        }
        long j = 0;
        long currentTimeMillis = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        if (this.doDebug) {
            log.debug("Beginning Encryption...");
        }
        Element documentElement = document.getDocumentElement();
        documentElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:xenc", WSConstants.ENC_NS);
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(documentElement);
        SecretKey generateKey = getKeyGenerator().generateKey();
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(this.symEncAlgo);
            if (this.parts == null) {
                this.parts = new Vector();
                this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
            }
            Vector vector = new Vector();
            for (int i = 0; i < this.parts.size(); i++) {
                WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) this.parts.get(i);
                String name = wSEncryptionPart.getName();
                String namespace = wSEncryptionPart.getNamespace();
                String encModifier = wSEncryptionPart.getEncModifier();
                Element element = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                if (element == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{namespace, name});
                }
                boolean z = encModifier.equals("Content");
                String stringBuffer = new StringBuffer().append("EncDataId-").append(element.hashCode()).toString();
                try {
                    xMLCipher.init(1, generateKey);
                    xMLCipher.getEncryptedData().setId(stringBuffer);
                    xMLCipher.doFinal(document, element, z);
                    if (tlog.isDebugEnabled()) {
                        j = System.currentTimeMillis();
                    }
                    vector.add(new String(new StringBuffer().append("#").append(stringBuffer).toString()));
                } catch (Exception e) {
                    throw new WSSecurityException(8, null, null, e);
                }
            }
            if (this.useThisCert != null) {
                x509Certificate = this.useThisCert;
            } else {
                X509Certificate[] certificates = crypto.getCertificates(this.user);
                if (certificates == null || certificates.length <= 0) {
                    throw new WSSecurityException(0, "invalidX509Data", new Object[]{"for Encryption"});
                }
                x509Certificate = certificates[0];
            }
            String stringBuffer2 = new StringBuffer().append("EncCertId-").append(x509Certificate.hashCode()).toString();
            long currentTimeMillis2 = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
            Cipher cipherInstance = WSSecurityUtil.getCipherInstance(this.keyEncAlgo);
            try {
                cipherInstance.init(1, x509Certificate);
                byte[] encoded = generateKey.getEncoded();
                if (this.doDebug) {
                    log.debug(new StringBuffer().append("cipher blksize: ").append(cipherInstance.getBlockSize()).append(", symm key length: ").append(encoded.length).toString());
                }
                if (cipherInstance.getBlockSize() < encoded.length) {
                    throw new WSSecurityException(0, "unsupportedKeyTransp", new Object[]{"public key algorithm too weak to encrypt symmetric key"});
                }
                try {
                    Text createBase64EncodedTextNode = WSSecurityUtil.createBase64EncodedTextNode(document, cipherInstance.doFinal(encoded));
                    Element insertSecurityHeader = insertSecurityHeader(document);
                    Element createEnrcyptedKey = createEnrcyptedKey(document, this.keyEncAlgo);
                    if (this.parentNode == null) {
                        WSSecurityUtil.prependChildElement(document, insertSecurityHeader, createEnrcyptedKey, true);
                    } else {
                        WSSecurityUtil.prependChildElement(document, this.parentNode, createEnrcyptedKey, true);
                    }
                    SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
                    switch (this.keyIdentifierType) {
                        case 1:
                            Reference reference = new Reference(document);
                            reference.setURI(new StringBuffer().append("#").append(stringBuffer2).toString());
                            securityTokenReference.setReference(reference);
                            X509Security x509Security = new X509Security(document);
                            x509Security.setX509Certificate(x509Certificate);
                            x509Security.setID(stringBuffer2);
                            WSSecurityUtil.prependChildElement(document, insertSecurityHeader, x509Security.getElement(), false);
                            break;
                        case 2:
                            securityTokenReference.setX509IssuerSerial(new XMLX509IssuerSerial(document, x509Certificate));
                            break;
                        case 3:
                            securityTokenReference.setKeyIdentifier(x509Certificate);
                            break;
                        case 4:
                            securityTokenReference.setKeyIdentifierSKI(x509Certificate, crypto);
                            break;
                        default:
                            throw new WSSecurityException(0, "unsupportedKeyId");
                    }
                    KeyInfo keyInfo = new KeyInfo(document);
                    keyInfo.addUnknownElement(securityTokenReference.getElement());
                    WSSecurityUtil.appendChildElement(document, createEnrcyptedKey, keyInfo.getElement());
                    createCipherValue(document, createEnrcyptedKey).appendChild(createBase64EncodedTextNode);
                    createDataRefList(document, createEnrcyptedKey, vector);
                    log.debug("Encryption complete.");
                    if (tlog.isDebugEnabled()) {
                        tlog.debug(new StringBuffer().append("EncryptBody: symm-enc= ").append(j - currentTimeMillis).append(", cert= ").append(currentTimeMillis2 - j).append(", key-encrypt= ").append(System.currentTimeMillis() - currentTimeMillis2).toString());
                    }
                    return document;
                } catch (IllegalStateException e2) {
                    throw new WSSecurityException(8, null, null, e2);
                } catch (BadPaddingException e3) {
                    throw new WSSecurityException(8, null, null, e3);
                } catch (IllegalBlockSizeException e4) {
                    throw new WSSecurityException(8, null, null, e4);
                }
            } catch (InvalidKeyException e5) {
                throw new WSSecurityException(8, null, null, e5);
            }
        } catch (XMLEncryptionException e6) {
            throw new WSSecurityException(2, null, null, e6);
        }
    }

    private Document buildEmbedded(Document document, Crypto crypto) throws WSSecurityException {
        this.doDebug = log.isDebugEnabled();
        long j = 0;
        long currentTimeMillis = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        if (this.doDebug) {
            log.debug("Beginning Encryption embedded...");
        }
        if (this.embeddedKey == null) {
            throw new WSSecurityException(0, "noKeySupplied");
        }
        Element documentElement = document.getDocumentElement();
        documentElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:xenc", WSConstants.ENC_NS);
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(documentElement);
        this.symmetricKey = WSSecurityUtil.prepareSecretKey(this.symEncAlgo, this.embeddedKey);
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(this.symEncAlgo);
            if (this.parts == null) {
                this.parts = new Vector();
                this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
            }
            Vector vector = new Vector();
            for (int i = 0; i < this.parts.size(); i++) {
                WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) this.parts.get(i);
                String name = wSEncryptionPart.getName();
                String namespace = wSEncryptionPart.getNamespace();
                String encModifier = wSEncryptionPart.getEncModifier();
                Element element = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                if (element == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{namespace, name});
                }
                boolean z = encModifier.equals("Content");
                String stringBuffer = new StringBuffer().append("EncDataId-").append(element.hashCode()).toString();
                KeyInfo keyInfo = new KeyInfo(document);
                keyInfo.addKeyName(this.embeddedKeyName == null ? this.user : this.embeddedKeyName);
                try {
                    xMLCipher.init(1, this.symmetricKey);
                    EncryptedData encryptedData = xMLCipher.getEncryptedData();
                    encryptedData.setId(stringBuffer);
                    encryptedData.setKeyInfo(keyInfo);
                    xMLCipher.doFinal(document, element, z);
                    if (tlog.isDebugEnabled()) {
                        j = System.currentTimeMillis();
                    }
                    vector.add(new String(new StringBuffer().append("#").append(stringBuffer).toString()));
                } catch (Exception e) {
                    throw new WSSecurityException(8, null, null, e);
                }
            }
            WSSecurityUtil.prependChildElement(document, insertSecurityHeader(document), createDataRefList(document, document.createElement("temp"), vector), true);
            if (tlog.isDebugEnabled()) {
                tlog.debug(new StringBuffer().append("EncryptBody embedded: symm-enc= ").append(j - currentTimeMillis).toString());
            }
            return document;
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(2, null, null, e2);
        }
    }

    private KeyGenerator getKeyGenerator() throws WSSecurityException {
        KeyGenerator keyGenerator;
        try {
            if (this.symEncAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
                keyGenerator = KeyGenerator.getInstance("DESede");
            } else if (this.symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
                keyGenerator = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.2");
            } else if (this.symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
                keyGenerator = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.22");
            } else {
                if (!this.symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
                    return null;
                }
                keyGenerator = KeyGenerator.getInstance("2.16.840.1.101.3.4.1.42");
            }
            return keyGenerator;
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(2, null, null, e);
        }
    }

    public static Element createEnrcyptedKey(Document document, String str) {
        Element createElementNS = document.createElementNS(WSConstants.ENC_NS, "xenc:EncryptedKey");
        WSSecurityUtil.setNamespace(createElementNS, WSConstants.ENC_NS, WSConstants.ENC_PREFIX);
        Element createElementNS2 = document.createElementNS(WSConstants.ENC_NS, "xenc:EncryptionMethod");
        createElementNS2.setAttributeNS(null, "Algorithm", str);
        WSSecurityUtil.appendChildElement(document, createElementNS, createElementNS2);
        return createElementNS;
    }

    public static Element createCipherValue(Document document, Element element) {
        Element createElementNS = document.createElementNS(WSConstants.ENC_NS, "xenc:CipherData");
        Element createElementNS2 = document.createElementNS(WSConstants.ENC_NS, "xenc:CipherValue");
        createElementNS.appendChild(createElementNS2);
        WSSecurityUtil.appendChildElement(document, element, createElementNS);
        return createElementNS2;
    }

    public static Element createDataRefList(Document document, Element element, Vector vector) {
        Element createElementNS = document.createElementNS(WSConstants.ENC_NS, "xenc:ReferenceList");
        for (int i = 0; i < vector.size(); i++) {
            String str = (String) vector.get(i);
            Element createElementNS2 = document.createElementNS(WSConstants.ENC_NS, "xenc:DataReference");
            createElementNS2.setAttributeNS(null, "URI", str);
            createElementNS.appendChild(createElementNS2);
        }
        WSSecurityUtil.appendChildElement(document, element, createElementNS);
        return createElementNS;
    }

    public void setParentNode(Element element) {
        this.parentNode = element;
    }

    public SecretKey getSymmetricKey() {
        return this.symmetricKey;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$message$WSEncryptBody == null) {
            cls = class$("org.apache.ws.security.message.WSEncryptBody");
            class$org$apache$ws$security$message$WSEncryptBody = cls;
        } else {
            cls = class$org$apache$ws$security$message$WSEncryptBody;
        }
        log = LogFactory.getLog(cls.getName());
        tlog = LogFactory.getLog("org.apache.ws.security.TIME");
    }
}
