package org.apache.ws.sandbox.security.trust.message.token;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.sandbox.security.trust.TrustConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSEncryptBody;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;

/* loaded from: input_file:WEB-INF/lib/wss4j-1.5.0.jar:org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.class */
public class RequestedProofToken {
    private static Log log;
    public static final QName TOKEN;
    private Element element;
    private byte[] sharedSecret;
    static Class class$org$apache$ws$sandbox$security$trust$message$token$RequestedProofToken;

    public RequestedProofToken(Document document) throws WSSecurityException {
        this.element = document.createElementNS(TrustConstants.WST_NS, new StringBuffer().append(org.apache.ws.sandbox.security.trust2.TrustConstants.WST_PREFIX).append(TOKEN.getLocalPart()).toString());
        WSSecurityUtil.setNamespace(this.element, TOKEN.getNamespaceURI(), TrustConstants.WST_PREFIX);
        this.element.appendChild(document.createTextNode(""));
        log.debug("RequestedProofToken : Document constructor, Element created.");
    }

    public RequestedProofToken(Element element) throws WSSecurityException {
        this.element = element;
        QName qName = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
        if (!qName.equals(TOKEN)) {
            throw new WSSecurityException(4, "badTokenType00", new Object[]{qName});
        }
        log.debug("RequestedProofToken :: Element constructor, Element created.");
    }

    public void doDecryption(String str, Crypto crypto) throws WSSecurityException {
        new WSSecurityEngine();
        NodeList elementsByTagNameNS = this.element.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey");
        if (elementsByTagNameNS.getLength() < 1) {
            throw new WSSecurityException(7, "RequestedProofToken is empty");
        }
        if (str == null) {
            log.debug("RequestedProofToken :: CallbackHandler is null");
            throw new WSSecurityException(0, "CallbackHandler is null");
        }
        try {
            try {
                CallbackHandler callbackHandler = (CallbackHandler) Loader.loadClass(str).newInstance();
                EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
                encryptedKeyProcessor.handleEncryptedKey((Element) elementsByTagNameNS.item(0), callbackHandler, crypto);
                this.sharedSecret = encryptedKeyProcessor.getDecryptedBytes();
                log.debug(new StringBuffer().append(" RequestedProofToken, decryption ,Shared secret is :: ").append(new String(this.sharedSecret)).toString());
                log.debug("RequestedProofToken :: Encryption done");
            } catch (Exception e) {
                throw new WSSecurityException(8, new StringBuffer().append("RequestedProofToken: cannot create instance of password callback: ").append(str).append(":: ErrMsg ").append(e.getMessage()).toString());
            }
        } catch (ClassNotFoundException e2) {
            throw new WSSecurityException(8, new StringBuffer().append("RequestedProofToken: cannot load password callback class: ").append(str).toString());
        }
    }

    public void doEncryptProof(Document document, Crypto crypto, String str) throws WSSecurityException {
        WSEncryptBody wSEncryptBody = new WSEncryptBody();
        try {
            wSEncryptBody.setUserInfo(str);
            wSEncryptBody.setKeyIdentifierType(1);
            wSEncryptBody.setParentNode(this.element);
            if (this.sharedSecret != null) {
            }
            wSEncryptBody.build(document, crypto);
            this.sharedSecret = wSEncryptBody.getEncryptionKey().getEncoded();
        } catch (WSSecurityException e) {
            e.printStackTrace();
        }
        log.debug("RequestedProofToken :: Decryption Done");
    }

    public Element getElement() {
        return this.element;
    }

    public void setElement(Element element) {
        this.element = element;
    }

    public String toString() {
        return DOM2Writer.nodeToString(this.element);
    }

    public void addToken(Element element) {
        this.element.appendChild(element);
    }

    public void removeToken(Element element) {
        this.element.removeChild(element);
    }

    public byte[] getSharedSecret() {
        return this.sharedSecret;
    }

    public void setSharedSecret(byte[] bArr) {
        this.sharedSecret = bArr;
    }

    public Document build(Document document, Crypto crypto, String str, Element element) throws WSSecurityException {
        boolean isDebugEnabled = log.isDebugEnabled();
        if (isDebugEnabled) {
            log.debug("Beginning Encryption...");
        }
        Element documentElement = document.getDocumentElement();
        documentElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#");
        WSSecurityUtil.getSOAPConstants(documentElement);
        KeyGenerator keyGenerator = null;
        try {
            keyGenerator = KeyGenerator.getInstance("DESede");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        SecretKey generateKey = keyGenerator.generateKey();
        try {
            XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
            X509Certificate[] certificates = crypto.getCertificates(str);
            if (certificates == null || certificates.length <= 0) {
                throw new WSSecurityException(0, "invalidX509Data", new Object[]{"for Encryption"});
            }
            X509Certificate x509Certificate = certificates[0];
            String stringBuffer = new StringBuffer().append("EncCertId-").append(x509Certificate.hashCode()).toString();
            Cipher cipher = null;
            try {
                cipher.init(1, x509Certificate);
                byte[] encoded = generateKey.getEncoded();
                if (isDebugEnabled) {
                    log.debug(new StringBuffer().append("cipher blksize: ").append(cipher.getBlockSize()).append(", symm key length: ").append(encoded.length).toString());
                }
                if (cipher.getBlockSize() < encoded.length) {
                    throw new WSSecurityException(0, "unsupportedKeyTransp", new Object[]{"public key algorithm too weak to encrypt symmetric key"});
                }
                try {
                    Text createBase64EncodedTextNode = WSSecurityUtil.createBase64EncodedTextNode(document, cipher.doFinal(encoded));
                    Element createEnrcyptedKey = WSEncryptBody.createEnrcyptedKey(document, "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
                    WSSecurityUtil.prependChildElement(document, element, createEnrcyptedKey, true);
                    SecurityTokenReference securityTokenReference = null;
                    switch (2) {
                        case 1:
                            X509Security x509Security = new X509Security(document);
                            x509Security.setX509Certificate(x509Certificate);
                            x509Security.setID(stringBuffer);
                            Reference reference = new Reference(document);
                            reference.setURI(new StringBuffer().append("#").append(stringBuffer).toString());
                            reference.setValueType(x509Security.getValueType());
                            securityTokenReference.setReference(reference);
                            break;
                        case 2:
                            XMLX509IssuerSerial xMLX509IssuerSerial = new XMLX509IssuerSerial(document, x509Certificate);
                            X509Data x509Data = new X509Data(document);
                            x509Data.add(xMLX509IssuerSerial);
                            securityTokenReference.setX509IssuerSerial(x509Data);
                            WSSecurityUtil.setNamespace(securityTokenReference.getElement(), WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
                            break;
                        case 3:
                            securityTokenReference.setKeyIdentifier(x509Certificate);
                            break;
                        case 4:
                            securityTokenReference.setKeyIdentifierSKI(x509Certificate, crypto);
                            break;
                        default:
                            throw new WSSecurityException(0, "unsupportedKeyId");
                    }
                    KeyInfo keyInfo = new KeyInfo(document);
                    keyInfo.addUnknownElement(securityTokenReference.getElement());
                    WSSecurityUtil.appendChildElement(document, createEnrcyptedKey, keyInfo.getElement());
                    WSEncryptBody.createCipherValue(document, createEnrcyptedKey).appendChild(createBase64EncodedTextNode);
                    log.debug("Encryption complete.");
                    return document;
                } catch (IllegalStateException e2) {
                    throw new WSSecurityException(8, null, null, e2);
                } catch (BadPaddingException e3) {
                    throw new WSSecurityException(8, null, null, e3);
                } catch (IllegalBlockSizeException e4) {
                    throw new WSSecurityException(8, null, null, e4);
                }
            } catch (InvalidKeyException e5) {
                throw new WSSecurityException(8, null, null, e5);
            }
        } catch (XMLEncryptionException e6) {
            throw new WSSecurityException(2, null, null, e6);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$sandbox$security$trust$message$token$RequestedProofToken == null) {
            cls = class$("org.apache.ws.sandbox.security.trust.message.token.RequestedProofToken");
            class$org$apache$ws$sandbox$security$trust$message$token$RequestedProofToken = cls;
        } else {
            cls = class$org$apache$ws$sandbox$security$trust$message$token$RequestedProofToken;
        }
        log = LogFactory.getLog(cls.getName());
        TOKEN = new QName(TrustConstants.WST_NS, "RequestedProofToken");
    }
}
