package org.apache.camel.dataformat.xmlsecurity;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Field;
import java.net.URL;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.transform.dom.DOMSource;
import org.apache.camel.CamelContext;
import org.apache.camel.CamelContextAware;
import org.apache.camel.Exchange;
import org.apache.camel.builder.xml.DefaultNamespaceContext;
import org.apache.camel.builder.xml.XPathBuilder;
import org.apache.camel.spi.DataFormat;
import org.apache.camel.util.IOHelper;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.xml.security.Init;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.utils.XMLUtils;
import org.jruby.ext.openssl.CipherStrings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-013.zip:modules/system/layers/fuse/org/apache/camel/component/xmlsecurity/main/camel-xmlsecurity-2.15.1.redhat-621013.jar:org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.class */
public class XMLSecurityDataFormat implements DataFormat, CamelContextAware {

    @Deprecated
    public static final String XML_ENC_RECIPIENT_ALIAS = "CamelXmlEncryptionRecipientAlias";

    @Deprecated
    public static final String XML_ENC_TRUST_STORE_URL = "CamelXmlEncryptionTrustStoreUrl";

    @Deprecated
    public static final String XML_ENC_TRUST_STORE_PASSWORD = "CamelXmlEncryptionTrustStorePassword";

    @Deprecated
    public static final String XML_ENC_KEY_STORE_URL = "CamelXmlEncryptionKeyStoreUrl";

    @Deprecated
    public static final String XML_ENC_KEY_STORE_PASSWORD = "CamelXmlEncryptionKeyStorePassword";

    @Deprecated
    public static final String XML_ENC_KEY_STORE_ALIAS = "CamelXmlEncryptionKeyAlias";
    private static final Logger LOG = LoggerFactory.getLogger(XMLSecurityDataFormat.class);
    private static final String DEFAULT_KEY = "Just another 24 Byte key";
    private String xmlCipherAlgorithm;
    private String keyCipherAlgorithm;
    private String digestAlgorithm;
    private String mgfAlgorithm;
    private byte[] passPhrase;
    private String secureTag;
    private boolean secureTagContents;
    private KeyStore keyStore;
    private KeyStore trustStore;
    private String keyStorePassword;
    private String trustStorePassword;
    private String recipientKeyAlias;
    private String keyPassword;
    private KeyStoreParameters keyOrTrustStoreParameters;
    private String keyOrTrustStoreParametersId;
    private CamelContext camelContext;
    private DefaultNamespaceContext nsContext;
    private boolean addKeyValueForEncryptedKey;

    public XMLSecurityDataFormat() {
        this.nsContext = new DefaultNamespaceContext();
        this.addKeyValueForEncryptedKey = true;
        this.xmlCipherAlgorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
        this.passPhrase = DEFAULT_KEY.getBytes();
        this.secureTag = "";
        this.secureTagContents = true;
        boolean z = false;
        try {
            z = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: org.apache.camel.dataformat.xmlsecurity.XMLSecurityDataFormat.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Boolean run() {
                    if (System.getProperty("org.apache.xml.security.ignoreLineBreaks") != null) {
                        return true;
                    }
                    System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
                    return false;
                }
            })).booleanValue();
        } catch (Throwable th) {
        }
        Init.init();
        if (z) {
            return;
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() { // from class: org.apache.camel.dataformat.xmlsecurity.XMLSecurityDataFormat.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Boolean run() throws Exception {
                    Field declaredField = XMLUtils.class.getDeclaredField("ignoreLineBreaks");
                    declaredField.setAccessible(true);
                    declaredField.set(null, Boolean.TRUE);
                    return false;
                }
            });
        } catch (Throwable th2) {
        }
    }

    public XMLSecurityDataFormat(String str, boolean z) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
    }

    public XMLSecurityDataFormat(String str, Map<String, String> map, boolean z) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setNamespaces(map);
    }

    public XMLSecurityDataFormat(String str, boolean z, byte[] bArr) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setPassPhrase(bArr);
    }

    public XMLSecurityDataFormat(String str, Map<String, String> map, boolean z, byte[] bArr) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setPassPhrase(bArr);
        setNamespaces(map);
    }

    public XMLSecurityDataFormat(String str, boolean z, byte[] bArr, String str2) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setPassPhrase(bArr);
        setXmlCipherAlgorithm(str2);
    }

    @Deprecated
    public XMLSecurityDataFormat(String str, boolean z, String str2, String str3) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str2);
        setKeyCipherAlgorithm(str3);
    }

    @Deprecated
    public XMLSecurityDataFormat(String str, boolean z, String str2, String str3, String str4) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
    }

    public XMLSecurityDataFormat(String str, boolean z, String str2, String str3, String str4, String str5) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
        setKeyOrTrustStoreParametersId(str5);
    }

    public XMLSecurityDataFormat(String str, boolean z, String str2, String str3, String str4, String str5, String str6) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
        setKeyOrTrustStoreParametersId(str5);
        setKeyPassword(str6);
    }

    public XMLSecurityDataFormat(String str, Map<String, String> map, boolean z, String str2, String str3, String str4, String str5) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
        setNamespaces(map);
        if (null == str5 || str5.equals("")) {
            return;
        }
        this.keyOrTrustStoreParametersId = str5;
    }

    public XMLSecurityDataFormat(String str, Map<String, String> map, boolean z, String str2, String str3, String str4, String str5, String str6) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
        setNamespaces(map);
        if (null != str5 && !str5.equals("")) {
            this.keyOrTrustStoreParametersId = str5;
        }
        setKeyPassword(str6);
    }

    public XMLSecurityDataFormat(String str, boolean z, String str2, String str3, String str4, KeyStoreParameters keyStoreParameters) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
        setKeyOrTrustStoreParameters(keyStoreParameters);
    }

    public XMLSecurityDataFormat(String str, boolean z, String str2, String str3, String str4, KeyStoreParameters keyStoreParameters, String str5) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
        setKeyOrTrustStoreParameters(keyStoreParameters);
        setKeyPassword(str5);
    }

    public XMLSecurityDataFormat(String str, Map<String, String> map, boolean z, String str2, String str3, String str4, KeyStoreParameters keyStoreParameters) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
        setNamespaces(map);
        setKeyOrTrustStoreParameters(keyStoreParameters);
    }

    public XMLSecurityDataFormat(String str, Map<String, String> map, boolean z, String str2, String str3, String str4, KeyStoreParameters keyStoreParameters, String str5) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
        setNamespaces(map);
        setKeyOrTrustStoreParameters(keyStoreParameters);
        setKeyPassword(str5);
    }

    public XMLSecurityDataFormat(String str, Map<String, String> map, boolean z, String str2, String str3, String str4, KeyStoreParameters keyStoreParameters, String str5, String str6) {
        this();
        setSecureTag(str);
        setSecureTagContents(z);
        setXmlCipherAlgorithm(str3);
        setRecipientKeyAlias(str2);
        setKeyCipherAlgorithm(str4);
        setNamespaces(map);
        setKeyOrTrustStoreParameters(keyStoreParameters);
        setKeyPassword(str5);
        setDigestAlgorithm(str6);
    }

    @Override // org.apache.camel.CamelContextAware
    public void setCamelContext(CamelContext camelContext) {
        this.camelContext = camelContext;
        try {
            setDefaultsFromContext(camelContext);
        } catch (Exception e) {
            throw new IllegalStateException("Could not initialize XMLSecurityDataFormat with camelContext. ", e);
        }
    }

    @Override // org.apache.camel.CamelContextAware
    public CamelContext getCamelContext() {
        return this.camelContext;
    }

    @Deprecated
    private void setDefaultsFromContext(CamelContext camelContext) throws Exception {
        Map<String, String> properties = camelContext.getProperties();
        if (this.recipientKeyAlias == null) {
            this.recipientKeyAlias = camelContext.getProperty(XML_ENC_RECIPIENT_ALIAS);
        }
        if (this.trustStore == null && properties.containsKey(XML_ENC_TRUST_STORE_URL)) {
            this.trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            URL url = new URL(camelContext.getProperty(XML_ENC_TRUST_STORE_URL));
            if (this.trustStorePassword == null) {
                this.trustStorePassword = camelContext.getProperty(XML_ENC_TRUST_STORE_PASSWORD);
            }
            this.trustStore.load(url.openStream(), this.trustStorePassword.toCharArray());
        }
        if (this.keyStore == null && properties.containsKey(XML_ENC_KEY_STORE_URL)) {
            this.keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            URL url2 = new URL(camelContext.getProperty(XML_ENC_KEY_STORE_URL));
            if (this.keyStorePassword == null) {
                this.keyStorePassword = camelContext.getProperty(XML_ENC_KEY_STORE_PASSWORD);
            }
            this.keyStore.load(url2.openStream(), this.keyStorePassword.toCharArray());
        }
        if (camelContext.getProperties().containsKey(XML_ENC_KEY_STORE_ALIAS) && this.recipientKeyAlias == null) {
            this.recipientKeyAlias = camelContext.getProperty(XML_ENC_KEY_STORE_ALIAS);
        }
    }

    @Override // org.apache.camel.spi.DataFormat
    public void marshal(Exchange exchange, Object obj, OutputStream outputStream) throws Exception {
        Document document = (Document) exchange.getContext().getTypeConverter().convertTo(Document.class, exchange, (InputStream) exchange.getContext().getTypeConverter().mandatoryConvertTo(InputStream.class, obj));
        if (null != this.keyCipherAlgorithm && (this.keyCipherAlgorithm.equals("http://www.w3.org/2001/04/xmlenc#rsa-1_5") || this.keyCipherAlgorithm.equals("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p") || this.keyCipherAlgorithm.equals("http://www.w3.org/2009/xmlenc11#rsa-oaep"))) {
            encryptAsymmetric(exchange, document, outputStream);
        } else if (null != this.recipientKeyAlias) {
            encryptAsymmetric(exchange, document, outputStream);
        } else {
            encryptSymmetric(exchange, document, outputStream);
        }
    }

    private void encryptAsymmetric(Exchange exchange, Document document, OutputStream outputStream) throws Exception {
        String recipientKeyAlias = getRecipientKeyAlias(exchange);
        if (null == recipientKeyAlias) {
            throw new IllegalStateException("The  recipient's key alias must be defined for asymmetric key encryption.");
        }
        if (this.trustStore == null && null != this.keyOrTrustStoreParameters) {
            this.trustStore = this.keyOrTrustStoreParameters.createKeyStore();
            this.trustStorePassword = this.keyOrTrustStoreParameters.getPassword();
        }
        if (null == this.trustStore) {
            throw new IllegalStateException("A trust store must be defined for asymmetric key encryption.");
        }
        Key publicKey = getPublicKey(this.trustStore, recipientKeyAlias, this.keyPassword != null ? this.keyPassword : this.trustStorePassword);
        if (null == publicKey) {
            throw new IllegalStateException("No key for the alias [ " + recipientKeyAlias + " ] exists in the configured trust store.");
        }
        Key generateDataEncryptionKey = generateDataEncryptionKey();
        XMLCipher xMLCipher = null != getKeyCipherAlgorithm() ? XMLCipher.getInstance(getKeyCipherAlgorithm(), null, this.digestAlgorithm) : XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", null, this.digestAlgorithm);
        xMLCipher.init(3, publicKey);
        encrypt(exchange, document, outputStream, generateDataEncryptionKey, xMLCipher, publicKey);
    }

    private void encryptSymmetric(Exchange exchange, Document document, OutputStream outputStream) throws Exception {
        Key generateKeyEncryptionKey;
        Key generateDataEncryptionKey;
        if (this.xmlCipherAlgorithm.equals("http://www.w3.org/2001/04/xmlenc#tripledes-cbc")) {
            generateKeyEncryptionKey = generateKeyEncryptionKey("DESede");
            generateDataEncryptionKey = generateDataEncryptionKey();
        } else if (this.xmlCipherAlgorithm.equals("http://www.w3.org/2007/05/xmldsig-more#seed128-cbc")) {
            generateKeyEncryptionKey = generateKeyEncryptionKey("SEED");
            generateDataEncryptionKey = generateDataEncryptionKey();
        } else if (this.xmlCipherAlgorithm.contains("camellia")) {
            generateKeyEncryptionKey = generateKeyEncryptionKey("CAMELLIA");
            generateDataEncryptionKey = generateDataEncryptionKey();
        } else {
            generateKeyEncryptionKey = generateKeyEncryptionKey(CipherStrings.SSL_TXT_AES);
            generateDataEncryptionKey = generateDataEncryptionKey();
        }
        XMLCipher xMLCipher = XMLCipher.getInstance(generateXmlCipherAlgorithmKeyWrap());
        xMLCipher.init(3, generateKeyEncryptionKey);
        encrypt(exchange, document, outputStream, generateDataEncryptionKey, xMLCipher, generateKeyEncryptionKey);
    }

    private Key getPrivateKey(KeyStore keyStore, String str, String str2) throws Exception {
        Key key = keyStore.getKey(str, str2.toCharArray());
        if (key instanceof PrivateKey) {
            return key;
        }
        return null;
    }

    private Key getPublicKey(KeyStore keyStore, String str, String str2) throws Exception {
        Certificate certificate = keyStore.getCertificate(str);
        return certificate != null ? certificate.getPublicKey() : keyStore.getKey(str, str2.toCharArray());
    }

    private void encrypt(Exchange exchange, Document document, OutputStream outputStream, Key key, XMLCipher xMLCipher, Key key2) throws Exception {
        XMLCipher xMLCipher2 = XMLCipher.getInstance(this.xmlCipherAlgorithm);
        xMLCipher2.init(1, key);
        if (this.secureTag.equalsIgnoreCase("")) {
            embedKeyInfoInEncryptedData(document, xMLCipher, xMLCipher2, key, key2);
            document = xMLCipher2.doFinal(document, document.getDocumentElement());
        } else {
            XPathBuilder xPathBuilder = new XPathBuilder(this.secureTag);
            xPathBuilder.setNamespaceContext(getNamespaceContext());
            NodeList nodeList = (NodeList) xPathBuilder.evaluate(exchange, NodeList.class);
            for (int i = 0; i < nodeList.getLength(); i++) {
                Node item = nodeList.item(i);
                document = item.getOwnerDocument();
                embedKeyInfoInEncryptedData(item.getOwnerDocument(), xMLCipher, xMLCipher2, key, key2);
                document.importNode(xMLCipher2.doFinal(item.getOwnerDocument(), (Element) item, getSecureTagContents()).getDocumentElement().cloneNode(true), true);
            }
        }
        try {
            IOHelper.copy((InputStream) exchange.getContext().getTypeConverter().mandatoryConvertTo(InputStream.class, new DOMSource(document)), outputStream);
            outputStream.close();
        } catch (Throwable th) {
            outputStream.close();
            throw th;
        }
    }

    public Object unmarshal(Exchange exchange, Document document) throws Exception {
        return unmarshal(exchange, (InputStream) exchange.getIn().getMandatoryBody(InputStream.class));
    }

    @Override // org.apache.camel.spi.DataFormat
    public Object unmarshal(Exchange exchange, InputStream inputStream) throws Exception {
        Document document = (Document) exchange.getContext().getTypeConverter().convertTo(Document.class, exchange, inputStream);
        if (null != this.keyCipherAlgorithm && (this.keyCipherAlgorithm.equals("http://www.w3.org/2001/04/xmlenc#rsa-1_5") || this.keyCipherAlgorithm.equals("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p") || this.keyCipherAlgorithm.equals("http://www.w3.org/2009/xmlenc11#rsa-oaep"))) {
            return decodeWithAsymmetricKey(exchange, document);
        }
        LOG.debug("No (known) asymmetric keyCipherAlgorithm specified. Attempting to decrypt using a symmetric key");
        return decodeWithSymmetricKey(exchange, document);
    }

    private Object decodeWithSymmetricKey(Exchange exchange, Document document) throws Exception {
        return decode(exchange, document, this.xmlCipherAlgorithm.equals("http://www.w3.org/2001/04/xmlenc#tripledes-cbc") ? generateKeyEncryptionKey("DESede") : generateKeyEncryptionKey(CipherStrings.SSL_TXT_AES));
    }

    private Object decodeWithAsymmetricKey(Exchange exchange, Document document) throws Exception {
        if (this.keyStore == null && null != this.keyOrTrustStoreParameters) {
            this.keyStore = this.keyOrTrustStoreParameters.createKeyStore();
            this.keyStorePassword = this.keyOrTrustStoreParameters.getPassword();
        }
        if (this.keyStore == null) {
            throw new IllegalStateException("A key store must be defined for asymmetric key decryption.");
        }
        return decode(exchange, document, getPrivateKey(this.keyStore, this.recipientKeyAlias, this.keyPassword != null ? this.keyPassword : this.keyStorePassword));
    }

    private Object decode(Exchange exchange, Document document, Key key) throws Exception {
        XMLCipher xMLCipher = XMLCipher.getInstance();
        xMLCipher.setSecureValidation(true);
        xMLCipher.init(2, null);
        xMLCipher.setKEK(key);
        if (this.secureTag.equalsIgnoreCase("")) {
            checkEncryptionAlgorithm(key, document.getDocumentElement());
            document = xMLCipher.doFinal(document, document.getDocumentElement());
        } else {
            XPathBuilder xPathBuilder = new XPathBuilder(this.secureTag);
            xPathBuilder.setNamespaceContext(getNamespaceContext());
            NodeList nodeList = (NodeList) xPathBuilder.evaluate(exchange, NodeList.class);
            for (int i = 0; i < nodeList.getLength(); i++) {
                Node item = nodeList.item(i);
                document = item.getOwnerDocument();
                if (getSecureTagContents()) {
                    checkEncryptionAlgorithm(key, (Element) item);
                    document.importNode(xMLCipher.doFinal(document, (Element) item, true).getDocumentElement().cloneNode(true), true);
                } else {
                    NodeList childNodes = item.getChildNodes();
                    for (int i2 = 0; i2 < childNodes.getLength(); i2++) {
                        Node item2 = childNodes.item(i2);
                        if (item2.getLocalName().equals("EncryptedData")) {
                            checkEncryptionAlgorithm(key, (Element) item2);
                            document.importNode(xMLCipher.doFinal(document, (Element) item2, false).getDocumentElement().cloneNode(true), true);
                        }
                    }
                }
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            IOHelper.copy((InputStream) exchange.getContext().getTypeConverter().mandatoryConvertTo(InputStream.class, new DOMSource(document)), byteArrayOutputStream);
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            byteArrayOutputStream.close();
            throw th;
        }
    }

    private Key generateKeyEncryptionKey(String str) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException {
        try {
            Key generateSecret = str.equalsIgnoreCase("DESede") ? SecretKeyFactory.getInstance(str).generateSecret(new DESedeKeySpec(this.passPhrase)) : str.equalsIgnoreCase("SEED") ? new SecretKeySpec(this.passPhrase, "SEED") : str.equalsIgnoreCase("CAMELLIA") ? new SecretKeySpec(this.passPhrase, "CAMELLIA") : new SecretKeySpec(this.passPhrase, CipherStrings.SSL_TXT_AES);
            if (Arrays.equals(this.passPhrase, DEFAULT_KEY.getBytes())) {
                LOG.warn("Using the default encryption key is not secure");
            }
            return generateSecret;
        } catch (InvalidKeyException e) {
            throw new InvalidKeyException("InvalidKeyException due to invalid passPhrase: " + Arrays.toString(this.passPhrase));
        } catch (NoSuchAlgorithmException e2) {
            throw new NoSuchAlgorithmException("NoSuchAlgorithmException while using algorithm: " + str);
        } catch (InvalidKeySpecException e3) {
            throw new InvalidKeySpecException("Invalid Key generated while using passPhrase: " + Arrays.toString(this.passPhrase));
        }
    }

    private Key generateDataEncryptionKey() throws Exception {
        KeyGenerator keyGenerator;
        if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#tripledes-cbc")) {
            keyGenerator = KeyGenerator.getInstance("DESede");
        } else {
            keyGenerator = KeyGenerator.getInstance(CipherStrings.SSL_TXT_AES);
            if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes128-cbc") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2009/xmlenc11#aes128-gcm") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2007/05/xmldsig-more#seed128-cbc") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc")) {
                keyGenerator.init(128);
            } else if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes192-cbc") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2009/xmlenc11#aes192-gcm") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc")) {
                keyGenerator.init(192);
            } else if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes256-cbc") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2009/xmlenc11#aes256-gcm") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc")) {
                keyGenerator.init(256);
            }
        }
        return keyGenerator.generateKey();
    }

    private void embedKeyInfoInEncryptedData(Document document, XMLCipher xMLCipher, XMLCipher xMLCipher2, Key key, Key key2) throws XMLEncryptionException {
        EncryptedKey encryptKey = xMLCipher.encryptKey(document, key, this.mgfAlgorithm, null);
        if (this.addKeyValueForEncryptedKey && (key2 instanceof PublicKey)) {
            KeyInfo keyInfo = new KeyInfo(document);
            keyInfo.add((PublicKey) key2);
            encryptKey.setKeyInfo(keyInfo);
        }
        KeyInfo keyInfo2 = new KeyInfo(document);
        keyInfo2.add(encryptKey);
        xMLCipher2.getEncryptedData().setKeyInfo(keyInfo2);
    }

    private String generateXmlCipherAlgorithmKeyWrap() {
        String str = null;
        if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#tripledes-cbc")) {
            str = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
        } else if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes128-cbc") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2009/xmlenc11#aes128-gcm")) {
            str = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
        } else if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes192-cbc") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2009/xmlenc11#aes192-gcm")) {
            str = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
        } else if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes256-cbc") || this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2009/xmlenc11#aes256-gcm")) {
            str = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
        } else if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2007/05/xmldsig-more#seed128-cbc")) {
            str = "http://www.w3.org/2007/05/xmldsig-more#kw-seed128";
        } else if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc")) {
            str = "http://www.w3.org/2001/04/xmldsig-more#kw-camellia128";
        } else if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc")) {
            str = "http://www.w3.org/2001/04/xmldsig-more#kw-camellia192";
        } else if (this.xmlCipherAlgorithm.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc")) {
            str = "http://www.w3.org/2001/04/xmldsig-more#kw-camellia256";
        }
        return str;
    }

    private String getRecipientKeyAlias(Exchange exchange) {
        String str = (String) exchange.getIn().getHeader(XML_ENC_RECIPIENT_ALIAS, String.class);
        if (str != null) {
            exchange.getIn().setHeader(XML_ENC_RECIPIENT_ALIAS, null);
        } else {
            str = this.recipientKeyAlias;
        }
        return str;
    }

    private void checkEncryptionAlgorithm(Key key, Element element) throws Exception {
        Element findEncryptedDataElement;
        if (!"http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(this.keyCipherAlgorithm) && this.keyCipherAlgorithm != null && (key instanceof PrivateKey) && (findEncryptedDataElement = findEncryptedDataElement(element)) != null && "http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(findEncryptedKeyMethod(findEncryptedDataElement))) {
            throw new XMLEncryptionException("The found key transport encryption method is not allowed");
        }
    }

    private Element findEncryptedDataElement(Element element) {
        if ("EncryptedData".equals(element.getLocalName()) && "http://www.w3.org/2001/04/xmlenc#".equals(element.getNamespaceURI())) {
            return element;
        }
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return null;
            }
            if (node.getNodeType() == 1) {
                Element element2 = (Element) node;
                if ("EncryptedData".equals(element2.getLocalName()) && "http://www.w3.org/2001/04/xmlenc#".equals(element2.getNamespaceURI())) {
                    return element2;
                }
            }
            firstChild = node.getNextSibling();
        }
    }

    private String findEncryptionMethod(Element element) {
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return null;
            }
            if (node.getNodeType() == 1) {
                Element element2 = (Element) node;
                if ("EncryptionMethod".equals(element2.getLocalName()) && "http://www.w3.org/2001/04/xmlenc#".equals(element2.getNamespaceURI())) {
                    return element2.getAttributeNS(null, "Algorithm");
                }
            }
            firstChild = node.getNextSibling();
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:27:0x0081, code lost:
    
        continue;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String findEncryptedKeyMethod(org.w3c.dom.Element r4) {
        /*
            r3 = this;
            r0 = r4
            org.w3c.dom.Node r0 = r0.getFirstChild()
            r5 = r0
        L7:
            r0 = r5
            if (r0 == 0) goto L8b
            r0 = r5
            short r0 = r0.getNodeType()
            r1 = 1
            if (r0 != r1) goto L81
            r0 = r5
            org.w3c.dom.Element r0 = (org.w3c.dom.Element) r0
            r6 = r0
            java.lang.String r0 = "KeyInfo"
            r1 = r6
            java.lang.String r1 = r1.getLocalName()
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L81
            java.lang.String r0 = "http://www.w3.org/2000/09/xmldsig#"
            r1 = r6
            java.lang.String r1 = r1.getNamespaceURI()
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L81
            r0 = r5
            org.w3c.dom.Node r0 = r0.getFirstChild()
            r7 = r0
        L3e:
            r0 = r7
            if (r0 == 0) goto L81
            r0 = r5
            short r0 = r0.getNodeType()
            r1 = 1
            if (r0 != r1) goto L75
            r0 = r7
            org.w3c.dom.Element r0 = (org.w3c.dom.Element) r0
            r6 = r0
            java.lang.String r0 = "EncryptedKey"
            r1 = r6
            java.lang.String r1 = r1.getLocalName()
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L75
            java.lang.String r0 = "http://www.w3.org/2001/04/xmlenc#"
            r1 = r6
            java.lang.String r1 = r1.getNamespaceURI()
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L75
            r0 = r3
            r1 = r6
            java.lang.String r0 = r0.findEncryptionMethod(r1)
            return r0
        L75:
            r0 = r7
            org.w3c.dom.Node r0 = r0.getNextSibling()
            r7 = r0
            goto L3e
        L81:
            r0 = r5
            org.w3c.dom.Node r0 = r0.getNextSibling()
            r5 = r0
            goto L7
        L8b:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.camel.dataformat.xmlsecurity.XMLSecurityDataFormat.findEncryptedKeyMethod(org.w3c.dom.Element):java.lang.String");
    }

    private DefaultNamespaceContext getNamespaceContext() {
        return this.nsContext;
    }

    public String getXmlCipherAlgorithm() {
        return this.xmlCipherAlgorithm;
    }

    public void setXmlCipherAlgorithm(String str) {
        this.xmlCipherAlgorithm = str;
    }

    @Deprecated
    public String getKeyCyperAlgorithm() {
        return this.keyCipherAlgorithm;
    }

    public String getKeyCipherAlgorithm() {
        return this.keyCipherAlgorithm;
    }

    public void setKeyCipherAlgorithm(String str) {
        this.keyCipherAlgorithm = str;
    }

    public String getRecipientKeyAlias() {
        return this.recipientKeyAlias;
    }

    public void setRecipientKeyAlias(String str) {
        this.recipientKeyAlias = str;
    }

    public byte[] getPassPhrase() {
        return this.passPhrase;
    }

    public void setPassPhrase(byte[] bArr) {
        this.passPhrase = bArr;
    }

    public String getSecureTag() {
        return this.secureTag;
    }

    public void setSecureTag(String str) {
        this.secureTag = str;
    }

    public boolean isSecureTagContents() {
        return this.secureTagContents;
    }

    public boolean getSecureTagContents() {
        return this.secureTagContents;
    }

    public void setSecureTagContents(boolean z) {
        this.secureTagContents = z;
    }

    @Deprecated
    public KeyStore getKeyStore() {
        if (this.keyStore == null && this.keyOrTrustStoreParameters != null) {
            try {
                this.keyStore = this.keyOrTrustStoreParameters.createKeyStore();
            } catch (Exception e) {
                throw new RuntimeException("Unable to create KeyStore with configured KeyStoreParameters. " + e.getMessage(), e);
            }
        }
        return this.keyStore;
    }

    @Deprecated
    public void setKeyStore(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    @Deprecated
    public KeyStore getTrustStore() {
        if (this.trustStore == null && this.keyOrTrustStoreParameters != null) {
            try {
                this.trustStore = this.keyOrTrustStoreParameters.createKeyStore();
            } catch (Exception e) {
                throw new RuntimeException("Unable to create KeyStore with configured KeyStoreParameters. " + e.getMessage(), e);
            }
        }
        return this.trustStore;
    }

    @Deprecated
    public void setTrustStore(KeyStore keyStore) {
        this.trustStore = keyStore;
    }

    @Deprecated
    public String getKeyStorePassword() {
        return this.keyOrTrustStoreParameters != null ? this.keyOrTrustStoreParameters.getPassword() : this.keyStorePassword;
    }

    @Deprecated
    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }

    @Deprecated
    public String getTrustStorePassword() {
        return this.keyOrTrustStoreParameters != null ? this.keyOrTrustStoreParameters.getPassword() : this.trustStorePassword;
    }

    @Deprecated
    public void setTrustStorePassword(String str) {
        this.trustStorePassword = str;
    }

    public void setKeyOrTrustStoreParameters(KeyStoreParameters keyStoreParameters) {
        this.keyOrTrustStoreParameters = keyStoreParameters;
    }

    public KeyStoreParameters getKeyOrTrustStoreParameters() {
        return this.keyOrTrustStoreParameters;
    }

    public void setKeyOrTrustStoreParametersId(String str) {
        this.keyOrTrustStoreParametersId = str;
        if (this.camelContext != null) {
            Object lookupByName = this.camelContext.getRegistry().lookupByName(this.keyOrTrustStoreParametersId);
            if (!(lookupByName instanceof KeyStoreParameters)) {
                throw new IllegalStateException("Could not initialize XMLSecurityDataFormat with camelContext.The id for the keyOrTrustStoreParameters specified [ " + this.keyOrTrustStoreParametersId + " ] does not identify a KeyStoreParameters bean.");
            }
            this.keyOrTrustStoreParameters = (KeyStoreParameters) lookupByName;
        }
    }

    public String getKeyOrTrustStoreParametersId() {
        return this.keyOrTrustStoreParametersId;
    }

    public void setNamespaces(Map<String, String> map) {
        getNamespaceContext().setNamespaces(map);
    }

    public void setKeyPassword(String str) {
        this.keyPassword = str;
    }

    public String getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlgorithm = str;
    }

    public String getMgfAlgorithm() {
        return this.mgfAlgorithm;
    }

    public void setMgfAlgorithm(String str) {
        this.mgfAlgorithm = str;
    }

    public boolean isAddKeyValueForEncryptedKey() {
        return this.addKeyValueForEncryptedKey;
    }

    public void setAddKeyValueForEncryptedKey(boolean z) {
        this.addKeyValueForEncryptedKey = z;
    }
}
