package org.opensaml.xml.encryption;

import java.security.Key;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import org.apache.xml.security.Init;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.io.UnmarshallerFactory;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.signature.DigestMethod;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.XMLSignatureBuilder;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-216-04.zip:modules/system/layers/fuse/org/opensaml/xmltooling/1.4.1/xmltooling-1.4.1.jar:org/opensaml/xml/encryption/Encrypter.class */
public class Encrypter {
    private final Logger log = LoggerFactory.getLogger(Encrypter.class);
    private Unmarshaller encryptedDataUnmarshaller;
    private Unmarshaller encryptedKeyUnmarshaller;
    private XMLSignatureBuilder<KeyInfo> keyInfoBuilder;
    private String jcaProviderName;

    public Encrypter() {
        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
        this.encryptedDataUnmarshaller = unmarshallerFactory.getUnmarshaller(EncryptedData.DEFAULT_ELEMENT_NAME);
        this.encryptedKeyUnmarshaller = unmarshallerFactory.getUnmarshaller(EncryptedKey.DEFAULT_ELEMENT_NAME);
        this.keyInfoBuilder = (XMLSignatureBuilder) Configuration.getBuilderFactory().getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);
        this.jcaProviderName = null;
    }

    public String getJCAProviderName() {
        return this.jcaProviderName;
    }

    public void setJCAProviderName(String str) {
        this.jcaProviderName = str;
    }

    public EncryptedData encryptElement(XMLObject xMLObject, EncryptionParameters encryptionParameters) throws EncryptionException {
        return encryptElement(xMLObject, encryptionParameters, (List<KeyEncryptionParameters>) new ArrayList(), false);
    }

    public EncryptedData encryptElement(XMLObject xMLObject, EncryptionParameters encryptionParameters, KeyEncryptionParameters keyEncryptionParameters) throws EncryptionException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(keyEncryptionParameters);
        return encryptElement(xMLObject, encryptionParameters, (List<KeyEncryptionParameters>) arrayList, false);
    }

    public EncryptedData encryptElement(XMLObject xMLObject, EncryptionParameters encryptionParameters, List<KeyEncryptionParameters> list) throws EncryptionException {
        return encryptElement(xMLObject, encryptionParameters, list, false);
    }

    public EncryptedData encryptElementContent(XMLObject xMLObject, EncryptionParameters encryptionParameters) throws EncryptionException {
        return encryptElement(xMLObject, encryptionParameters, (List<KeyEncryptionParameters>) new ArrayList(), true);
    }

    public EncryptedData encryptElementContent(XMLObject xMLObject, EncryptionParameters encryptionParameters, KeyEncryptionParameters keyEncryptionParameters) throws EncryptionException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(keyEncryptionParameters);
        return encryptElement(xMLObject, encryptionParameters, (List<KeyEncryptionParameters>) arrayList, true);
    }

    public EncryptedData encryptElementContent(XMLObject xMLObject, EncryptionParameters encryptionParameters, List<KeyEncryptionParameters> list) throws EncryptionException {
        return encryptElement(xMLObject, encryptionParameters, list, true);
    }

    public List<EncryptedKey> encryptKey(Key key, List<KeyEncryptionParameters> list, Document document) throws EncryptionException {
        checkParams(list, false);
        ArrayList arrayList = new ArrayList();
        Iterator<KeyEncryptionParameters> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(encryptKey(key, it.next(), document));
        }
        return arrayList;
    }

    public EncryptedKey encryptKey(Key key, KeyEncryptionParameters keyEncryptionParameters, Document document) throws EncryptionException {
        checkParams(keyEncryptionParameters, false);
        EncryptedKey encryptKey = encryptKey(key, SecurityHelper.extractEncryptionKey(keyEncryptionParameters.getEncryptionCredential()), keyEncryptionParameters.getAlgorithm(), document);
        if (keyEncryptionParameters.getKeyInfoGenerator() != null) {
            KeyInfoGenerator keyInfoGenerator = keyEncryptionParameters.getKeyInfoGenerator();
            this.log.debug("Dynamically generating KeyInfo from Credential for EncryptedKey using generator: {}", keyInfoGenerator.getClass().getName());
            try {
                encryptKey.setKeyInfo(keyInfoGenerator.generate(keyEncryptionParameters.getEncryptionCredential()));
            } catch (SecurityException e) {
                this.log.error("Error during EncryptedKey KeyInfo generation", e);
                throw new EncryptionException("Error during EncryptedKey KeyInfo generation", e);
            }
        }
        if (keyEncryptionParameters.getRecipient() != null) {
            encryptKey.setRecipient(keyEncryptionParameters.getRecipient());
        }
        return encryptKey;
    }

    protected EncryptedKey encryptKey(Key key, Key key2, String str, Document document) throws EncryptionException {
        if (key == null) {
            this.log.error("Target key for key encryption was null");
            throw new EncryptionException("Target key was null");
        }
        if (key2 == null) {
            this.log.error("Encryption key for key encryption was null");
            throw new EncryptionException("Encryption key was null");
        }
        this.log.debug("Encrypting encryption key with algorithm: {}", str);
        try {
            XMLCipher providerInstance = getJCAProviderName() != null ? XMLCipher.getProviderInstance(str, getJCAProviderName()) : XMLCipher.getInstance(str);
            providerInstance.init(3, key2);
            try {
                org.apache.xml.security.encryption.EncryptedKey encryptKey = providerInstance.encryptKey(document, key);
                postProcessApacheEncryptedKey(encryptKey, key, key2, str, document);
                try {
                    return (EncryptedKey) this.encryptedKeyUnmarshaller.unmarshall(providerInstance.martial(document, encryptKey));
                } catch (UnmarshallingException e) {
                    this.log.error("Error unmarshalling EncryptedKey element", e);
                    throw new EncryptionException("Error unmarshalling EncryptedKey element");
                }
            } catch (XMLEncryptionException e2) {
                this.log.error("Error encrypting element on key encryption", e2);
                throw new EncryptionException("Error encrypting element on key encryption", e2);
            }
        } catch (XMLEncryptionException e3) {
            this.log.error("Error initializing cipher instance on key encryption", e3);
            throw new EncryptionException("Error initializing cipher instance on key encryption", e3);
        }
    }

    protected void postProcessApacheEncryptedKey(org.apache.xml.security.encryption.EncryptedKey encryptedKey, Key key, Key key2, String str, Document document) throws EncryptionException {
        if ("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str)) {
            boolean z = false;
            Iterator<Element> encryptionMethodInformation = encryptedKey.getEncryptionMethod().getEncryptionMethodInformation();
            while (true) {
                if (!encryptionMethodInformation.hasNext()) {
                    break;
                }
                if (DigestMethod.DEFAULT_ELEMENT_NAME.equals(XMLHelper.getNodeQName(encryptionMethodInformation.next()))) {
                    z = true;
                    break;
                }
            }
            if (z) {
                return;
            }
            Element constructElement = XMLHelper.constructElement(document, DigestMethod.DEFAULT_ELEMENT_NAME);
            XMLHelper.appendNamespaceDeclaration(constructElement, "http://www.w3.org/2000/09/xmldsig#", "ds");
            constructElement.setAttributeNS(null, "Algorithm", "http://www.w3.org/2000/09/xmldsig#sha1");
            encryptedKey.getEncryptionMethod().addEncryptionMethodInformation(constructElement);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EncryptedData encryptElement(XMLObject xMLObject, Key key, String str, boolean z) throws EncryptionException {
        if (xMLObject == null) {
            this.log.error("XMLObject for encryption was null");
            throw new EncryptionException("XMLObject was null");
        }
        if (key == null) {
            this.log.error("Encryption key for key encryption was null");
            throw new EncryptionException("Encryption key was null");
        }
        this.log.debug("Encrypting XMLObject using algorithm URI {} with content mode {}", str, Boolean.valueOf(z));
        checkAndMarshall(xMLObject);
        Element dom = xMLObject.getDOM();
        Document ownerDocument = dom.getOwnerDocument();
        try {
            XMLCipher providerInstance = getJCAProviderName() != null ? XMLCipher.getProviderInstance(str, getJCAProviderName()) : XMLCipher.getInstance(str);
            providerInstance.init(1, key);
            try {
                try {
                    return (EncryptedData) this.encryptedDataUnmarshaller.unmarshall(providerInstance.martial(ownerDocument, providerInstance.encryptData(ownerDocument, dom, z)));
                } catch (UnmarshallingException e) {
                    this.log.error("Error unmarshalling EncryptedData element", e);
                    throw new EncryptionException("Error unmarshalling EncryptedData element", e);
                }
            } catch (Exception e2) {
                this.log.error("Error encrypting XMLObject", e2);
                throw new EncryptionException("Error encrypting XMLObject", e2);
            }
        } catch (XMLEncryptionException e3) {
            this.log.error("Error initializing cipher instance on XMLObject encryption", e3);
            throw new EncryptionException("Error initializing cipher instance", e3);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.security.Key] */
    private EncryptedData encryptElement(XMLObject xMLObject, EncryptionParameters encryptionParameters, List<KeyEncryptionParameters> list, boolean z) throws EncryptionException {
        checkParams(encryptionParameters, list);
        String algorithm = encryptionParameters.getAlgorithm();
        SecretKey extractEncryptionKey = SecurityHelper.extractEncryptionKey(encryptionParameters.getEncryptionCredential());
        if (extractEncryptionKey == null) {
            extractEncryptionKey = generateEncryptionKey(algorithm);
        }
        EncryptedData encryptElement = encryptElement(xMLObject, extractEncryptionKey, algorithm, z);
        Document ownerDocument = encryptElement.getDOM().getOwnerDocument();
        if (encryptionParameters.getKeyInfoGenerator() != null) {
            KeyInfoGenerator keyInfoGenerator = encryptionParameters.getKeyInfoGenerator();
            this.log.debug("Dynamically generating KeyInfo from Credential for EncryptedData using generator: {}", keyInfoGenerator.getClass().getName());
            try {
                encryptElement.setKeyInfo(keyInfoGenerator.generate(encryptionParameters.getEncryptionCredential()));
            } catch (SecurityException e) {
                this.log.error("Error during EncryptedData KeyInfo generation", e);
                throw new EncryptionException("Error during EncryptedData KeyInfo generation", e);
            }
        }
        Iterator<KeyEncryptionParameters> it = list.iterator();
        while (it.hasNext()) {
            EncryptedKey encryptKey = encryptKey(extractEncryptionKey, it.next(), ownerDocument);
            if (encryptElement.getKeyInfo() == null) {
                encryptElement.setKeyInfo(this.keyInfoBuilder.buildObject());
            }
            encryptElement.getKeyInfo().getEncryptedKeys().add(encryptKey);
        }
        return encryptElement;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkAndMarshall(XMLObject xMLObject) throws EncryptionException {
        if (xMLObject.getDOM() == null) {
            try {
                Configuration.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject);
            } catch (MarshallingException e) {
                this.log.error("Error marshalling target XMLObject", e);
                throw new EncryptionException("Error marshalling target XMLObject", e);
            }
        }
    }

    protected void checkParams(EncryptionParameters encryptionParameters) throws EncryptionException {
        if (encryptionParameters == null) {
            this.log.error("Data encryption parameters are required");
            throw new EncryptionException("Data encryption parameters are required");
        }
        if (DatatypeHelper.isEmpty(encryptionParameters.getAlgorithm())) {
            this.log.error("Data encryption algorithm URI is required");
            throw new EncryptionException("Data encryption algorithm URI is required");
        }
    }

    protected void checkParams(KeyEncryptionParameters keyEncryptionParameters, boolean z) throws EncryptionException {
        if (keyEncryptionParameters == null) {
            if (z) {
                return;
            }
            this.log.error("Key encryption parameters are required");
            throw new EncryptionException("Key encryption parameters are required");
        }
        Key extractEncryptionKey = SecurityHelper.extractEncryptionKey(keyEncryptionParameters.getEncryptionCredential());
        if (extractEncryptionKey == null) {
            this.log.error("Key encryption credential and contained key are required");
            throw new EncryptionException("Key encryption credential and contained key are required");
        }
        if (extractEncryptionKey instanceof DSAPublicKey) {
            this.log.error("Attempt made to use DSA key for encrypted key transport");
            throw new EncryptionException("DSA keys may not be used for encrypted key transport");
        }
        if (extractEncryptionKey instanceof ECPublicKey) {
            this.log.error("Attempt made to use EC key for encrypted key transport");
            throw new EncryptionException("EC keys may not be used for encrypted key transport");
        }
        if (DatatypeHelper.isEmpty(keyEncryptionParameters.getAlgorithm())) {
            this.log.error("Key encryption algorithm URI is required");
            throw new EncryptionException("Key encryption algorithm URI is required");
        }
    }

    protected void checkParams(List<KeyEncryptionParameters> list, boolean z) throws EncryptionException {
        if (list == null || list.isEmpty()) {
            if (z) {
                return;
            }
            this.log.error("Key encryption parameters list may not be empty");
            throw new EncryptionException("Key encryption parameters list may not be empty");
        }
        Iterator<KeyEncryptionParameters> it = list.iterator();
        while (it.hasNext()) {
            checkParams(it.next(), false);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkParams(EncryptionParameters encryptionParameters, List<KeyEncryptionParameters> list) throws EncryptionException {
        checkParams(encryptionParameters);
        checkParams(list, true);
        if (SecurityHelper.extractEncryptionKey(encryptionParameters.getEncryptionCredential()) == null) {
            if (list == null || list.isEmpty()) {
                this.log.error("Using a generated encryption key requires a KeyEncryptionParameters object and key encryption key");
                throw new EncryptionException("Using a generated encryption key requires a KeyEncryptionParameters object and key encryption key");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecretKey generateEncryptionKey(String str) throws EncryptionException {
        try {
            this.log.debug("Generating random symmetric data encryption key from algorithm URI: {}", str);
            return SecurityHelper.generateSymmetricKey(str);
        } catch (KeyException e) {
            this.log.error("Could not generate encryption key from algorithm URI: " + str);
            throw new EncryptionException("Could not generate encryption key from algorithm URI: " + str);
        } catch (NoSuchAlgorithmException e2) {
            this.log.error("Could not generate encryption key, algorithm URI was invalid: " + str);
            throw new EncryptionException("Could not generate encryption key, algorithm URI was invalid: " + str);
        }
    }

    static {
        if (Init.isInitialized()) {
            return;
        }
        Init.init();
    }
}
