package org.apache.wss4j.common.util;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.batik.util.XMLConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.utils.JavaUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-506.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-common-2.1.7.jar:org/apache/wss4j/common/util/KeyUtils.class */
public final class KeyUtils {
    private static final Logger LOG = LoggerFactory.getLogger(KeyUtils.class);
    private static final int MAX_SYMMETRIC_KEY_SIZE = 1024;
    public static final String RSA_ECB_OAEPWITH_SHA1_AND_MGF1_PADDING = "RSA/ECB/OAEPWithSHA1AndMGF1Padding";
    private static MessageDigest digest;

    private KeyUtils() {
    }

    public static int getKeyLength(String str) throws WSSecurityException {
        return JCEMapper.getKeyLengthFromURI(str) / 8;
    }

    public static SecretKey prepareSecretKey(String str, byte[] bArr) {
        SecretKeySpec secretKeySpec;
        int i = 0;
        try {
            i = getKeyLength(str);
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(e.getMessage());
            }
        }
        String jCEKeyAlgorithmFromURI = JCEMapper.getJCEKeyAlgorithmFromURI(str);
        if (i <= 0 || str.endsWith("gcm") || str.contains("hmac-")) {
            secretKeySpec = bArr.length > 1024 ? new SecretKeySpec(bArr, 0, 1024, jCEKeyAlgorithmFromURI) : new SecretKeySpec(bArr, jCEKeyAlgorithmFromURI);
        } else {
            secretKeySpec = new SecretKeySpec(bArr, 0, bArr.length > i ? i : bArr.length, jCEKeyAlgorithmFromURI);
        }
        return secretKeySpec;
    }

    public static KeyGenerator getKeyGenerator(String str) throws WSSecurityException {
        try {
            String jCEKeyAlgorithmFromURI = JCEMapper.getJCEKeyAlgorithmFromURI(str);
            if (jCEKeyAlgorithmFromURI == null || "".equals(jCEKeyAlgorithmFromURI)) {
                jCEKeyAlgorithmFromURI = JCEMapper.translateURItoJCEID(str);
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(jCEKeyAlgorithmFromURI);
            if (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes128-cbc") || str.equalsIgnoreCase("http://www.w3.org/2009/xmlenc11#aes128-gcm")) {
                keyGenerator.init(128);
            } else if (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes192-cbc") || str.equalsIgnoreCase("http://www.w3.org/2009/xmlenc11#aes192-gcm")) {
                keyGenerator.init(192);
            } else if (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes256-cbc") || str.equalsIgnoreCase("http://www.w3.org/2009/xmlenc11#aes256-gcm")) {
                keyGenerator.init(256);
            }
            return keyGenerator;
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e);
        }
    }

    public static Cipher getCipherInstance(String str) throws WSSecurityException {
        return getCipherInstance(str, null);
    }

    public static Cipher getCipherInstance(String str, String str2) throws WSSecurityException {
        String translateURItoJCEID = JCEMapper.translateURItoJCEID(str);
        if (translateURItoJCEID == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "unsupportedKeyTransp", new Object[]{"No such algorithm: \"" + str + XMLConstants.XML_DOUBLE_QUOTE});
        }
        if (str2 == null) {
            str2 = JCEMapper.getProviderId();
        } else {
            JavaUtils.checkRegisterPermission();
        }
        try {
            try {
                return str2 == null ? Cipher.getInstance(translateURItoJCEID) : Cipher.getInstance(translateURItoJCEID, str2);
            } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
                if (!"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str)) {
                    if (e instanceof NoSuchAlgorithmException) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e, "unsupportedKeyTransp", new Object[]{"No such algorithm: \"" + translateURItoJCEID + XMLConstants.XML_DOUBLE_QUOTE});
                    }
                    throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e, "unsupportedKeyTransp", new Object[]{"No such padding: \"" + translateURItoJCEID + XMLConstants.XML_DOUBLE_QUOTE});
                }
                try {
                    return str2 == null ? Cipher.getInstance(RSA_ECB_OAEPWITH_SHA1_AND_MGF1_PADDING) : Cipher.getInstance(RSA_ECB_OAEPWITH_SHA1_AND_MGF1_PADDING, str2);
                } catch (NoSuchAlgorithmException e2) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e, "unsupportedKeyTransp", new Object[]{"No such algorithm: \"RSA/ECB/OAEPWithSHA1AndMGF1Padding\""});
                } catch (NoSuchProviderException e3) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e3, "unsupportedKeyTransp", new Object[]{"No such provider \"" + JCEMapper.getProviderId() + "\" for \"" + RSA_ECB_OAEPWITH_SHA1_AND_MGF1_PADDING + XMLConstants.XML_DOUBLE_QUOTE});
                } catch (NoSuchPaddingException e4) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e, "unsupportedKeyTransp", new Object[]{"No such padding: \"RSA/ECB/OAEPWithSHA1AndMGF1Padding\""});
                }
            }
        } catch (NoSuchProviderException e5) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e5, "unsupportedKeyTransp", new Object[]{"No such provider \"" + JCEMapper.getProviderId() + "\" for \"" + translateURItoJCEID + XMLConstants.XML_DOUBLE_QUOTE});
        }
    }

    public static synchronized byte[] generateDigest(byte[] bArr) throws WSSecurityException {
        try {
            if (digest == null) {
                digest = MessageDigest.getInstance("SHA-1");
            }
            return digest.digest(bArr);
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "empty", new Object[]{"Error in generating digest"});
        }
    }
}
