package org.apache.xml.security.stax.impl.processor.input;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.MGF1ParameterSpec;
import java.util.Deque;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.JAXBElement;
import org.apache.xml.security.binding.xmldsig.DigestMethodType;
import org.apache.xml.security.binding.xmlenc.EncryptedKeyType;
import org.apache.xml.security.binding.xmlenc11.MGFType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InboundSecurityContext;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import org.apache.xml.security.stax.securityEvent.EncryptedKeyTokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenFactory;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import org.apache.xml.security.utils.Base64;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-516-01.zip:modules/system/layers/fuse/org/apache/santuario/xmlsec/2.0/xmlsec-2.0.6.jar:org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.class */
public class XMLEncryptedKeyInputHandler extends AbstractInputSecurityHeaderHandler {
    private static final transient Logger log = LoggerFactory.getLogger((Class<?>) XMLEncryptedKeyInputHandler.class);

    @Override // org.apache.xml.security.stax.ext.XMLSecurityHeaderHandler
    public void handle(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, Integer num) throws XMLSecurityException {
        handle(inputProcessorChain, (EncryptedKeyType) ((JAXBElement) parseStructure(deque, num.intValue(), xMLSecurityProperties)).getValue(), getResponsibleStartXMLEvent(deque, num.intValue()), xMLSecurityProperties);
    }

    public void handle(InputProcessorChain inputProcessorChain, final EncryptedKeyType encryptedKeyType, final XMLSecEvent xMLSecEvent, final XMLSecurityProperties xMLSecurityProperties) throws XMLSecurityException {
        if (encryptedKeyType.getEncryptionMethod() == null) {
            throw new XMLSecurityException("stax.encryption.noEncAlgo");
        }
        if (encryptedKeyType.getId() == null) {
            encryptedKeyType.setId(IDGenerator.generateID(null));
        }
        final InboundSecurityContext securityContext = inputProcessorChain.getSecurityContext();
        SecurityTokenProvider<InboundSecurityToken> securityTokenProvider = new SecurityTokenProvider<InboundSecurityToken>() { // from class: org.apache.xml.security.stax.impl.processor.input.XMLEncryptedKeyInputHandler.1
            private AbstractInboundSecurityToken securityToken = null;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
                if (this.securityToken != null) {
                    return this.securityToken;
                }
                this.securityToken = new AbstractInboundSecurityToken(securityContext, encryptedKeyType.getId(), SecurityTokenConstants.KeyIdentifier_EncryptedKey, true) { // from class: org.apache.xml.security.stax.impl.processor.input.XMLEncryptedKeyInputHandler.1.1
                    private byte[] decryptedKey = null;
                    private InboundSecurityToken wrappingSecurityToken = null;

                    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken
                    public Key getKey(String str, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String str2) throws XMLSecurityException {
                        Key key = getSecretKey().get(str);
                        if (key != null) {
                            return key;
                        }
                        SecretKeySpec secretKeySpec = new SecretKeySpec(getSecret(this, str2, str), JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(str));
                        setSecretKey(str, secretKeySpec);
                        return secretKeySpec;
                    }

                    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken, org.apache.xml.security.stax.securityToken.SecurityToken
                    public InboundSecurityToken getKeyWrappingToken() throws XMLSecurityException {
                        return getWrappingSecurityToken(this);
                    }

                    @Override // org.apache.xml.security.stax.securityToken.SecurityToken
                    public SecurityTokenConstants.TokenType getTokenType() {
                        return SecurityTokenConstants.EncryptedKeyToken;
                    }

                    private InboundSecurityToken getWrappingSecurityToken(InboundSecurityToken inboundSecurityToken) throws XMLSecurityException {
                        if (this.wrappingSecurityToken != null) {
                            return this.wrappingSecurityToken;
                        }
                        this.wrappingSecurityToken = SecurityTokenFactory.getInstance().getSecurityToken(encryptedKeyType.getKeyInfo(), SecurityTokenConstants.KeyUsage_Decryption, xMLSecurityProperties, securityContext);
                        this.wrappingSecurityToken.addWrappedToken(inboundSecurityToken);
                        return this.wrappingSecurityToken;
                    }

                    private byte[] getSecret(InboundSecurityToken inboundSecurityToken, String str, String str2) throws XMLSecurityException {
                        if (this.decryptedKey != null) {
                            return this.decryptedKey;
                        }
                        String algorithm = encryptedKeyType.getEncryptionMethod().getAlgorithm();
                        if (algorithm == null) {
                            throw new XMLSecurityException("stax.encryption.noEncAlgo");
                        }
                        String translateURItoJCEID = JCEAlgorithmMapper.translateURItoJCEID(algorithm);
                        String jCEProviderFromURI = JCEAlgorithmMapper.getJCEProviderFromURI(algorithm);
                        if (translateURItoJCEID == null) {
                            throw new XMLSecurityException("algorithms.NoSuchMap", new Object[]{algorithm});
                        }
                        InboundSecurityToken wrappingSecurityToken = getWrappingSecurityToken(inboundSecurityToken);
                        try {
                            XMLSecurityConstants.AlgorithmUsage algorithmUsage = wrappingSecurityToken.isAsymmetric() ? XMLSecurityConstants.Asym_Key_Wrap : XMLSecurityConstants.Sym_Key_Wrap;
                            Cipher cipher = jCEProviderFromURI == null ? Cipher.getInstance(translateURItoJCEID) : Cipher.getInstance(translateURItoJCEID, jCEProviderFromURI);
                            if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(algorithm) || "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(algorithm)) {
                                DigestMethodType digestMethodType = (DigestMethodType) XMLSecurityUtils.getQNameType(encryptedKeyType.getEncryptionMethod().getContent(), XMLSecurityConstants.TAG_dsig_DigestMethod);
                                String str3 = "SHA-1";
                                if (digestMethodType != null) {
                                    AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
                                    algorithmSuiteSecurityEvent.setAlgorithmURI(digestMethodType.getAlgorithm());
                                    algorithmSuiteSecurityEvent.setAlgorithmUsage(XMLSecurityConstants.EncDig);
                                    algorithmSuiteSecurityEvent.setCorrelationID(str);
                                    securityContext.registerSecurityEvent(algorithmSuiteSecurityEvent);
                                    str3 = JCEAlgorithmMapper.translateURItoJCEID(digestMethodType.getAlgorithm());
                                }
                                PSource.PSpecified pSpecified = PSource.PSpecified.DEFAULT;
                                byte[] bArr = (byte[]) XMLSecurityUtils.getQNameType(encryptedKeyType.getEncryptionMethod().getContent(), XMLSecurityConstants.TAG_xenc_OAEPparams);
                                if (bArr != null) {
                                    pSpecified = new PSource.PSpecified(bArr);
                                }
                                MGF1ParameterSpec mGF1ParameterSpec = new MGF1ParameterSpec("SHA-1");
                                MGFType mGFType = (MGFType) XMLSecurityUtils.getQNameType(encryptedKeyType.getEncryptionMethod().getContent(), XMLSecurityConstants.TAG_xenc11_MGF);
                                if (mGFType != null) {
                                    mGF1ParameterSpec = new MGF1ParameterSpec(JCEAlgorithmMapper.translateURItoJCEID(mGFType.getAlgorithm()));
                                }
                                cipher.init(4, wrappingSecurityToken.getSecretKey(algorithm, algorithmUsage, str), new OAEPParameterSpec(str3, ASN1Registry.SN_mgf1, mGF1ParameterSpec, pSpecified));
                            } else {
                                cipher.init(4, wrappingSecurityToken.getSecretKey(algorithm, algorithmUsage, str));
                            }
                            if (encryptedKeyType.getCipherData() == null || encryptedKeyType.getCipherData().getCipherValue() == null) {
                                throw new XMLSecurityException("stax.encryption.noCipherValue");
                            }
                            super.setSha1Identifier(Base64.encode(XMLEncryptedKeyInputHandler.this.generateDigest(encryptedKeyType.getCipherData().getCipherValue())));
                            try {
                                byte[] encoded = cipher.unwrap(encryptedKeyType.getCipherData().getCipherValue(), translateURItoJCEID, 3).getEncoded();
                                this.decryptedKey = encoded;
                                return encoded;
                            } catch (IllegalStateException e) {
                                throw new XMLSecurityException(e);
                            } catch (Exception e2) {
                                XMLEncryptedKeyInputHandler.log.warn("Unwrapping of the encrypted key failed with error: " + e2.getMessage() + ". Generating a faked one to mitigate timing attacks.");
                                this.decryptedKey = XMLSecurityConstants.generateBytes(JCEAlgorithmMapper.getKeyLengthFromURI(str2) / 8);
                                return this.decryptedKey;
                            }
                        } catch (InvalidAlgorithmParameterException e3) {
                            throw new XMLSecurityException(e3);
                        } catch (InvalidKeyException e4) {
                            throw new XMLSecurityException(e4);
                        } catch (NoSuchAlgorithmException e5) {
                            throw new XMLSecurityException(e5);
                        } catch (NoSuchProviderException e6) {
                            throw new XMLSecurityException(e6);
                        } catch (NoSuchPaddingException e7) {
                            throw new XMLSecurityException(e7);
                        }
                    }
                };
                this.securityToken.setElementPath(xMLSecEvent.getElementPath());
                this.securityToken.setXMLSecEvent(xMLSecEvent);
                return this.securityToken;
            }

            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public String getId() {
                return encryptedKeyType.getId();
            }
        };
        securityContext.registerSecurityTokenProvider(encryptedKeyType.getId(), securityTokenProvider);
        EncryptedKeyTokenSecurityEvent encryptedKeyTokenSecurityEvent = new EncryptedKeyTokenSecurityEvent();
        encryptedKeyTokenSecurityEvent.setSecurityToken(securityTokenProvider.getSecurityToken());
        encryptedKeyTokenSecurityEvent.setCorrelationID(encryptedKeyType.getId());
        securityContext.registerSecurityEvent(encryptedKeyTokenSecurityEvent);
        if (encryptedKeyType.getReferenceList() != null) {
            handleReferenceList(inputProcessorChain, encryptedKeyType, xMLSecurityProperties);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] generateDigest(byte[] bArr) throws XMLSecurityException {
        try {
            return MessageDigest.getInstance("SHA-1").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new XMLSecurityException(e);
        }
    }

    protected void handleReferenceList(InputProcessorChain inputProcessorChain, EncryptedKeyType encryptedKeyType, XMLSecurityProperties xMLSecurityProperties) throws XMLSecurityException {
    }
}
