package org.apache.wss4j.dom.action;

import java.security.cert.X509Certificate;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.EncryptionActionToken;
import org.apache.wss4j.common.SecurityActionToken;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandler;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.w3c.dom.Document;

/* loaded from: input_file:m2repo/org/apache/wss4j/wss4j-ws-security-dom/2.1.10/wss4j-ws-security-dom-2.1.10.jar:org/apache/wss4j/dom/action/EncryptionAction.class */
public class EncryptionAction implements Action {
    @Override // org.apache.wss4j.dom.action.Action
    public void execute(WSHandler wSHandler, SecurityActionToken securityActionToken, Document document, RequestData requestData) throws WSSecurityException {
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        wSSecEncrypt.setIdAllocator(requestData.getWssConfig().getIdAllocator());
        EncryptionActionToken encryptionActionToken = null;
        if (securityActionToken instanceof EncryptionActionToken) {
            encryptionActionToken = (EncryptionActionToken) securityActionToken;
        }
        if (encryptionActionToken == null) {
            encryptionActionToken = requestData.getEncryptionToken();
        }
        if (encryptionActionToken.getKeyIdentifierId() != 0) {
            wSSecEncrypt.setKeyIdentifierType(encryptionActionToken.getKeyIdentifierId());
        }
        if (encryptionActionToken.getSymmetricAlgorithm() != null) {
            wSSecEncrypt.setSymmetricEncAlgorithm(encryptionActionToken.getSymmetricAlgorithm());
        }
        if (encryptionActionToken.getKeyTransportAlgorithm() != null) {
            wSSecEncrypt.setKeyEncAlgo(encryptionActionToken.getKeyTransportAlgorithm());
        }
        if (encryptionActionToken.getDigestAlgorithm() != null) {
            wSSecEncrypt.setDigestAlgorithm(encryptionActionToken.getDigestAlgorithm());
        }
        if (encryptionActionToken.getMgfAlgorithm() != null) {
            wSSecEncrypt.setMGFAlgorithm(encryptionActionToken.getMgfAlgorithm());
        }
        wSSecEncrypt.setIncludeEncryptionToken(encryptionActionToken.isIncludeToken());
        wSSecEncrypt.setUserInfo(encryptionActionToken.getUser());
        wSSecEncrypt.setUseThisCert(encryptionActionToken.getCertificate());
        Crypto crypto = encryptionActionToken.getCrypto();
        boolean booleanValue = Boolean.valueOf(wSHandler.getStringOption(ConfigurationConstants.ENABLE_REVOCATION)).booleanValue();
        if (booleanValue && crypto != null) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            cryptoType.setAlias(encryptionActionToken.getUser());
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates != null && x509Certificates.length > 0) {
                crypto.verifyTrust(x509Certificates, booleanValue, null);
            }
        }
        if (encryptionActionToken.getParts().size() > 0) {
            wSSecEncrypt.getParts().addAll(encryptionActionToken.getParts());
        }
        wSSecEncrypt.setEncryptSymmKey(encryptionActionToken.isEncSymmetricEncryptionKey());
        byte[] key = encryptionActionToken.getKey();
        if (encryptionActionToken.isGetSymmetricKeyFromCallbackHandler() || (!encryptionActionToken.isEncSymmetricEncryptionKey() && key == null)) {
            CallbackHandler passwordCallbackHandler = wSHandler.getPasswordCallbackHandler(requestData);
            WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(encryptionActionToken.getUser(), 9);
            wSPasswordCallback.setAlgorithm(wSSecEncrypt.getSymmetricEncAlgorithm());
            try {
                passwordCallbackHandler.handle(new Callback[]{wSPasswordCallback});
                key = wSPasswordCallback.getKey();
                wSSecEncrypt.setEncryptedEphemeralKey(wSPasswordCallback.getEncryptedSecret());
                wSSecEncrypt.setCustomEKKeyInfoElement(wSPasswordCallback.getKeyInfoReference());
            } catch (Exception e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "empty", new Object[]{"WSHandler: password callback failed"});
            }
        }
        wSSecEncrypt.setEphemeralKey(key);
        if (encryptionActionToken.getTokenId() != null) {
            wSSecEncrypt.setEncKeyId(encryptionActionToken.getTokenId());
        }
        if (encryptionActionToken.getTokenType() != null) {
            wSSecEncrypt.setCustomReferenceValue(encryptionActionToken.getTokenType());
        }
        wSSecEncrypt.setAttachmentCallbackHandler(requestData.getAttachmentCallbackHandler());
        wSSecEncrypt.setStoreBytesInAttachment(requestData.isStoreBytesInAttachment());
        try {
            wSSecEncrypt.build(document, encryptionActionToken.getCrypto(), requestData.getSecHeader());
        } catch (WSSecurityException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2, "empty", new Object[]{"Error during encryption: "});
        }
    }
}
