package org.apache.ws.security.processor;

import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Vector;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.EncryptionConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;

/* loaded from: input_file:wss4j-1.5.8.jar:org/apache/ws/security/processor/EncryptedKeyProcessor.class */
public class EncryptedKeyProcessor implements Processor {
    private static Log log;
    private static Log tlog;
    private byte[] encryptedEphemeralKey;
    private byte[] decryptedBytes = null;
    private String encryptedKeyId = null;
    private X509Certificate cert = null;
    static Class class$org$apache$ws$security$processor$EncryptedKeyProcessor;

    @Override // org.apache.ws.security.processor.Processor
    public void handleToken(Element element, Crypto crypto, Crypto crypto2, CallbackHandler callbackHandler, WSDocInfo wSDocInfo, Vector vector, WSSConfig wSSConfig) throws WSSecurityException {
        if (log.isDebugEnabled()) {
            log.debug("Found encrypted key element");
        }
        if (crypto2 == null) {
            throw new WSSecurityException(0, "noDecCryptoFile");
        }
        if (callbackHandler == null) {
            throw new WSSecurityException(0, "noCallback");
        }
        ArrayList handleEncryptedKey = handleEncryptedKey(element, callbackHandler, crypto2);
        this.encryptedKeyId = element.getAttributeNS(null, "Id");
        vector.add(0, new WSSecurityEngineResult(4, this.decryptedBytes, this.encryptedEphemeralKey, this.encryptedKeyId, handleEncryptedKey, this.cert));
    }

    public ArrayList handleEncryptedKey(Element element, CallbackHandler callbackHandler, Crypto crypto) throws WSSecurityException {
        return handleEncryptedKey(element, callbackHandler, crypto, null);
    }

    public ArrayList handleEncryptedKey(Element element, PrivateKey privateKey) throws WSSecurityException {
        return handleEncryptedKey(element, null, null, privateKey);
    }

    public ArrayList handleEncryptedKey(Element element, CallbackHandler callbackHandler, Crypto crypto, PrivateKey privateKey) throws WSSecurityException {
        String defaultX509Alias;
        long j = 0;
        long j2 = 0;
        if (tlog.isDebugEnabled()) {
            j = System.currentTimeMillis();
        }
        Document ownerDocument = element.getOwnerDocument();
        Element element2 = (Element) WSSecurityUtil.getDirectChild(element, EncryptionConstants._TAG_ENCRYPTIONMETHOD, "http://www.w3.org/2001/04/xmlenc#");
        String str = null;
        if (element2 != null) {
            str = element2.getAttribute("Algorithm");
        }
        if (str == null) {
            throw new WSSecurityException(2, "noEncAlgo");
        }
        Cipher cipherInstance = WSSecurityUtil.getCipherInstance(str);
        Element element3 = null;
        Element element4 = (Element) WSSecurityUtil.getDirectChild(element, EncryptionConstants._TAG_CIPHERDATA, "http://www.w3.org/2001/04/xmlenc#");
        if (element4 != null) {
            element3 = (Element) WSSecurityUtil.getDirectChild(element4, EncryptionConstants._TAG_CIPHERVALUE, "http://www.w3.org/2001/04/xmlenc#");
        }
        if (element3 == null) {
            throw new WSSecurityException(3, "noCipher");
        }
        if (privateKey == null) {
            Element element5 = (Element) WSSecurityUtil.getDirectChild(element, Constants._TAG_KEYINFO, "http://www.w3.org/2000/09/xmldsig#");
            if (element5 != null) {
                Element element6 = (Element) WSSecurityUtil.getDirectChild(element5, "SecurityTokenReference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
                if (element6 == null) {
                    throw new WSSecurityException(3, "noSecTokRef");
                }
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(element6);
                if (securityTokenReference.containsX509Data() || securityTokenReference.containsX509IssuerSerial()) {
                    defaultX509Alias = securityTokenReference.getX509IssuerSerialAlias(crypto);
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("X509IssuerSerial alias: ").append(defaultX509Alias).toString());
                    }
                } else if (securityTokenReference.containsKeyIdentifier()) {
                    X509Certificate[] keyIdentifier = securityTokenReference.getKeyIdentifier(crypto);
                    if (keyIdentifier == null || keyIdentifier.length < 1 || keyIdentifier[0] == null) {
                        throw new WSSecurityException(0, "noCertsFound", new Object[]{"decryption (KeyId)"});
                    }
                    defaultX509Alias = crypto.getAliasForX509Cert(keyIdentifier[0]);
                    this.cert = keyIdentifier[0];
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("cert: ").append(keyIdentifier[0]).toString());
                        log.debug(new StringBuffer().append("KeyIdentifier Alias: ").append(defaultX509Alias).toString());
                    }
                } else {
                    if (!securityTokenReference.containsReference()) {
                        throw new WSSecurityException(3, "unsupportedKeyId");
                    }
                    Element tokenElement = securityTokenReference.getTokenElement(ownerDocument, null, callbackHandler);
                    if (!new QName(tokenElement.getNamespaceURI(), tokenElement.getLocalName()).equals(WSSecurityEngine.binaryToken)) {
                        throw new WSSecurityException(1, "unsupportedBinaryTokenType", null);
                    }
                    X509Security x509Security = new X509Security(tokenElement);
                    if (!X509Security.X509_V3_TYPE.equals(tokenElement.getAttribute(WSSecurityEngine.VALUE_TYPE)) || x509Security == null) {
                        throw new WSSecurityException(1, "unsupportedBinaryTokenType", new Object[]{"for decryption (BST)"});
                    }
                    this.cert = x509Security.getX509Certificate(crypto);
                    if (this.cert == null) {
                        throw new WSSecurityException(0, "noCertsFound", new Object[]{"decryption"});
                    }
                    defaultX509Alias = crypto.getAliasForX509Cert(this.cert);
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("BST Alias: ").append(defaultX509Alias).toString());
                    }
                }
            } else {
                if (crypto.getDefaultX509Alias() == null) {
                    throw new WSSecurityException(3, "noKeyinfo");
                }
                defaultX509Alias = crypto.getDefaultX509Alias();
            }
            WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(defaultX509Alias, 1);
            try {
                callbackHandler.handle(new Callback[]{wSPasswordCallback});
                String password = wSPasswordCallback.getPassword();
                if (password == null) {
                    throw new WSSecurityException(0, "noPassword", new Object[]{defaultX509Alias});
                }
                try {
                    privateKey = crypto.getPrivateKey(defaultX509Alias, password);
                } catch (Exception e) {
                    throw new WSSecurityException(6, null, null, e);
                }
            } catch (IOException e2) {
                throw new WSSecurityException(0, "noPassword", new Object[]{defaultX509Alias}, e2);
            } catch (UnsupportedCallbackException e3) {
                throw new WSSecurityException(0, "noPassword", new Object[]{defaultX509Alias}, e3);
            }
        }
        try {
            cipherInstance.init(2, privateKey);
            try {
                this.encryptedEphemeralKey = getDecodedBase64EncodedData(element3);
                this.decryptedBytes = cipherInstance.doFinal(this.encryptedEphemeralKey);
                if (tlog.isDebugEnabled()) {
                    j2 = System.currentTimeMillis();
                }
                Element element7 = (Element) WSSecurityUtil.getDirectChild(element, "ReferenceList", "http://www.w3.org/2001/04/xmlenc#");
                ArrayList arrayList = new ArrayList();
                if (element7 == null) {
                    if (!tlog.isDebugEnabled()) {
                        return null;
                    }
                    long currentTimeMillis = System.currentTimeMillis();
                    tlog.debug(new StringBuffer().append("XMLDecrypt: total= ").append(currentTimeMillis - j).append(", get-sym-key= ").append(j2 - j).append(", decrypt= ").append(currentTimeMillis - j2).toString());
                    return null;
                }
                Node firstChild = element7.getFirstChild();
                while (true) {
                    Node node = firstChild;
                    if (node == null) {
                        return arrayList;
                    }
                    if (node.getNodeType() == 1 && node.getNamespaceURI().equals("http://www.w3.org/2001/04/xmlenc#") && node.getLocalName().equals(EncryptionConstants._TAG_DATAREFERENCE)) {
                        String attribute = ((Element) node).getAttribute("URI");
                        if (attribute.charAt(0) == '#') {
                            attribute = attribute.substring(1);
                        }
                        arrayList.add(decryptDataRef(ownerDocument, attribute, this.decryptedBytes));
                    }
                    firstChild = node.getNextSibling();
                }
            } catch (IllegalStateException e4) {
                throw new WSSecurityException(6, null, null, e4);
            } catch (BadPaddingException e5) {
                throw new WSSecurityException(6, null, null, e5);
            } catch (IllegalBlockSizeException e6) {
                throw new WSSecurityException(6, null, null, e6);
            }
        } catch (Exception e7) {
            throw new WSSecurityException(6, null, null, e7);
        }
    }

    public static byte[] getDecodedBase64EncodedData(Element element) throws WSSecurityException {
        StringBuffer stringBuffer = new StringBuffer();
        NodeList childNodes = element.getChildNodes();
        int length = childNodes.getLength();
        for (int i = 0; i < length; i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 3) {
                stringBuffer.append(((Text) item).getData());
            }
        }
        return Base64.decode(stringBuffer.toString());
    }

    private WSDataRef decryptDataRef(Document document, String str, byte[] bArr) throws WSSecurityException {
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("found data reference: ").append(str).toString());
        }
        Element findEncryptedDataElement = ReferenceListProcessor.findEncryptedDataElement(document, str);
        String encAlgo = X509Util.getEncAlgo(findEncryptedDataElement);
        return ReferenceListProcessor.decryptEncryptedData(document, str, findEncryptedDataElement, WSSecurityUtil.prepareSecretKey(encAlgo, bArr), encAlgo);
    }

    @Override // org.apache.ws.security.processor.Processor
    public String getId() {
        return this.encryptedKeyId;
    }

    public byte[] getDecryptedBytes() {
        return this.decryptedBytes;
    }

    public byte[] getEncryptedEphemeralKey() {
        return this.encryptedEphemeralKey;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$processor$EncryptedKeyProcessor == null) {
            cls = class$("org.apache.ws.security.processor.EncryptedKeyProcessor");
            class$org$apache$ws$security$processor$EncryptedKeyProcessor = cls;
        } else {
            cls = class$org$apache$ws$security$processor$EncryptedKeyProcessor;
        }
        log = LogFactory.getLog(cls.getName());
        tlog = LogFactory.getLog("org.apache.ws.security.TIME");
    }
}
