package org.apache.wss4j.dom.message;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.spec.SecretKeySpec;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.Serializer;
import org.apache.xml.security.keys.KeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/wss4j-ws-security-dom-2.2.5.jar:org/apache/wss4j/dom/message/WSSecEncrypt.class */
public class WSSecEncrypt extends WSSecEncryptedKey {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) WSSecEncrypt.class);
    private SecurityTokenReference securityTokenReference;
    private boolean encryptSymmKey;
    private String customReferenceValue;
    private boolean encKeyIdDirectId;
    private boolean embedEncryptedKey;
    private List<Element> attachmentEncryptedDataElements;
    private Serializer encryptionSerializer;

    public WSSecEncrypt(WSSecHeader wSSecHeader) {
        super(wSSecHeader);
        this.encryptSymmKey = true;
    }

    public WSSecEncrypt(Document document) {
        super(document);
        this.encryptSymmKey = true;
    }

    @Override // org.apache.wss4j.dom.message.WSSecEncryptedKey
    public void prepare(Crypto crypto) throws WSSecurityException {
        CryptoType cryptoType;
        this.attachmentEncryptedDataElements = new ArrayList();
        if (this.symmetricKey == null) {
            if (getEphemeralKey() != null) {
                this.symmetricKey = KeyUtils.prepareSecretKey(getSymmetricEncAlgorithm(), getEphemeralKey());
            } else {
                this.symmetricKey = KeyUtils.getKeyGenerator(getSymmetricEncAlgorithm()).generateKey();
            }
        }
        if (!this.encryptSymmKey || this.encryptedEphemeralKey != null) {
            if (this.encryptedEphemeralKey != null) {
                prepareInternal(this.symmetricKey);
                return;
            } else {
                this.encryptedEphemeralKey = this.symmetricKey.getEncoded();
                return;
            }
        }
        if (getUseThisPublicKey() != null) {
            prepareInternal(this.symmetricKey, getUseThisPublicKey(), crypto);
            return;
        }
        X509Certificate useThisCert = getUseThisCert();
        if (useThisCert == null) {
            if (crypto == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "encryptionCryptoFailure");
            }
            if (this.keyIdentifierType == 14) {
                cryptoType = new CryptoType(CryptoType.TYPE.ENDPOINT);
                cryptoType.setEndpoint(this.user);
            } else {
                cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
                cryptoType.setAlias(this.user);
            }
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates == null || x509Certificates.length <= 0) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            useThisCert = x509Certificates[0];
        }
        prepareInternal(this.symmetricKey, useThisCert, crypto);
    }

    public Document build(Crypto crypto) throws WSSecurityException {
        prepare(crypto);
        LOG.debug("Beginning Encryption...");
        Element encrypt = encrypt();
        addAttachmentEncryptedDataElements();
        if (getEncryptedKeyElement() != null) {
            addInternalRefElement(encrypt);
            prependToHeader();
        } else {
            addExternalRefElement(encrypt);
        }
        prependBSTElementToHeader();
        clean();
        LOG.debug("Encryption complete.");
        return getDocument();
    }

    public Element encrypt() throws WSSecurityException {
        if (getParts().isEmpty()) {
            getParts().add(WSSecurityUtil.getDefaultEncryptionPart(getDocument()));
        }
        return encryptForRef(null, getParts());
    }

    public Element encryptForRef(Element element, List<WSEncryptionPart> list) throws WSSecurityException {
        KeyInfo createKeyInfo = createKeyInfo();
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.symmetricKey.getEncoded(), JCEMapper.getJCEKeyAlgorithmFromURI(getSymmetricEncAlgorithm()));
        Encryptor encryptor = new Encryptor();
        encryptor.setDoc(getDocument());
        encryptor.setSecurityHeader(getSecurityHeader());
        encryptor.setIdAllocator(getIdAllocator());
        encryptor.setCallbackLookup(this.callbackLookup);
        encryptor.setAttachmentCallbackHandler(this.attachmentCallbackHandler);
        encryptor.setStoreBytesInAttachment(this.storeBytesInAttachment);
        encryptor.setEncryptionSerializer(getEncryptionSerializer());
        encryptor.setExpandXopInclude(isExpandXopInclude());
        encryptor.setWsDocInfo(getWsDocInfo());
        List<String> doEncryption = encryptor.doEncryption(createKeyInfo, secretKeySpec, getSymmetricEncAlgorithm(), list, this.attachmentEncryptedDataElements);
        if (doEncryption.isEmpty()) {
            return null;
        }
        if (element == null) {
            element = getDocument().createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:ReferenceList");
            if (!this.encryptSymmKey) {
                XMLUtils.setNamespace(element, "http://www.w3.org/2001/04/xmlenc#", "xenc");
            }
        }
        return createDataRefList(getDocument(), element, doEncryption);
    }

    public void addInternalRefElement(Element element) {
        if (element != null) {
            getEncryptedKeyElement().appendChild(element);
        }
    }

    public void addExternalRefElement(Element element) {
        if (element != null) {
            WSSecurityUtil.prependChildElement(getSecurityHeader().getSecurityHeaderElement(), element);
        }
    }

    public void addAttachmentEncryptedDataElements() {
        if (this.attachmentEncryptedDataElements != null) {
            for (int i = 0; i < this.attachmentEncryptedDataElements.size(); i++) {
                WSSecurityUtil.prependChildElement(getSecurityHeader().getSecurityHeaderElement(), this.attachmentEncryptedDataElements.get(i));
            }
        }
    }

    private KeyInfo createKeyInfo() throws WSSecurityException {
        KeyInfo keyInfo = new KeyInfo(getDocument());
        if (this.embedEncryptedKey) {
            keyInfo.addUnknownElement(getEncryptedKeyElement());
        } else if (this.keyIdentifierType == 10) {
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(getDocument());
            if (this.addWSUNamespace) {
                securityTokenReference.addWSUNamespace();
            }
            securityTokenReference.addWSSENamespace();
            if (this.customReferenceValue != null) {
                securityTokenReference.setKeyIdentifierEncKeySHA1(this.customReferenceValue);
            } else {
                securityTokenReference.setKeyIdentifierEncKeySHA1(org.apache.xml.security.utils.XMLUtils.encodeToString(KeyUtils.generateDigest(this.encryptedEphemeralKey)));
            }
            securityTokenReference.addTokenType(WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE);
            keyInfo.addUnknownElement(securityTokenReference.getElement());
        } else if (WSS4JConstants.WSS_SAML_KI_VALUE_TYPE.equals(this.customReferenceValue)) {
            SecurityTokenReference securityTokenReference2 = new SecurityTokenReference(getDocument());
            if (this.addWSUNamespace) {
                securityTokenReference2.addWSUNamespace();
            }
            securityTokenReference2.addWSSENamespace();
            securityTokenReference2.addTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE);
            securityTokenReference2.setKeyIdentifier(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE, getId());
            keyInfo.addUnknownElement(securityTokenReference2.getElement());
        } else if (WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE.equals(this.customReferenceValue)) {
            SecurityTokenReference securityTokenReference3 = new SecurityTokenReference(getDocument());
            if (this.addWSUNamespace) {
                securityTokenReference3.addWSUNamespace();
            }
            securityTokenReference3.addWSSENamespace();
            securityTokenReference3.addTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
            securityTokenReference3.setKeyIdentifier(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE, getId());
            keyInfo.addUnknownElement(securityTokenReference3.getElement());
        } else if (WSS4JConstants.WSS_KRB_KI_VALUE_TYPE.equals(this.customReferenceValue)) {
            SecurityTokenReference securityTokenReference4 = new SecurityTokenReference(getDocument());
            if (this.addWSUNamespace) {
                securityTokenReference4.addWSUNamespace();
            }
            securityTokenReference4.addWSSENamespace();
            securityTokenReference4.addTokenType(WSS4JConstants.WSS_GSS_KRB_V5_AP_REQ);
            securityTokenReference4.setKeyIdentifier(this.customReferenceValue, getId(), true);
            keyInfo.addUnknownElement(securityTokenReference4.getElement());
        } else if (this.securityTokenReference != null) {
            Element element = this.securityTokenReference.getElement();
            element.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + element.getPrefix(), element.getNamespaceURI());
            keyInfo.addUnknownElement(this.securityTokenReference.getElement());
        } else if (getId() != null) {
            SecurityTokenReference securityTokenReference5 = new SecurityTokenReference(getDocument());
            if (this.addWSUNamespace) {
                securityTokenReference5.addWSUNamespace();
            }
            securityTokenReference5.addWSSENamespace();
            Reference reference = new Reference(getDocument());
            if (this.encKeyIdDirectId) {
                reference.setURI(getId());
            } else {
                reference.setURI("#" + getId());
            }
            if (this.customReferenceValue != null) {
                reference.setValueType(this.customReferenceValue);
            }
            securityTokenReference5.setReference(reference);
            if (KerberosSecurity.isKerberosToken(this.customReferenceValue)) {
                securityTokenReference5.addTokenType(this.customReferenceValue);
            } else if (!WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE.equals(this.customReferenceValue)) {
                securityTokenReference5.addTokenType(WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE);
            }
            keyInfo.addUnknownElement(securityTokenReference5.getElement());
        } else if (!this.encryptSymmKey && this.keyIdentifierType == 2) {
            SecurityTokenReference securityTokenReference6 = new SecurityTokenReference(getDocument());
            if (this.addWSUNamespace) {
                securityTokenReference6.addWSUNamespace();
            }
            securityTokenReference6.addWSSENamespace();
            if (this.customReferenceValue != null) {
                securityTokenReference6.setKeyIdentifierEncKeySHA1(this.customReferenceValue);
            } else {
                securityTokenReference6.setKeyIdentifierEncKeySHA1(org.apache.xml.security.utils.XMLUtils.encodeToString(KeyUtils.generateDigest(this.encryptedEphemeralKey)));
            }
            securityTokenReference6.addTokenType(WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE);
            keyInfo.addUnknownElement(securityTokenReference6.getElement());
        }
        keyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
        return keyInfo;
    }

    public static Element createDataRefList(Document document, Element element, List<String> list) {
        for (String str : list) {
            Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:DataReference");
            createElementNS.setAttributeNS(null, "URI", str);
            element.appendChild(createElementNS);
        }
        return element;
    }

    public SecurityTokenReference getSecurityTokenReference() {
        return this.securityTokenReference;
    }

    public void setSecurityTokenReference(SecurityTokenReference securityTokenReference) {
        this.securityTokenReference = securityTokenReference;
    }

    public boolean isEncryptSymmKey() {
        return this.encryptSymmKey;
    }

    public void setEncryptSymmKey(boolean z) {
        this.encryptSymmKey = z;
    }

    public void setCustomReferenceValue(String str) {
        this.customReferenceValue = str;
    }

    public void setEncKeyIdDirectId(boolean z) {
        this.encKeyIdDirectId = z;
    }

    public void setEmbedEncryptedKey(boolean z) {
        this.embedEncryptedKey = z;
    }

    public boolean isEmbedEncryptedKey() {
        return this.embedEncryptedKey;
    }

    public List<Element> getAttachmentEncryptedDataElements() {
        return this.attachmentEncryptedDataElements;
    }

    public Serializer getEncryptionSerializer() {
        return this.encryptionSerializer;
    }

    public void setEncryptionSerializer(Serializer serializer) {
        this.encryptionSerializer = serializer;
    }
}
