package org.apache.wss4j.dom.action;

import java.util.List;
import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.EncryptionActionToken;
import org.apache.wss4j.common.SecurityActionToken;
import org.apache.wss4j.common.SignatureActionToken;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandler;
import org.apache.wss4j.dom.message.WSSecDKEncrypt;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xalan.templates.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:BOOT-INF/lib/wss4j-ws-security-dom-2.3.3.jar:org/apache/wss4j/dom/action/EncryptionDerivedAction.class */
public class EncryptionDerivedAction extends AbstractDerivedAction implements Action {
    @Override // org.apache.wss4j.dom.action.Action
    public void execute(WSHandler wSHandler, SecurityActionToken securityActionToken, RequestData requestData) throws WSSecurityException {
        CallbackHandler callbackHandler = requestData.getCallbackHandler();
        if (callbackHandler == null) {
            callbackHandler = wSHandler.getPasswordCallbackHandler(requestData);
        }
        EncryptionActionToken encryptionActionToken = null;
        if (securityActionToken instanceof EncryptionActionToken) {
            encryptionActionToken = (EncryptionActionToken) securityActionToken;
        }
        if (encryptionActionToken == null) {
            encryptionActionToken = requestData.getEncryptionToken();
        }
        WSPasswordCallback passwordCB = wSHandler.getPasswordCB(encryptionActionToken.getUser(), 65536, callbackHandler, requestData);
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt(requestData.getSecHeader());
        wSSecDKEncrypt.setIdAllocator(requestData.getWssConfig().getIdAllocator());
        wSSecDKEncrypt.setWsDocInfo(requestData.getWsDocInfo());
        wSSecDKEncrypt.setExpandXopInclude(requestData.isExpandXopInclude());
        if (encryptionActionToken.getKeyIdentifierId() != 0) {
            wSSecDKEncrypt.setKeyIdentifierType(encryptionActionToken.getKeyIdentifierId());
        }
        if (encryptionActionToken.getSymmetricAlgorithm() != null) {
            wSSecDKEncrypt.setSymmetricEncAlgorithm(encryptionActionToken.getSymmetricAlgorithm());
        }
        wSSecDKEncrypt.setUserInfo(encryptionActionToken.getUser(), passwordCB.getPassword());
        if (requestData.isUse200512Namespace()) {
            wSSecDKEncrypt.setWscVersion(2);
        } else {
            wSSecDKEncrypt.setWscVersion(1);
        }
        if (encryptionActionToken.getDerivedKeyLength() > 0) {
            wSSecDKEncrypt.setDerivedKeyLength(encryptionActionToken.getDerivedKeyLength());
        }
        Document ownerDocument = requestData.getSecHeader().getSecurityHeaderElement().getOwnerDocument();
        String derivedKeyTokenReference = encryptionActionToken.getDerivedKeyTokenReference();
        Element element = null;
        SecretKey secretKey = null;
        if ("EncryptedKey".equals(derivedKeyTokenReference)) {
            if (requestData.getSignatureToken() == null || requestData.getSignatureToken().getKey() == null || requestData.getSignatureToken().getKeyIdentifier() == null) {
                String symmetricAlgorithm = encryptionActionToken.getSymmetricAlgorithm();
                if (symmetricAlgorithm == null) {
                    symmetricAlgorithm = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
                }
                secretKey = KeyUtils.getKeyGenerator(symmetricAlgorithm).generateKey();
            }
            element = setupEncryptedKeyTokenReference(requestData, encryptionActionToken, wSSecDKEncrypt, passwordCB, ownerDocument, secretKey);
        } else if (ConversationConstants.SECURITY_CONTEXT_TOKEN_LN.equals(derivedKeyTokenReference)) {
            element = setupSCTTokenReference(requestData, encryptionActionToken, wSSecDKEncrypt, passwordCB, ownerDocument);
        }
        wSSecDKEncrypt.setAttachmentCallbackHandler(requestData.getAttachmentCallbackHandler());
        wSSecDKEncrypt.setStoreBytesInAttachment(requestData.isStoreBytesInAttachment());
        try {
            List<WSEncryptionPart> parts = encryptionActionToken.getParts();
            if (parts == null || parts.isEmpty()) {
                wSSecDKEncrypt.getParts().add(WSSecurityUtil.getDefaultEncryptionPart(ownerDocument));
            } else {
                wSSecDKEncrypt.getParts().addAll(parts);
            }
            wSSecDKEncrypt.prepare(getKey(requestData.getSignatureToken(), passwordCB, secretKey));
            Element encrypt = wSSecDKEncrypt.encrypt();
            Node node = null;
            if (element == null && "EncryptedKey".equals(encryptionActionToken.getDerivedKeyTokenReference())) {
                node = findEncryptedKeySibling(requestData);
            } else if (element == null && ConversationConstants.SECURITY_CONTEXT_TOKEN_LN.equals(encryptionActionToken.getDerivedKeyTokenReference())) {
                node = findSCTSibling(requestData);
            }
            if (node == null) {
                wSSecDKEncrypt.prependDKElementToHeader();
            } else {
                requestData.getSecHeader().getSecurityHeaderElement().insertBefore(wSSecDKEncrypt.getdktElement(), node);
            }
            wSSecDKEncrypt.addExternalRefElement(encrypt);
            if (element != null) {
                WSSecurityUtil.prependChildElement(requestData.getSecHeader().getSecurityHeaderElement(), element);
            }
            wSSecDKEncrypt.clean();
        } catch (WSSecurityException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, Constants.ELEMNAME_EMPTY_STRING, new Object[]{"Error during Encryption: "});
        }
    }

    private Element setupSCTTokenReference(RequestData requestData, EncryptionActionToken encryptionActionToken, WSSecDKEncrypt wSSecDKEncrypt, WSPasswordCallback wSPasswordCallback, Document document) throws WSSecurityException {
        if (requestData.getSignatureToken() == null || requestData.getSignatureToken().getKey() == null || requestData.getSignatureToken().getKeyIdentifier() == null) {
            return setupSCTReference(wSSecDKEncrypt, wSPasswordCallback, encryptionActionToken, requestData.isUse200512Namespace(), document);
        }
        setupSCTReference(wSSecDKEncrypt, requestData.getSignatureToken(), requestData.isUse200512Namespace());
        return null;
    }

    private Element setupEncryptedKeyTokenReference(RequestData requestData, EncryptionActionToken encryptionActionToken, WSSecDKEncrypt wSSecDKEncrypt, WSPasswordCallback wSPasswordCallback, Document document, SecretKey secretKey) throws WSSecurityException {
        if (secretKey != null) {
            return setupEKReference(wSSecDKEncrypt, requestData.getSecHeader(), wSPasswordCallback, encryptionActionToken, requestData.isUse200512Namespace(), document, null, null, secretKey);
        }
        setupEKReference(wSSecDKEncrypt, requestData.getSignatureToken());
        return null;
    }

    private byte[] getKey(SignatureActionToken signatureActionToken, WSPasswordCallback wSPasswordCallback, SecretKey secretKey) throws WSSecurityException {
        return secretKey != null ? secretKey.getEncoded() : (signatureActionToken == null || signatureActionToken.getKey() == null || signatureActionToken.getKeyIdentifier() == null) ? wSPasswordCallback.getKey() : signatureActionToken.getKey();
    }
}
