package com.helger.phase4.messaging.crypto;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.collection.CollectionHelper;
import com.helger.commons.collection.impl.ICommonsList;
import com.helger.commons.mime.CMimeType;
import com.helger.mail.cte.EContentTransferEncoding;
import com.helger.phase4.attachment.WSS4JAttachment;
import com.helger.phase4.attachment.WSS4JAttachmentCallbackHandler;
import com.helger.phase4.config.AS4Configuration;
import com.helger.phase4.crypto.AS4CryptParams;
import com.helger.phase4.crypto.IAS4CryptoFactory;
import com.helger.phase4.messaging.domain.MessageHelperMethods;
import com.helger.phase4.messaging.mime.AS4MimeMessage;
import com.helger.phase4.messaging.mime.MimeMessageCreator;
import com.helger.phase4.soap.ESoapVersion;
import com.helger.phase4.util.AS4ResourceHelper;
import com.helger.phase4.wss.WSSConfigManager;
import com.helger.phase4.wss.WSSSynchronizer;
import jakarta.mail.MessagingException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.WillNotClose;
import javax.annotation.concurrent.Immutable;
import javax.crypto.SecretKey;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;

@Immutable
/* loaded from: input_file:com/helger/phase4/messaging/crypto/AS4Encryptor.class */
public final class AS4Encryptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(AS4Encryptor.class);

    private AS4Encryptor() {
    }

    @Nonnull
    private static WSSecEncrypt _createEncrypt(@Nonnull WSSecHeader wSSecHeader, @Nonnull AS4CryptParams aS4CryptParams) {
        WSSecEncrypt createWSSecEncrypt = aS4CryptParams.hasWSSecEncryptCustomizer() ? aS4CryptParams.getWSSecEncryptCustomizer().createWSSecEncrypt(wSSecHeader) : new WSSecEncrypt(wSSecHeader);
        if (createWSSecEncrypt == null) {
            throw new IllegalStateException("Failed to create WSSecEncrypt for " + wSSecHeader);
        }
        createWSSecEncrypt.setKeyIdentifierType(aS4CryptParams.getKeyIdentifierType().getTypeID());
        createWSSecEncrypt.setSymmetricEncAlgorithm(aS4CryptParams.getAlgorithmCrypt().getAlgorithmURI());
        createWSSecEncrypt.setKeyEncAlgo(aS4CryptParams.getKeyEncAlgorithm().m27getID());
        createWSSecEncrypt.setMGFAlgorithm(aS4CryptParams.getMGFAlgorithm());
        createWSSecEncrypt.setDigestAlgorithm(aS4CryptParams.getDigestAlgorithm());
        createWSSecEncrypt.setEncryptSymmKey(aS4CryptParams.isEncryptSymmetricSessionKey());
        if (aS4CryptParams.hasCertificate()) {
            createWSSecEncrypt.setUseThisCert(aS4CryptParams.getCertificate());
        } else if (aS4CryptParams.hasAlias()) {
            createWSSecEncrypt.setUserInfo(aS4CryptParams.getAlias());
        }
        if (aS4CryptParams.hasWSSecEncryptCustomizer()) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Before running WSSecEncryptCustomizer.customize");
            }
            aS4CryptParams.getWSSecEncryptCustomizer().customize(createWSSecEncrypt);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("After running WSSecEncryptCustomizer.customize");
            }
        }
        return createWSSecEncrypt;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nonnull
    public static Document _encryptSoapBodyPayload(@Nonnull IAS4CryptoFactory iAS4CryptoFactory, @Nonnull ESoapVersion eSoapVersion, @Nonnull Document document, boolean z, @Nonnull AS4CryptParams aS4CryptParams) throws WSSecurityException {
        LOGGER.info("Now encrypting AS4 SOAP message. KeyIdentifierType=" + aS4CryptParams.getKeyIdentifierType().name() + "; EncAlgo=" + aS4CryptParams.getAlgorithmCrypt().getAlgorithmURI() + "; KeyEncAlgo=" + aS4CryptParams.getKeyEncAlgorithm() + "; MgfAlgo=" + aS4CryptParams.getMGFAlgorithm() + "; DigestAlgo=" + aS4CryptParams.getDigestAlgorithm() + (aS4CryptParams.hasAlias() ? "; KeyAlias=" + aS4CryptParams.getAlias() : "") + (aS4CryptParams.hasCertificate() ? "; CertificateSubjectCN=" + aS4CryptParams.getCertificate().getSubjectDN().getName() : ""));
        WSSecHeader wSSecHeader = new WSSecHeader(document);
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt _createEncrypt = _createEncrypt(wSSecHeader, aS4CryptParams);
        _createEncrypt.getParts().add(new WSEncryptionPart("Body", eSoapVersion.getNamespaceURI(), "Content"));
        Attr attributeNodeNS = wSSecHeader.getSecurityHeaderElement().getAttributeNodeNS(eSoapVersion.getNamespaceURI(), "mustUnderstand");
        if (attributeNodeNS != null) {
            attributeNodeNS.setValue(eSoapVersion.getMustUnderstandValue(z));
        }
        SecretKey sessionKey = aS4CryptParams.getSessionKeyProvider().getSessionKey();
        if (sessionKey == null) {
            throw new IllegalStateException("Failed to create a symmetric session key from " + aS4CryptParams.getSessionKeyProvider());
        }
        return _createEncrypt.build(iAS4CryptoFactory.getCrypto(), sessionKey);
    }

    @Nonnull
    public static Document encryptSoapBodyPayload(@Nonnull IAS4CryptoFactory iAS4CryptoFactory, @Nonnull ESoapVersion eSoapVersion, @Nonnull Document document, boolean z, @Nonnull AS4CryptParams aS4CryptParams) throws WSSecurityException {
        ValueEnforcer.notNull(iAS4CryptoFactory, "CryptoFactoryCrypt");
        ValueEnforcer.notNull(eSoapVersion, "SoapVersion");
        ValueEnforcer.notNull(document, "XMLDoc");
        ValueEnforcer.notNull(aS4CryptParams, "CryptParams");
        if (AS4Configuration.isWSS4JSynchronizedSecurity()) {
            return (Document) WSSSynchronizer.call(() -> {
                return _encryptSoapBodyPayload(iAS4CryptoFactory, eSoapVersion, document, z, aS4CryptParams);
            });
        }
        WSSConfigManager.getInstance();
        return _encryptSoapBodyPayload(iAS4CryptoFactory, eSoapVersion, document, z, aS4CryptParams);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nonnull
    public static AS4MimeMessage _encryptMimeMessage(@Nonnull ESoapVersion eSoapVersion, @Nonnull Document document, @Nullable ICommonsList<WSS4JAttachment> iCommonsList, @Nonnull IAS4CryptoFactory iAS4CryptoFactory, boolean z, @Nonnull @WillNotClose AS4ResourceHelper aS4ResourceHelper, @Nonnull AS4CryptParams aS4CryptParams) throws WSSecurityException {
        LOGGER.info("Now encrypting AS4 MIME message. KeyIdentifierType=" + aS4CryptParams.getKeyIdentifierType().name() + "; EncAlgo=" + aS4CryptParams.getAlgorithmCrypt().getAlgorithmURI() + "; KeyEncAlgo=" + aS4CryptParams.getKeyEncAlgorithm() + "; MgfAlgo=" + aS4CryptParams.getMGFAlgorithm() + "; DigestAlgo=" + aS4CryptParams.getDigestAlgorithm() + (aS4CryptParams.hasAlias() ? "; KeyAlias=" + aS4CryptParams.getAlias() : "") + (aS4CryptParams.hasCertificate() ? "; CertificateSubjectCN=" + aS4CryptParams.getCertificate().getSubjectDN().getName() : ""));
        WSSecHeader wSSecHeader = new WSSecHeader(document);
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt _createEncrypt = _createEncrypt(wSSecHeader, aS4CryptParams);
        _createEncrypt.getParts().add(new WSEncryptionPart(MessageHelperMethods.PREFIX_CID + "Attachments", "Content"));
        WSS4JAttachmentCallbackHandler wSS4JAttachmentCallbackHandler = null;
        if (CollectionHelper.isNotEmpty(iCommonsList)) {
            wSS4JAttachmentCallbackHandler = new WSS4JAttachmentCallbackHandler(iCommonsList, aS4ResourceHelper);
            _createEncrypt.setAttachmentCallbackHandler(wSS4JAttachmentCallbackHandler);
        }
        Attr attributeNodeNS = wSSecHeader.getSecurityHeaderElement().getAttributeNodeNS(eSoapVersion.getNamespaceURI(), "mustUnderstand");
        if (attributeNodeNS != null) {
            attributeNodeNS.setValue(eSoapVersion.getMustUnderstandValue(z));
        }
        SecretKey sessionKey = aS4CryptParams.getSessionKeyProvider().getSessionKey();
        if (sessionKey == null) {
            throw new IllegalStateException("Failed to create a symmetric session key from " + aS4CryptParams.getSessionKeyProvider());
        }
        Document build = _createEncrypt.build(iAS4CryptoFactory.getCrypto(), sessionKey);
        ICommonsList<WSS4JAttachment> iCommonsList2 = null;
        if (wSS4JAttachmentCallbackHandler != null) {
            iCommonsList2 = wSS4JAttachmentCallbackHandler.getAllResponseAttachments();
            for (WSS4JAttachment wSS4JAttachment : iCommonsList2) {
                wSS4JAttachment.overwriteMimeType(CMimeType.APPLICATION_OCTET_STREAM.getAsString());
                wSS4JAttachment.setContentTransferEncoding(EContentTransferEncoding.BINARY);
            }
        }
        try {
            return MimeMessageCreator.generateMimeMessage(eSoapVersion, build, iCommonsList2);
        } catch (MessagingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "Failed to generate MIME message");
        }
    }

    @Nonnull
    public static AS4MimeMessage encryptMimeMessage(@Nonnull ESoapVersion eSoapVersion, @Nonnull Document document, @Nullable ICommonsList<WSS4JAttachment> iCommonsList, @Nonnull IAS4CryptoFactory iAS4CryptoFactory, boolean z, @Nonnull @WillNotClose AS4ResourceHelper aS4ResourceHelper, @Nonnull AS4CryptParams aS4CryptParams) throws WSSecurityException {
        ValueEnforcer.notNull(iAS4CryptoFactory, "CryptoFactoryCrypt");
        ValueEnforcer.notNull(eSoapVersion, "SoapVersion");
        ValueEnforcer.notNull(document, "XMLDoc");
        ValueEnforcer.notNull(aS4ResourceHelper, "ResHelper");
        ValueEnforcer.notNull(aS4CryptParams, "CryptParams");
        if (AS4Configuration.isWSS4JSynchronizedSecurity()) {
            return (AS4MimeMessage) WSSSynchronizer.call(() -> {
                return _encryptMimeMessage(eSoapVersion, document, iCommonsList, iAS4CryptoFactory, z, aS4ResourceHelper, aS4CryptParams);
            });
        }
        WSSConfigManager.getInstance();
        return _encryptMimeMessage(eSoapVersion, document, iCommonsList, iAS4CryptoFactory, z, aS4ResourceHelper, aS4CryptParams);
    }
}
