package org.apache.rahas.impl;

import java.security.SecureRandom;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.Base64;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.RahasData;
import org.apache.rahas.Token;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/lib/rampart-trust-1.3.jar:org/apache/rahas/impl/TokenIssuerUtil.class */
public class TokenIssuerUtil {
    public static final String ENCRYPTED_KEY = "EncryptedKey";
    public static final String BINARY_SECRET = "BinarySecret";

    public static byte[] getSharedSecret(RahasData rahasData, int i, int i2) throws TrustException {
        try {
            if (!(rahasData.getRequestEntropy() != null) || i == 3) {
                return generateEphemeralKey(i2);
            }
            if (i != 2) {
                return rahasData.getRequestEntropy();
            }
            rahasData.setResponseEntropy(WSSecurityUtil.generateNonce(i2 / 8));
            return new P_SHA1().createKey(rahasData.getRequestEntropy(), rahasData.getResponseEntropy(), 0, i2 / 8);
        } catch (WSSecurityException e) {
            throw new TrustException("errorCreatingSymmKey", (Throwable) e);
        } catch (ConversationException e2) {
            throw new TrustException("errorCreatingSymmKey", e2);
        }
    }

    public static void handleRequestedProofToken(RahasData rahasData, int i, AbstractIssuerConfig abstractIssuerConfig, OMElement oMElement, Token token, Document document) throws TrustException {
        OMElement createRequestedProofTokenElement = TrustUtil.createRequestedProofTokenElement(i, oMElement);
        if (abstractIssuerConfig.keyComputation == 2 && rahasData.getRequestEntropy() != null) {
            TrustUtil.createBinarySecretElement(i, TrustUtil.createEntropyElement(i, oMElement), RahasConstants.BIN_SEC_TYPE_NONCE).setText(Base64.encode(rahasData.getResponseEntropy()));
            TrustUtil.createComputedKeyElement(i, createRequestedProofTokenElement).setText(new StringBuffer().append(rahasData.getWstNs()).append(RahasConstants.COMPUTED_KEY_PSHA1).toString());
            return;
        }
        if (!"EncryptedKey".equals(abstractIssuerConfig.proofKeyType)) {
            if (!"BinarySecret".equals(abstractIssuerConfig.proofKeyType)) {
                throw new IllegalArgumentException(abstractIssuerConfig.proofKeyType);
            }
            byte[] sharedSecret = getSharedSecret(rahasData, abstractIssuerConfig.keyComputation, abstractIssuerConfig.keySize);
            TrustUtil.createBinarySecretElement(i, createRequestedProofTokenElement, null).setText(Base64.encode(sharedSecret));
            token.setSecret(sharedSecret);
            return;
        }
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        Crypto cryptoFactory = abstractIssuerConfig.cryptoElement != null ? CryptoFactory.getInstance(TrustUtil.toProperties(abstractIssuerConfig.cryptoElement), rahasData.getInMessageContext().getAxisService().getClassLoader()) : CryptoFactory.getInstance(abstractIssuerConfig.cryptoPropertiesFile, rahasData.getInMessageContext().getAxisService().getClassLoader());
        wSSecEncryptedKey.setKeyIdentifierType(8);
        try {
            wSSecEncryptedKey.setUseThisCert(rahasData.getClientCert());
            wSSecEncryptedKey.prepare(document, cryptoFactory);
            Element encryptedKeyElement = wSSecEncryptedKey.getEncryptedKeyElement();
            Element binarySecurityTokenElement = wSSecEncryptedKey.getBinarySecurityTokenElement();
            if (binarySecurityTokenElement != null) {
                createRequestedProofTokenElement.addChild((OMElement) binarySecurityTokenElement);
            }
            createRequestedProofTokenElement.addChild((OMElement) encryptedKeyElement);
            token.setSecret(wSSecEncryptedKey.getEphemeralKey());
        } catch (WSSecurityException e) {
            throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal", new String[]{rahasData.getClientCert().getSubjectDN().getName()});
        }
    }

    private static byte[] generateEphemeralKey(int i) throws TrustException {
        try {
            byte[] bArr = new byte[i / 8];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            return bArr;
        } catch (Exception e) {
            throw new TrustException("errorCreatingSymmKey", e);
        }
    }
}
