package com.sun.identity.xmlenc;

import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.shared.xml.XMLUtils;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.forgerock.openam.sdk.org.apache.xml.security.Init;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.XMLCipher;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.KeyInfo;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.content.X509Data;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.storage.StorageResolver;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.storage.implementations.KeyStoreResolver;
import org.forgerock.openam.sdk.org.apache.xml.security.transforms.Transforms;
import org.forgerock.openam.sdk.org.forgerock.http.swagger.SwaggerApiProducer;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/xmlenc/AMEncryptionProvider.class */
public class AMEncryptionProvider implements EncryptionProvider {
    protected KeyProvider keyProvider = null;
    protected static Map keyMap = new HashMap();

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public void initialize(KeyProvider keyProvider) throws EncryptionException {
        if (keyProvider == null) {
            EncryptionUtils.debug.error("AMSignatureProvider.initialize: keyprovider is null");
            throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
        }
        this.keyProvider = keyProvider;
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplace(Document document, Element element, String str, int i, String str2, int i2) throws EncryptionException {
        return encryptAndReplace(document, element, str, i, this.keyProvider.getPublicKey(str2), i2, null, false);
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplace(Document document, Element element, String str, int i, String str2, int i2, String str3) throws EncryptionException {
        return encryptAndReplace(document, element, str, i, this.keyProvider.getPublicKey(str2), i2, str3, false);
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplaceResourceID(Document document, Element element, String str, int i, String str2, int i2, String str3) throws EncryptionException {
        return encryptAndReplace(document, element, str, i, this.keyProvider.getPublicKey(str2), i2, str3, true);
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplace(Document document, Element element, String str, int i, Key key, int i2, String str2) throws EncryptionException {
        return encryptAndReplace(document, element, str, i, key, i2, str2, false);
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplaceResourceID(Document document, Element element, String str, int i, Key key, int i2, String str2) throws EncryptionException {
        return encryptAndReplace(document, element, str, i, key, i2, str2, true);
    }

    private Document encryptAndReplace(Document document, Element element, String str, int i, Key key, int i2, String str2, boolean z) throws EncryptionException {
        SecretKey generateSecretKey;
        XMLCipher xMLCipher;
        if (document == null || element == null || key == null) {
            EncryptionUtils.debug.error("AMEncryptionProvider.encryptAndReplace: Null values");
            throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
        }
        String encryptionAlgorithmShortName = getEncryptionAlgorithmShortName(str);
        if (str2 == null) {
            generateSecretKey = generateSecretKey(encryptionAlgorithmShortName, i);
        } else if (keyMap.containsKey(str2)) {
            generateSecretKey = (SecretKey) keyMap.get(str2);
        } else {
            generateSecretKey = generateSecretKey(encryptionAlgorithmShortName, i);
            keyMap.put(str2, generateSecretKey);
        }
        if (generateSecretKey == null) {
            throw new EncryptionException(EncryptionUtils.bundle.getString("generateKeyError"));
        }
        try {
            String algorithm = key.getAlgorithm();
            if (algorithm.equals("RSA")) {
                xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_RSA_1_5);
            } else if (algorithm.equals(EncryptionConstants.TRIPLEDES)) {
                xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_3DES);
            } else {
                if (!algorithm.equals(EncryptionConstants.AES)) {
                    throw new EncryptionException(EncryptionUtils.bundle.getString("unsupportedKeyAlg"));
                }
                if (i2 == 0 || i2 == 128) {
                    xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_AES_128);
                } else if (i2 == 192) {
                    xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#kw-aes192");
                } else {
                    if (i2 != 256) {
                        throw new EncryptionException(EncryptionUtils.bundle.getString("invalidKeyStrength"));
                    }
                    xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_AES_256);
                }
            }
            xMLCipher.init(3, key);
            org.forgerock.openam.sdk.org.apache.xml.security.encryption.EncryptedKey encryptKey = xMLCipher.encryptKey(document, generateSecretKey);
            KeyInfo keyInfo = new KeyInfo(document);
            X509Data x509Data = new X509Data(document);
            x509Data.addCertificate((X509Certificate) this.keyProvider.getCertificate((PublicKey) key));
            keyInfo.add(x509Data);
            encryptKey.setKeyInfo(keyInfo);
            String str3 = null;
            if (z) {
                str3 = SAMLUtils.generateID();
                encryptKey.setId(str3);
            }
            if (EncryptionUtils.debug.messageEnabled()) {
                EncryptionUtils.debug.message("AMEncryptionProvider.encryptAndReplace: Encrypted key = " + toString(xMLCipher.martial(document, encryptKey)));
            }
            XMLCipher xMLCipher2 = XMLCipher.getInstance(getEncryptionAlgorithm(encryptionAlgorithmShortName, i));
            xMLCipher2.init(1, generateSecretKey);
            org.forgerock.openam.sdk.org.apache.xml.security.encryption.EncryptedData encryptedData = xMLCipher2.getEncryptedData();
            KeyInfo keyInfo2 = encryptedData.getKeyInfo();
            if (keyInfo2 == null) {
                keyInfo2 = new KeyInfo(document);
                encryptedData.setKeyInfo(keyInfo2);
            }
            if (z) {
                keyInfo2.addKeyName(str2);
                keyInfo2.addRetrievalMethod(SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + str3, (Transforms) null, "http://www.w3.org/2001/04/xmlenc#EncryptedKey");
            } else {
                keyInfo2.add(encryptKey);
            }
            Document doFinal = xMLCipher2.doFinal(document, element);
            if (z) {
                Element element2 = (Element) doFinal.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
                Node parentNode = element2.getParentNode();
                Element createElementNS = doFinal.createElementNS("urn:liberty:disco:2003-08", "EncryptedResourceID");
                parentNode.replaceChild(createElementNS, element2);
                createElementNS.appendChild(element2);
                Element martial = xMLCipher2.martial(document, encryptKey);
                Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CarriedKeyName");
                createElementNS2.appendChild(document.createTextNode(str2));
                martial.appendChild(createElementNS2);
                createElementNS.appendChild(martial);
            }
            return doFinal;
        } catch (Exception e) {
            EncryptionUtils.debug.error("AMEncryptionProvider.encryptAndReplace: XML Encryption error", e);
            throw new EncryptionException(e);
        }
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplaceWSSElements(Document document, Map map, String str, int i, String str2, int i2, String str3, String str4) throws EncryptionException {
        return null;
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document decryptAndReplace(Document document, String str) throws EncryptionException {
        return decryptAndReplace(document, this.keyProvider.getPrivateKey(str));
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document decryptAndReplace(Document document, Key key) throws EncryptionException {
        EncryptionUtils.debug.message("************IN DECRYPT *************");
        if (document == null) {
            throw new EncryptionException(EncryptionUtils.bundle.getString("null encrypted doc"));
        }
        if (EncryptionUtils.debug.messageEnabled()) {
            EncryptionUtils.debug.message("AMEncryptionProvider.decryptAndReplace: input encrypted DOC = " + XMLUtils.print(document));
        }
        Key key2 = null;
        Document document2 = null;
        org.forgerock.openam.sdk.org.apache.xml.security.encryption.EncryptedKey encryptedKey = null;
        Element element = null;
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData");
        int length = elementsByTagNameNS.getLength();
        if (elementsByTagNameNS == null || length == 0) {
            return document;
        }
        Element element2 = (Element) document.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey").item(0);
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance();
            xMLCipher.init(2, (Key) null);
            int i = 0;
            Element element3 = (Element) elementsByTagNameNS.item(0);
            while (i < length) {
                try {
                    if (EncryptionUtils.debug.messageEnabled()) {
                        EncryptionUtils.debug.message("AMEncryptionProvider.decryptAndReplace: encrypted element (" + i + ") = " + XMLUtils.print(element3));
                    }
                    org.forgerock.openam.sdk.org.apache.xml.security.encryption.EncryptedData loadEncryptedData = xMLCipher.loadEncryptedData(document, element3);
                    if (encryptedKey == null) {
                        encryptedKey = xMLCipher.loadEncryptedKey(document, element2);
                        if (encryptedKey == null) {
                            encryptedKey = loadEncryptedData.getKeyInfo().itemEncryptedKey(0);
                        }
                    }
                    if (EncryptionUtils.debug.messageEnabled()) {
                        EncryptionUtils.debug.message("AMEncryptionProvider.decryptAndReplace: Encrypted key = " + toString(xMLCipher.martial(document, encryptedKey)));
                        EncryptionUtils.debug.message("AMEncryptionProvider.decryptAndReplace: Encrypted Data (" + i + ") = " + toString(xMLCipher.martial(document, loadEncryptedData)));
                    }
                    if (encryptedKey != null) {
                        XMLCipher xMLCipher2 = XMLCipher.getInstance();
                        if (key == null) {
                            key = getPrivateKey(encryptedKey.getKeyInfo());
                        }
                        xMLCipher2.init(4, key);
                        key2 = xMLCipher2.decryptKey(encryptedKey, loadEncryptedData.getEncryptionMethod().getAlgorithm());
                    }
                    xMLCipher = XMLCipher.getInstance();
                    xMLCipher.init(2, key2);
                    i++;
                    if (i < length) {
                        element = (Element) elementsByTagNameNS.item(i);
                    }
                    document2 = xMLCipher.doFinal(document, element3);
                    element3 = element;
                    if (EncryptionUtils.debug.messageEnabled()) {
                        EncryptionUtils.debug.message("AMEncryptionProvider.decryptAndReplace: decryptedDoc (" + (i - 1) + ") = " + XMLUtils.print(document2));
                    }
                } catch (Exception e) {
                    EncryptionUtils.debug.error("AMEncryptionProvider.decryptAndReplace: XML Decryption error.", e);
                    throw new EncryptionException(e);
                }
            }
            if (EncryptionUtils.debug.messageEnabled()) {
                EncryptionUtils.debug.message("AMEncryptionProvider.decryptAndReplace: FINAL decryptedDoc = " + XMLUtils.print(document2));
            }
            return document2;
        } catch (Exception e2) {
            EncryptionUtils.debug.error("AMEncryptionProvider.decryptAndReplace: XML Decryption error for XMLCipher init :", e2);
            throw new EncryptionException(e2);
        }
    }

    private String toString(Element element) {
        return XMLUtils.print(element);
    }

    private String getEncryptionAlgorithmShortName(String str) throws EncryptionException {
        if (str == null) {
            return null;
        }
        if (str.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_AES_128) || str.equals("http://www.w3.org/2001/04/xmlenc#aes192-cbc") || str.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_AES_256)) {
            return EncryptionConstants.AES;
        }
        if (str.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_3DES)) {
            return EncryptionConstants.TRIPLEDES;
        }
        throw new EncryptionException(EncryptionUtils.bundle.getString("unsupportedKeyAlg"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getEncryptionAlgorithm(String str, int i) throws EncryptionException {
        if (str == null) {
            throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
        }
        if (!str.equals(EncryptionConstants.AES)) {
            if (str.equals(EncryptionConstants.TRIPLEDES)) {
                return EncryptionConstants.ENC_DATA_ENC_METHOD_3DES;
            }
            throw new EncryptionException(EncryptionUtils.bundle.getString("unsupportedKeyAlg"));
        }
        if (i == 0 || i == 128) {
            return EncryptionConstants.ENC_DATA_ENC_METHOD_AES_128;
        }
        if (i == 192) {
            return "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
        }
        if (i == 256) {
            return EncryptionConstants.ENC_DATA_ENC_METHOD_AES_256;
        }
        throw new EncryptionException(EncryptionUtils.bundle.getString("invalidKeyStrength"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecretKey generateSecretKey(String str, int i) throws EncryptionException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
            if (i != 0) {
                keyGenerator.init(i);
            }
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new EncryptionException(e);
        }
    }

    protected PrivateKey getPrivateKey(KeyInfo keyInfo) {
        PrivateKey privateKey = null;
        if (keyInfo != null) {
            try {
                keyInfo.addStorageResolver(new StorageResolver(new KeyStoreResolver(this.keyProvider.getKeyStore())));
                keyInfo.registerInternalKeyResolver(new X509IssuerSerialResolver());
                keyInfo.registerInternalKeyResolver(new X509CertificateResolver());
                keyInfo.registerInternalKeyResolver(new X509SKIResolver());
                keyInfo.registerInternalKeyResolver(new X509SubjectNameResolver());
                if (keyInfo.containsX509Data()) {
                    if (EncryptionUtils.debug.messageEnabled()) {
                        EncryptionUtils.debug.message("Found X509Data element in the KeyInfo");
                    }
                    privateKey = this.keyProvider.getPrivateKey(this.keyProvider.getCertificateAlias(keyInfo.getX509Certificate()));
                }
            } catch (Exception e) {
                EncryptionUtils.debug.error("getPrivateKey(KeyInfo) Exception: ", e);
            }
        }
        return privateKey;
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Key decryptKey(Element element, String str) {
        return null;
    }

    static {
        Init.init();
    }
}
