package com.sun.identity.wss.xmlenc;

import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.wss.security.BinarySecurityToken;
import com.sun.identity.wss.security.SecurityToken;
import com.sun.identity.wss.security.WSSConstants;
import com.sun.identity.wss.security.WSSUtils;
import com.sun.identity.xmlenc.AMEncryptionProvider;
import com.sun.identity.xmlenc.EncryptionConstants;
import com.sun.identity.xmlenc.EncryptionException;
import com.sun.identity.xmlenc.EncryptionUtils;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.crypto.SecretKey;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.EncryptedData;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.EncryptedKey;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.ReferenceList;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.XMLCipher;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.XMLEncryptionException;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.KeyInfo;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.content.X509Data;
import org.forgerock.openam.sdk.org.forgerock.http.swagger.SwaggerApiProducer;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/sun/identity/wss/xmlenc/WSSEncryptionProvider.class */
public class WSSEncryptionProvider extends AMEncryptionProvider {
    @Override // com.sun.identity.xmlenc.AMEncryptionProvider, com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplaceWSSElements(Document document, Map map, String str, int i, String str2, int i2, String str3, String str4) throws EncryptionException {
        SecretKey generateSecretKey;
        XMLCipher xMLCipher;
        PublicKey publicKey = this.keyProvider.getPublicKey(str2);
        if (document == null || map == null || publicKey == null) {
            EncryptionUtils.debug.error("WSSEncryptionProvider.encryptAndReplaceWSSElements: Null values for doc or elements map or public key");
            throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
        }
        if (EncryptionUtils.debug.messageEnabled()) {
            EncryptionUtils.debug.message("WSSEncryptionProvider.encryptAndReplaceWSSElements: DOC input = " + WSSUtils.print(document));
        }
        Element element = (Element) document.getDocumentElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security").item(0);
        String str5 = str4 + str + i;
        if (str5 == null) {
            generateSecretKey = generateSecretKey(str, i);
        } else if (keyMap.containsKey(str5)) {
            generateSecretKey = (SecretKey) keyMap.get(str5);
            if (!generateSecretKey.getAlgorithm().equals(str)) {
                generateSecretKey = generateSecretKey(str, i);
            }
        } else {
            generateSecretKey = generateSecretKey(str, i);
            keyMap.put(str5, generateSecretKey);
        }
        if (generateSecretKey == null) {
            throw new EncryptionException(EncryptionUtils.bundle.getString("generateKeyError"));
        }
        try {
            String algorithm = publicKey.getAlgorithm();
            if (algorithm.equals("RSA")) {
                xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_RSA_1_5);
            } else if (algorithm.equals(EncryptionConstants.TRIPLEDES)) {
                xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_3DES);
            } else {
                if (!algorithm.equals(EncryptionConstants.AES)) {
                    throw new EncryptionException(EncryptionUtils.bundle.getString("unsupportedKeyAlg"));
                }
                if (i2 == 0 || i2 == 128) {
                    xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_AES_128);
                } else if (i2 == 192) {
                    xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#kw-aes192");
                } else {
                    if (i2 != 256) {
                        throw new EncryptionException(EncryptionUtils.bundle.getString("invalidKeyStrength"));
                    }
                    xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_AES_256);
                }
            }
            xMLCipher.init(3, publicKey);
            EncryptedKey encryptKey = xMLCipher.encryptKey(document, generateSecretKey);
            KeyInfo keyInfo = new KeyInfo(document);
            X509Data x509Data = new X509Data(document);
            x509Data.addCertificate((X509Certificate) this.keyProvider.getCertificate(publicKey));
            keyInfo.add(x509Data);
            Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:SecurityTokenReference");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            String generateID = SAMLUtils.generateID();
            createElementNS.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", generateID);
            keyInfo.addUnknownElement(createElementNS);
            createElementNS.setIdAttribute(generateID, true);
            Element createElementNS2 = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Reference");
            createElementNS2.setPrefix("wsse");
            String str6 = null;
            if (SecurityToken.WSS_X509_TOKEN.equals(str3)) {
                createElementNS2.setAttributeNS(null, "ValueType", BinarySecurityToken.X509V3);
                str6 = "BinarySecurityToken";
            } else if (SecurityToken.WSS_USERNAME_TOKEN.equals(str3)) {
                createElementNS2.setAttributeNS(null, "ValueType", WSSConstants.TAG_USERNAME_VALUE_TYPE);
                str6 = "UsernameToken";
            } else if (SecurityToken.WSS_SAML_TOKEN.equals(str3)) {
                createElementNS2.setAttributeNS(null, "ValueType", "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                str6 = "Assertion";
            } else if (SecurityToken.WSS_SAML2_TOKEN.equals(str3)) {
                createElementNS2.setAttributeNS(null, "ValueType", WSSConstants.SAML2_ASSERTION_VALUE_TYPE);
                str6 = "Assertion";
            }
            Element element2 = (Element) element.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", str6).item(0);
            if (element2 != null) {
                createElementNS2.setAttributeNS(null, "URI", SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + element2.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id"));
            }
            createElementNS.appendChild(createElementNS2);
            encryptKey.setKeyInfo(keyInfo);
            ReferenceList createReferenceList = xMLCipher.createReferenceList(1);
            if (createReferenceList != null) {
                Collection values = map.values();
                Set hashSet = values != null ? new HashSet(values) : Collections.EMPTY_SET;
                if (hashSet != null) {
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        createReferenceList.add(createReferenceList.newDataReference(SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + ((String) it.next())));
                    }
                }
                encryptKey.setReferenceList(createReferenceList);
            }
            String encryptionAlgorithm = getEncryptionAlgorithm(str, i);
            for (Map.Entry entry : map.entrySet()) {
                Element element3 = (Element) entry.getKey();
                String str7 = (String) entry.getValue();
                xMLCipher = XMLCipher.getInstance(encryptionAlgorithm);
                xMLCipher.init(1, generateSecretKey);
                EncryptedData encryptedData = xMLCipher.getEncryptedData();
                encryptedData.setId(str7);
                encryptedData.setEncryptionMethod(xMLCipher.createEncryptionMethod(encryptionAlgorithm));
                document = xMLCipher.doFinal(document, element3);
            }
            element.appendChild(xMLCipher.martial(document, encryptKey));
            Document document2 = document;
            if (EncryptionUtils.debug.messageEnabled()) {
                EncryptionUtils.debug.message("WSSEncryptionProvider.encryptAndReplaceWSSElements: Encrypted DOC = " + WSSUtils.print(document2));
            }
            return document2;
        } catch (Exception e) {
            EncryptionUtils.debug.error("WSSEncryptionProvider.encryptAndReplaceWSSElements: XML Encryption error : ", e);
            throw new EncryptionException(e);
        }
    }

    @Override // com.sun.identity.xmlenc.AMEncryptionProvider, com.sun.identity.xmlenc.EncryptionProvider
    public Key decryptKey(Element element, String str) {
        if (((Element) element.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey").item(0)) == null) {
            return null;
        }
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance();
            xMLCipher.init(4, this.keyProvider.getPrivateKey(str));
            EncryptedKey loadEncryptedKey = xMLCipher.loadEncryptedKey(element);
            return xMLCipher.decryptKey(loadEncryptedKey, loadEncryptedKey.getEncryptionMethod().getAlgorithm());
        } catch (XMLEncryptionException e) {
            EncryptionUtils.debug.error("WSSEncryptionProvider.decryptKey", e);
            return null;
        }
    }
}
