package com.sun.identity.saml2.xmlenc;

import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.xmlenc.EncryptionConstants;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.forgerock.openam.sdk.org.apache.xml.security.Init;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.EncryptedData;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.EncryptedKey;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.XMLCipher;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.XMLEncryptionException;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/saml2/xmlenc/FMEncProvider.class */
public final class FMEncProvider implements EncProvider {
    static Hashtable cachedKeys = new Hashtable();
    private static boolean encryptedKeyInKeyInfo;

    @Override // com.sun.identity.saml2.xmlenc.EncProvider
    public Element encrypt(String str, Key key, String str2, int i, String str3, String str4) throws SAML2Exception {
        return encrypt(str, key, null, str2, i, str3, str4);
    }

    @Override // com.sun.identity.saml2.xmlenc.EncProvider
    public Element encrypt(String str, Key key, SecretKey secretKey, String str2, int i, String str3, String str4) throws SAML2Exception {
        XMLCipher xMLCipher;
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("{} : Data encryption algorithm = '{}'", "FMEncProvider.encrypt: ", str2);
            SAML2SDKUtils.debug.message("{} : Data encryption strength = '{}'", "FMEncProvider.encrypt: ", Integer.valueOf(i));
            SAML2SDKUtils.debug.message("{} : Unique identifier of the recipient = '{}'", "FMEncProvider.encrypt: ", str3);
        }
        if (str == null || str.length() == 0 || key == null || str2 == null || str2.length() == 0 || str4 == null || str4.length() == 0) {
            SAML2SDKUtils.debug.error("FMEncProvider.encrypt: Null input parameter(s).");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
        }
        if (!str2.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_AES_128) && !str2.equals("http://www.w3.org/2001/04/xmlenc#aes192-cbc") && !str2.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_AES_256) && !str2.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_3DES)) {
            SAML2SDKUtils.debug.error("{} : The encryption algorithm '{}' is not supported", "FMEncProvider.encrypt: ", str2);
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unsupportedKeyAlg"));
        }
        if ((str2.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_AES_128) && i != 128) || ((str2.equals("http://www.w3.org/2001/04/xmlenc#aes192-cbc") && i != 192) || (str2.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_AES_256) && i != 256))) {
            SAML2SDKUtils.debug.error("{} : Data encryption algorithm '{}' and strength '{}' mismatch.", "FMEncProvider.encrypt: ", str2, Integer.valueOf(i));
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("algSizeMismatch"));
        }
        Document dOMDocument = XMLUtils.toDOMDocument(str, SAML2SDKUtils.debug);
        if (dOMDocument == null) {
            SAML2SDKUtils.debug.error("{} : the XML '{}' String can't be parsed.", "FMEncProvider.encrypt: ", str);
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
        }
        if (i <= 0) {
            i = 128;
        }
        Element documentElement = dOMDocument.getDocumentElement();
        if (documentElement == null) {
            SAML2SDKUtils.debug.error("{} : the XML '{}' String is empty.", "FMEncProvider.encrypt: ", str);
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("emptyDoc"));
        }
        if (secretKey == null) {
            if (str3 == null) {
                secretKey = generateSecretKey(str2, i);
            } else if (cachedKeys.containsKey(str3)) {
                secretKey = (SecretKey) cachedKeys.get(str3);
            } else {
                secretKey = generateSecretKey(str2, i);
                cachedKeys.put(str3, secretKey);
            }
            if (secretKey == null) {
                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorGenerateKey"));
            }
        }
        String algorithm = key.getAlgorithm();
        try {
            SAML2SDKUtils.debug.message("{} : public key encryption algorithm '{}'", "FMEncProvider.encrypt: ", algorithm);
            if (algorithm.equals("RSA")) {
                xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_RSA_1_5);
            } else if (algorithm.equals(EncryptionConstants.TRIPLEDES)) {
                xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_3DES);
            } else {
                if (!algorithm.equals(EncryptionConstants.AES)) {
                    SAML2SDKUtils.debug.error("{} : public key encryption algorithm '{}' unsupported", "FMEncProvider.encrypt: ", algorithm);
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unsupportedKeyAlg"));
                }
                xMLCipher = XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_AES_128);
            }
            try {
                xMLCipher.init(3, key);
                try {
                    EncryptedKey encryptKey = xMLCipher.encryptKey(dOMDocument, secretKey);
                    try {
                        XMLCipher xMLCipher2 = XMLCipher.getInstance(str2);
                        try {
                            xMLCipher2.init(1, secretKey);
                            try {
                                Document doFinal = xMLCipher2.doFinal(dOMDocument, documentElement);
                                try {
                                    Node martial = xMLCipher2.martial(dOMDocument, encryptKey);
                                    String str5 = "urn:oasis:names:tc:SAML:2.0:assertion";
                                    String str6 = SAMLConstants.SAML;
                                    if (str4.equals(SAML2SDKUtils.NEW_ENCRYPTEDID)) {
                                        str5 = SAML2Constants.PROTOCOL_NAMESPACE;
                                        str6 = "samlp";
                                    }
                                    Element createElementNS = doFinal.createElementNS(str5, str6 + ":" + str4);
                                    createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + str6, str5);
                                    Element documentElement2 = doFinal.getDocumentElement();
                                    doFinal.replaceChild(createElementNS, documentElement2);
                                    createElementNS.appendChild(documentElement2);
                                    if (encryptedKeyInKeyInfo) {
                                        Element createElementNS2 = doFinal.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                                        createElementNS2.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                                        createElementNS2.appendChild(martial);
                                        NodeList elementsByTagNameNS = documentElement2.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "CipherData");
                                        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
                                            SAML2SDKUtils.debug.error("FMEncProvider.encrypt: Unable to find required xenc:CipherData Element.");
                                            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedEncryptingData"));
                                        }
                                        documentElement2.insertBefore(createElementNS2, (Element) elementsByTagNameNS.item(0));
                                    } else {
                                        createElementNS.appendChild(martial);
                                    }
                                    return doFinal.getDocumentElement();
                                } catch (Exception e) {
                                    SAML2SDKUtils.debug.error("FMEncProvider.encrypt: Failed to martial the encrypted key", e);
                                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedMartialingEncryptedKey"));
                                }
                            } catch (Exception e2) {
                                SAML2SDKUtils.debug.error("FMEncProvider.encrypt: Failed to do the final data encryption.", e2);
                                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedEncryptingData"));
                            }
                        } catch (XMLEncryptionException e3) {
                            SAML2SDKUtils.debug.error("FMEncProvider.encrypt: Failed to initialize cipher with secret key.", e3);
                            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherWithSecretKey"));
                        }
                    } catch (XMLEncryptionException e4) {
                        SAML2SDKUtils.debug.error("FMEncProvider.encrypt: Failed to obtain a cipher for data encryption algorithm" + str2, e4);
                        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("cipherNotAvailableForDataEncAlg"));
                    }
                } catch (XMLEncryptionException e5) {
                    SAML2SDKUtils.debug.error("FMEncProvider.encrypt: Failed to encrypt secret key with public key", e5);
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedEncryptingSecretKeyWithPublicKey"));
                }
            } catch (XMLEncryptionException e6) {
                SAML2SDKUtils.debug.error("FMEncProvider.encrypt: Failed to initialize cipher with public key", e6);
                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherWithPublicKey"));
            }
        } catch (XMLEncryptionException e7) {
            SAML2SDKUtils.debug.error("{} : Unable to obtain cipher with public key algorithm '{}'.", "FMEncProvider.encrypt: ", algorithm, e7);
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipherForPublicKeyAlg"));
        }
    }

    @Override // com.sun.identity.saml2.xmlenc.EncProvider
    public SecretKey getSecretKey(String str, Set<PrivateKey> set) throws SAML2Exception {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("FMEncProvider.getSecretKey: Entering ...");
        }
        if (str == null || str.length() == 0 || set == null) {
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
        }
        Document dOMDocument = XMLUtils.toDOMDocument(str, SAML2SDKUtils.debug);
        if (dOMDocument == null) {
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
        }
        Element documentElement = dOMDocument.getDocumentElement();
        if (documentElement == null) {
            SAML2SDKUtils.debug.error("FMEncProvider.getSecretKey: Empty document.");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("emptyDoc"));
        }
        Element nextElementNode = getNextElementNode(documentElement.getFirstChild());
        if (nextElementNode == null) {
            SAML2SDKUtils.debug.error("FMEncProvider.getSecretKey: Missing the EncryptedData element.");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedData"));
        }
        Element nextElementNode2 = getNextElementNode(nextElementNode.getNextSibling());
        if (nextElementNode2 == null) {
            if (SAML2SDKUtils.debug.messageEnabled()) {
                SAML2SDKUtils.debug.message("FMEncProvider.getSecretKey: looking for encrytion key inside first child.");
            }
            NodeList elementsByTagNameNS = nextElementNode.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey");
            if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
                SAML2SDKUtils.debug.error("FMEncProvider.getSecretKey: Missing the EncryptedKey element.");
                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedKey"));
            }
            nextElementNode2 = (Element) elementsByTagNameNS.item(0);
        }
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance();
            try {
                xMLCipher.init(2, (Key) null);
                try {
                    EncryptedData loadEncryptedData = xMLCipher.loadEncryptedData(dOMDocument, nextElementNode);
                    try {
                        EncryptedKey loadEncryptedKey = xMLCipher.loadEncryptedKey(dOMDocument, nextElementNode2);
                        if (loadEncryptedKey == null || loadEncryptedData == null) {
                            return null;
                        }
                        try {
                            return (SecretKey) getEncryptionKey(XMLCipher.getInstance(), set, loadEncryptedKey, loadEncryptedData.getEncryptionMethod().getAlgorithm());
                        } catch (XMLEncryptionException e) {
                            SAML2SDKUtils.debug.error("FMEncProvider.getSecretKey: Failed to get a cipher instance for decrypting secret key.", e);
                            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
                        }
                    } catch (XMLEncryptionException e2) {
                        SAML2SDKUtils.debug.error("FMEncProvider.getSecretKey: Failed to load encrypted key", e2);
                        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedKey"));
                    }
                } catch (XMLEncryptionException e3) {
                    SAML2SDKUtils.debug.error("FMEncProvider.getSecretKey: Failed to load encrypted data", e3);
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedData"));
                }
            } catch (XMLEncryptionException e4) {
                SAML2SDKUtils.debug.error("FMEncProvider.getSecretKey: Failed to initialize cipher for decryption mode", e4);
                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherForDecrypt"));
            }
        } catch (XMLEncryptionException e5) {
            SAML2SDKUtils.debug.error("FMEncProvider.getSecretKey: Unable to get a cipher instance.", e5);
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
        }
    }

    @Override // com.sun.identity.saml2.xmlenc.EncProvider
    public Element decrypt(String str, Set<PrivateKey> set) throws SAML2Exception {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("FMEncProvider.decrypt: Entering ...");
        }
        if (StringUtils.isEmpty(str)) {
            SAML2SDKUtils.debug.error("FMEncProvider.decrypt: The xmlString to decrypt was empty.");
            throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "emptyInputMessage", new String[]{"xmlString"});
        }
        if (CollectionUtils.isEmpty(set)) {
            SAML2SDKUtils.debug.error("FMEncProvider.decrypt: The set of private keys for decryption was empty.");
            throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "emptyInputMessage", new String[]{"private key set"});
        }
        Document dOMDocument = XMLUtils.toDOMDocument(str, SAML2SDKUtils.debug);
        if (dOMDocument == null) {
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
        }
        Element documentElement = dOMDocument.getDocumentElement();
        if (documentElement == null) {
            SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Empty document.");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("emptyDoc"));
        }
        Element nextElementNode = getNextElementNode(documentElement.getFirstChild());
        if (nextElementNode == null) {
            SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Missing the EncryptedData element.");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedData"));
        }
        Element nextElementNode2 = getNextElementNode(nextElementNode.getNextSibling());
        if (nextElementNode2 == null) {
            if (SAML2SDKUtils.debug.messageEnabled()) {
                SAML2SDKUtils.debug.message("FMEncProvider.decrypt: looking for encrytion key inside first child.");
            }
            NodeList elementsByTagNameNS = nextElementNode.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey");
            if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
                SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Missing the EncryptedKey element.");
                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementEncryptedKey"));
            }
            nextElementNode2 = (Element) elementsByTagNameNS.item(0);
        }
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance();
            try {
                xMLCipher.init(2, (Key) null);
                try {
                    EncryptedData loadEncryptedData = xMLCipher.loadEncryptedData(dOMDocument, nextElementNode);
                    try {
                        EncryptedKey loadEncryptedKey = xMLCipher.loadEncryptedKey(dOMDocument, nextElementNode2);
                        Document document = null;
                        if (loadEncryptedKey != null && loadEncryptedData != null) {
                            try {
                                Key encryptionKey = getEncryptionKey(XMLCipher.getInstance(), set, loadEncryptedKey, loadEncryptedData.getEncryptionMethod().getAlgorithm());
                                try {
                                    XMLCipher xMLCipher2 = XMLCipher.getInstance();
                                    try {
                                        xMLCipher2.init(2, encryptionKey);
                                        try {
                                            document = xMLCipher2.doFinal(dOMDocument, nextElementNode);
                                        } catch (Exception e) {
                                            SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Failed to decrypt data.", e);
                                            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedDecryptingData"));
                                        }
                                    } catch (XMLEncryptionException e2) {
                                        SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Failed to initialize cipher with secret key.", e2);
                                        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherForDecrypt"));
                                    }
                                } catch (XMLEncryptionException e3) {
                                    SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Failed to get cipher instance for final data decryption.", e3);
                                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
                                }
                            } catch (XMLEncryptionException e4) {
                                SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Failed to get a cipher instance for decrypting secret key.", e4);
                                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
                            }
                        }
                        Element documentElement2 = document.getDocumentElement();
                        Element nextElementNode3 = getNextElementNode(documentElement2.getFirstChild());
                        if (nextElementNode3 == null) {
                            SAML2SDKUtils.debug.error("FMEncProvider.decrypt: decrypted document contains empty element.");
                            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedDecryptingData"));
                        }
                        documentElement2.removeChild(nextElementNode3);
                        document.replaceChild(nextElementNode3, documentElement2);
                        return document.getDocumentElement();
                    } catch (XMLEncryptionException e5) {
                        SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Failed to load encrypted key", e5);
                        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedKey"));
                    }
                } catch (XMLEncryptionException e6) {
                    SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Failed to load encrypted data", e6);
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedLoadingEncryptedData"));
                }
            } catch (XMLEncryptionException e7) {
                SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Failed to initialize cipher for decryption mode", e7);
                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("failedInitCipherForDecrypt"));
            }
        } catch (XMLEncryptionException e8) {
            SAML2SDKUtils.debug.error("FMEncProvider.decrypt: Unable to get a cipher instance.", e8);
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noCipher"));
        }
    }

    private Element getNextElementNode(Node node) {
        while (node != null) {
            if (node.getNodeType() == 1) {
                return (Element) node;
            }
            node = node.getNextSibling();
        }
        return null;
    }

    private SecretKey generateSecretKey(String str, int i) throws SAML2Exception {
        KeyGenerator keyGenerator;
        try {
            if (str.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_AES_128) || str.equals("http://www.w3.org/2001/04/xmlenc#aes192-cbc") || str.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_AES_256)) {
                keyGenerator = KeyGenerator.getInstance(EncryptionConstants.AES);
            } else {
                if (!str.equals(EncryptionConstants.ENC_DATA_ENC_METHOD_3DES)) {
                    SAML2SDKUtils.debug.error("generateSecretKey : unsupported algorithm '{}'", str);
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unsupportedKeyAlg"));
                }
                keyGenerator = KeyGenerator.getInstance("TripleDES");
            }
            if (i != 0) {
                keyGenerator.init(i);
            }
            if (keyGenerator != null) {
                return keyGenerator.generateKey();
            }
            return null;
        } catch (NoSuchAlgorithmException e) {
            SAML2SDKUtils.debug.error("generateSecretKey : can't find algorithm '{}'", str);
            throw new SAML2Exception(e);
        }
    }

    private Key getEncryptionKey(XMLCipher xMLCipher, Set<PrivateKey> set, EncryptedKey encryptedKey, String str) throws SAML2Exception {
        SAML2SDKUtils.debug.error("{} : algorithm '{}'", "FMEncProvider.getEncryptionKey", str);
        String str2 = null;
        Iterator<PrivateKey> it = set.iterator();
        while (it.hasNext()) {
            try {
                xMLCipher.init(4, it.next());
                try {
                    return xMLCipher.decryptKey(encryptedKey, str);
                } catch (XMLEncryptionException e) {
                    SAML2SDKUtils.debug.error("FMEncProvider.getEncryptionKeyFailed to decrypt the secret key", e);
                    if (str2 == null) {
                        str2 = "failedDecryptingSecretKey";
                    }
                }
            } catch (XMLEncryptionException e2) {
                SAML2SDKUtils.debug.warning("FMEncProvider.getEncryptionKeyFailed to initialize cipher in unwrap mode with private key", e2);
                if (str2 == null) {
                    str2 = "noCipherForUnwrap";
                }
            }
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString(str2));
    }

    static {
        encryptedKeyInKeyInfo = true;
        Init.init();
        String property = SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlenc.encryptedKeyInKeyInfo");
        if (property == null || !property.equalsIgnoreCase("false")) {
            return;
        }
        encryptedKeyInKeyInfo = false;
    }
}
