package org.apache.wss4j.dom.message;

import com.sun.xml.ws.encoding.MtomCodec;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.Attachment;
import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.AttachmentResultCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.AttachmentUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WsuIdAllocator;
import org.apache.wss4j.dom.callback.CallbackLookup;
import org.apache.wss4j.dom.callback.DOMCallbackLookup;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.Serializer;
import org.apache.xml.security.encryption.TransformSerializer;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLCipherUtil;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/wss4j/dom/message/Encryptor.class */
public class Encryptor {
    private Document doc;
    private WSSecHeader securityHeader;
    private WsuIdAllocator idAllocator;
    private CallbackLookup callbackLookup;
    private CallbackHandler attachmentCallbackHandler;
    private boolean storeBytesInAttachment;
    private Serializer encryptionSerializer;
    private boolean expandXopInclude;
    private WSDocInfo wsDocInfo;

    public List<String> doEncryption(KeyInfo keyInfo, SecretKey secretKey, String str, List<WSEncryptionPart> list, List<Element> list2) throws WSSecurityException {
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(str);
            if (this.encryptionSerializer != null) {
                xMLCipher.setSerializer(this.encryptionSerializer);
            }
            ArrayList arrayList = new ArrayList();
            WSEncryptionPart wSEncryptionPart = null;
            for (int i = 0; i < list.size(); i++) {
                WSEncryptionPart wSEncryptionPart2 = list.get(i);
                if (wSEncryptionPart2.getId() == null || !wSEncryptionPart2.getId().startsWith("cid:")) {
                    if (this.callbackLookup == null) {
                        this.callbackLookup = new DOMCallbackLookup(this.doc);
                    }
                    List<Element> findElements = WSSecurityUtil.findElements(wSEncryptionPart2, this.callbackLookup, this.doc);
                    if (findElements == null || findElements.isEmpty()) {
                        if (wSEncryptionPart2.isRequired()) {
                            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noEncElement", new Object[]{"{" + wSEncryptionPart2.getNamespace() + "}" + wSEncryptionPart2.getName()});
                        }
                    } else if (this.expandXopInclude) {
                        for (Element element : findElements) {
                            Element element2 = element;
                            List<Element> findElements2 = XMLUtils.findElements(element.getFirstChild(), MtomCodec.XOP_LOCALNAME, "http://www.w3.org/2004/08/xop/include");
                            if (findElements2 != null && !findElements2.isEmpty()) {
                                Element findMatchingExpandedElement = findMatchingExpandedElement(element2);
                                if (findMatchingExpandedElement == null || findMatchingExpandedElement == element2) {
                                    WSSecurityUtil.inlineAttachments(findElements2, this.attachmentCallbackHandler, true);
                                } else {
                                    element2.getParentNode().replaceChild(findMatchingExpandedElement, element2);
                                    element2 = findMatchingExpandedElement;
                                    Iterator<Element> it = findElements2.iterator();
                                    while (it.hasNext()) {
                                        String attributeNS = it.next().getAttributeNS(null, "href");
                                        if (attributeNS != null) {
                                            AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
                                            attachmentRequestCallback.setAttachmentId(WSSecurityUtil.getAttachmentId(attributeNS));
                                            try {
                                                this.attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
                                            } catch (IOException | UnsupportedCallbackException e) {
                                                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
                                            }
                                        }
                                    }
                                }
                            }
                            if (this.storeBytesInAttachment) {
                                try {
                                    String encryptElementInAttachment = encryptElementInAttachment(keyInfo, secretKey, str, wSEncryptionPart2, element2);
                                    wSEncryptionPart2.setEncId(encryptElementInAttachment);
                                    arrayList.add("#" + encryptElementInAttachment);
                                } catch (Exception e2) {
                                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e2);
                                }
                            } else {
                                String encryptElement = encryptElement(element2, wSEncryptionPart2.getEncModifier(), xMLCipher, secretKey, keyInfo);
                                wSEncryptionPart2.setEncId(encryptElement);
                                arrayList.add("#" + encryptElement);
                            }
                        }
                    } else if (this.storeBytesInAttachment) {
                        Iterator<Element> it2 = findElements.iterator();
                        while (it2.hasNext()) {
                            try {
                                String encryptElementInAttachment2 = encryptElementInAttachment(keyInfo, secretKey, str, wSEncryptionPart2, it2.next());
                                wSEncryptionPart2.setEncId(encryptElementInAttachment2);
                                arrayList.add("#" + encryptElementInAttachment2);
                            } catch (Exception e3) {
                                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e3);
                            }
                        }
                    } else {
                        Iterator<Element> it3 = findElements.iterator();
                        while (it3.hasNext()) {
                            String encryptElement2 = encryptElement(it3.next(), wSEncryptionPart2.getEncModifier(), xMLCipher, secretKey, keyInfo);
                            wSEncryptionPart2.setEncId(encryptElement2);
                            arrayList.add("#" + encryptElement2);
                        }
                    }
                } else {
                    wSEncryptionPart = wSEncryptionPart2;
                }
            }
            if (wSEncryptionPart != null) {
                encryptAttachment(keyInfo, secretKey, str, wSEncryptionPart, arrayList, list2);
            }
            return arrayList;
        } catch (XMLEncryptionException e4) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e4);
        }
    }

    private Element findMatchingExpandedElement(Element element) {
        Element element2 = null;
        if (element.hasAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id")) {
            element2 = this.wsDocInfo.getTokenElement(element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id"));
        }
        if (element2 == null && element.hasAttributeNS(null, "Id")) {
            element2 = this.wsDocInfo.getTokenElement(element.getAttributeNS(null, "Id"));
        }
        if (element2 != null && element2.getNamespaceURI().equals(element.getNamespaceURI()) && element2.getLocalName().equals(element.getLocalName())) {
            return element2;
        }
        return null;
    }

    private String encryptElementInAttachment(KeyInfo keyInfo, SecretKey secretKey, String str, WSEncryptionPart wSEncryptionPart, Element element) throws Exception {
        byte[] serializeToByteArray;
        String str2 = "Content".equals(wSEncryptionPart.getEncModifier()) ? "http://www.w3.org/2001/04/xmlenc#Content" : "http://www.w3.org/2001/04/xmlenc#Element";
        String createId = this.idAllocator.createId("", this.doc);
        String createId2 = this.idAllocator.createId("ED-", createId);
        if ("Header".equals(wSEncryptionPart.getEncModifier()) && element.getParentNode().equals(WSSecurityUtil.getSOAPHeader(this.doc))) {
            createEncryptedHeaderElement(this.securityHeader, element, this.idAllocator);
        }
        Element createElementNS = this.doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptedData");
        createElementNS.setAttributeNS(null, "Id", createId2);
        createElementNS.setAttributeNS(null, "Type", str2);
        Element createElementNS2 = this.doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptionMethod");
        createElementNS2.setAttributeNS(null, "Algorithm", str);
        createElementNS.appendChild(createElementNS2);
        createElementNS.appendChild(WSSecurityUtil.cloneElement(this.doc, keyInfo.getElement()));
        Element createElementNS3 = this.doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherData");
        Element createElementNS4 = this.doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherValue");
        createElementNS3.appendChild(createElementNS4);
        createElementNS.appendChild(createElementNS3);
        Cipher createCipher = createCipher(str, secretKey);
        TransformSerializer transformSerializer = new TransformSerializer();
        transformSerializer.setCanonicalizer(Canonicalizer.getInstance("http://santuario.apache.org/c14n/physical"));
        transformSerializer.setSecureValidation(true);
        if (str2.equals("http://www.w3.org/2001/04/xmlenc#Content")) {
            NodeList childNodes = element.getChildNodes();
            if (null == childNodes) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "Element has no content.");
            }
            serializeToByteArray = transformSerializer.serializeToByteArray(childNodes);
        } else {
            serializeToByteArray = transformSerializer.serializeToByteArray(element);
        }
        try {
            byte[] doFinal = createCipher.doFinal(serializeToByteArray);
            byte[] iv = createCipher.getIV();
            byte[] bArr = new byte[iv.length + doFinal.length];
            System.arraycopy(iv, 0, bArr, 0, iv.length);
            System.arraycopy(doFinal, 0, bArr, iv.length, doFinal.length);
            if ("Content".equals(wSEncryptionPart.getEncModifier())) {
                Node firstChild = element.getFirstChild();
                while (true) {
                    Node node = firstChild;
                    if (node == null) {
                        break;
                    }
                    Node nextSibling = node.getNextSibling();
                    element.removeChild(node);
                    firstChild = nextSibling;
                }
                element.appendChild(createElementNS);
            } else {
                element.getParentNode().replaceChild(createElementNS, element);
            }
            WSSecurityUtil.storeBytesInAttachment(createElementNS4, this.doc, createId, bArr, this.attachmentCallbackHandler);
            return createId2;
        } catch (BadPaddingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
        } catch (IllegalBlockSizeException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e2);
        }
    }

    private void encryptAttachment(KeyInfo keyInfo, SecretKey secretKey, String str, WSEncryptionPart wSEncryptionPart, List<String> list, List<Element> list2) throws WSSecurityException {
        if (this.attachmentCallbackHandler == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"no attachment callbackhandler supplied"});
        }
        AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
        attachmentRequestCallback.setAttachmentId(AttachmentUtils.getAttachmentId(wSEncryptionPart.getId()));
        try {
            this.attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
            String str2 = "Element".equals(wSEncryptionPart.getEncModifier()) ? "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete" : "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only";
            for (Attachment attachment : attachmentRequestCallback.getAttachments()) {
                String id = attachment.getId();
                String createId = this.idAllocator.createId("ED-", id);
                list.add("#" + createId);
                Element createElementNS = this.doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptedData");
                createElementNS.setAttributeNS(null, "Id", createId);
                createElementNS.setAttributeNS(null, "MimeType", attachment.getMimeType());
                createElementNS.setAttributeNS(null, "Type", str2);
                Element createElementNS2 = this.doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptionMethod");
                createElementNS2.setAttributeNS(null, "Algorithm", str);
                createElementNS.appendChild(createElementNS2);
                createElementNS.appendChild(WSSecurityUtil.cloneElement(this.doc, keyInfo.getElement()));
                Element createElementNS3 = this.doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherData");
                Element createElementNS4 = this.doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherReference");
                createElementNS4.setAttributeNS(null, "URI", "cid:" + id);
                Element createElementNS5 = this.doc.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:Transforms");
                Element createElementNS6 = this.doc.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transform");
                createElementNS6.setAttributeNS(null, "Algorithm", "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform");
                createElementNS5.appendChild(createElementNS6);
                createElementNS4.appendChild(createElementNS5);
                createElementNS3.appendChild(createElementNS4);
                createElementNS.appendChild(createElementNS3);
                list2.add(createElementNS);
                Attachment attachment2 = new Attachment();
                attachment2.setId(id);
                attachment2.setMimeType("application/octet-stream");
                Cipher createCipher = createCipher(str, secretKey);
                HashMap hashMap = new HashMap(attachment.getHeaders());
                attachment2.setSourceStream(AttachmentUtils.setupAttachmentEncryptionStream(createCipher, "Element".equals(wSEncryptionPart.getEncModifier()), attachment, hashMap));
                attachment2.addHeaders(hashMap);
                AttachmentResultCallback attachmentResultCallback = new AttachmentResultCallback();
                attachmentResultCallback.setAttachmentId(id);
                attachmentResultCallback.setAttachment(attachment2);
                try {
                    this.attachmentCallbackHandler.handle(new Callback[]{attachmentResultCallback});
                } catch (Exception e) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
                }
            }
        } catch (Exception e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e2);
        }
    }

    private Cipher createCipher(String str, SecretKey secretKey) throws WSSecurityException {
        try {
            Cipher cipher = Cipher.getInstance(JCEMapper.translateURItoJCEID(str));
            cipher.init(1, secretKey, XMLCipherUtil.constructBlockCipherParameters(str, XMLSecurityConstants.generateBytes(JCEMapper.getIVLengthFromURI(str) / 8), Encryptor.class));
            return cipher;
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
        }
    }

    private String encryptElement(Element element, String str, XMLCipher xMLCipher, SecretKey secretKey, KeyInfo keyInfo) throws WSSecurityException {
        boolean equals = "Content".equals(str);
        String createId = this.idAllocator.createId("ED-", element);
        try {
            if ("Header".equals(str)) {
                if (element.getParentNode().getNamespaceURI().equals(WSSecurityUtil.getSOAPNamespace(this.doc.getDocumentElement())) && "Header".equals(element.getParentNode().getLocalName())) {
                    createEncryptedHeaderElement(this.securityHeader, element, this.idAllocator);
                }
            }
            xMLCipher.init(1, secretKey);
            EncryptedData encryptedData = xMLCipher.getEncryptedData();
            encryptedData.setId(createId);
            encryptedData.setKeyInfo(keyInfo);
            xMLCipher.doFinal(this.doc, element, equals);
            return createId;
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
        }
    }

    private static void createEncryptedHeaderElement(WSSecHeader wSSecHeader, Element element, WsuIdAllocator wsuIdAllocator) {
        Element createElementNS = element.getOwnerDocument().createElementNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:EncryptedHeader");
        XMLUtils.setNamespace(createElementNS, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
        createElementNS.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", XMLUtils.setNamespace(createElementNS, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu") + ":Id", wsuIdAllocator.createId("EH-", element));
        createElementNS.appendChild((Element) element.getParentNode().replaceChild(createElementNS, element));
        if (wSSecHeader != null) {
            NamedNodeMap attributes = wSSecHeader.getSecurityHeaderElement().getAttributes();
            for (int i = 0; i < attributes.getLength(); i++) {
                Attr attr = (Attr) attributes.item(i);
                if ("http://schemas.xmlsoap.org/soap/envelope/".equals(attr.getNamespaceURI()) || "http://www.w3.org/2003/05/soap-envelope".equals(attr.getNamespaceURI())) {
                    createElementNS.setAttributeNS(attr.getNamespaceURI(), XMLUtils.setNamespace(createElementNS, attr.getNamespaceURI(), "soapenv") + ":" + attr.getLocalName(), attr.getValue());
                }
            }
        }
    }

    public Document getDoc() {
        return this.doc;
    }

    public void setDoc(Document document) {
        this.doc = document;
    }

    public WSSecHeader getSecurityHeader() {
        return this.securityHeader;
    }

    public void setSecurityHeader(WSSecHeader wSSecHeader) {
        this.securityHeader = wSSecHeader;
    }

    public WsuIdAllocator getIdAllocator() {
        return this.idAllocator;
    }

    public void setIdAllocator(WsuIdAllocator wsuIdAllocator) {
        this.idAllocator = wsuIdAllocator;
    }

    public CallbackLookup getCallbackLookup() {
        return this.callbackLookup;
    }

    public void setCallbackLookup(CallbackLookup callbackLookup) {
        this.callbackLookup = callbackLookup;
    }

    public CallbackHandler getAttachmentCallbackHandler() {
        return this.attachmentCallbackHandler;
    }

    public void setAttachmentCallbackHandler(CallbackHandler callbackHandler) {
        this.attachmentCallbackHandler = callbackHandler;
    }

    public boolean isStoreBytesInAttachment() {
        return this.storeBytesInAttachment;
    }

    public void setStoreBytesInAttachment(boolean z) {
        this.storeBytesInAttachment = z;
    }

    public Serializer getEncryptionSerializer() {
        return this.encryptionSerializer;
    }

    public void setEncryptionSerializer(Serializer serializer) {
        this.encryptionSerializer = serializer;
    }

    public boolean isExpandXopInclude() {
        return this.expandXopInclude;
    }

    public void setExpandXopInclude(boolean z) {
        this.expandXopInclude = z;
    }

    public WSDocInfo getWsDocInfo() {
        return this.wsDocInfo;
    }

    public void setWsDocInfo(WSDocInfo wSDocInfo) {
        this.wsDocInfo = wSDocInfo;
    }
}
