package org.apache.wss4j.dom.message;

import java.security.cert.X509Certificate;
import javax.crypto.SecretKey;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: classes4.dex */
public class WSSecEncryptedKey extends WSSecBase {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) WSSecEncryptedKey.class);
    private boolean bstAddedToSecurityHeader;
    private BinarySecurity bstToken;
    private Element customEKKeyInfoElement;
    private String customEKTokenId;
    private String customEKTokenValueType;
    private String digestAlgo;
    protected Document document;
    private String encKeyId;
    protected byte[] encryptedEphemeralKey;
    private Element encryptedKeyElement;
    private byte[] ephemeralKey;
    private boolean includeEncryptionToken;
    private String mgfAlgo;
    protected SecretKey symmetricKey;
    private X509Certificate useThisCert;
    private String keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
    private String symEncAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";

    private void addBST(X509Certificate x509Certificate) throws WSSecurityException {
        X509Security x509Security = new X509Security(this.document);
        this.bstToken = x509Security;
        x509Security.setX509Certificate(x509Certificate);
        this.bstAddedToSecurityHeader = false;
        this.bstToken.setID(IDGenerator.generateID(null));
    }

    public void appendBSTElementToHeader(WSSecHeader wSSecHeader) {
        if (this.bstToken == null || this.bstAddedToSecurityHeader) {
            return;
        }
        wSSecHeader.getSecurityHeader().appendChild(this.bstToken.getElement());
        this.bstAddedToSecurityHeader = true;
    }

    public void appendToHeader(WSSecHeader wSSecHeader) {
        wSSecHeader.getSecurityHeader().appendChild(this.encryptedKeyElement);
    }

    public void clean() {
        this.ephemeralKey = null;
        this.symmetricKey = null;
        this.encryptedEphemeralKey = null;
    }

    protected Element createCipherValue(Document document, Element element) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherData");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherValue");
        createElementNS.appendChild(createElementNS2);
        element.appendChild(createElementNS);
        return createElementNS2;
    }

    protected Element createEncryptedKey(Document document, String str) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptedKey");
        XMLUtils.setNamespace(createElementNS, "http://www.w3.org/2001/04/xmlenc#", "xenc");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptionMethod");
        createElementNS2.setAttributeNS(null, "Algorithm", str);
        if (this.digestAlgo != null) {
            Element createElementInSignatureSpace = org.apache.xml.security.utils.XMLUtils.createElementInSignatureSpace(document, "DigestMethod");
            createElementInSignatureSpace.setAttributeNS(null, "Algorithm", this.digestAlgo);
            createElementNS2.appendChild(createElementInSignatureSpace);
        }
        if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(this.keyEncAlgo) && this.mgfAlgo != null) {
            Element createElementNS3 = document.createElementNS("http://www.w3.org/2009/xmlenc11#", "xenc11:MGF");
            createElementNS3.setAttributeNS(null, "Algorithm", this.mgfAlgo);
            createElementNS2.appendChild(createElementNS3);
        }
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    public String getBSTTokenId() {
        BinarySecurity binarySecurity = this.bstToken;
        if (binarySecurity == null) {
            return null;
        }
        return binarySecurity.getID();
    }

    public Element getBinarySecurityTokenElement() {
        BinarySecurity binarySecurity = this.bstToken;
        if (binarySecurity != null) {
            return binarySecurity.getElement();
        }
        return null;
    }

    public Element getCustomEKKeyInfoElement() {
        return this.customEKKeyInfoElement;
    }

    public String getDigestAlgorithm() {
        return this.digestAlgo;
    }

    public byte[] getEncryptedEphemeralKey() {
        return this.encryptedEphemeralKey;
    }

    public Element getEncryptedKeyElement() {
        return this.encryptedKeyElement;
    }

    public byte[] getEphemeralKey() {
        return this.ephemeralKey;
    }

    public String getId() {
        return this.encKeyId;
    }

    public String getKeyEncAlgo() {
        return this.keyEncAlgo;
    }

    public String getMGFAlgorithm() {
        return this.mgfAlgo;
    }

    public String getSymmetricEncAlgorithm() {
        return this.symEncAlgo;
    }

    public SecretKey getSymmetricKey() {
        return this.symmetricKey;
    }

    public X509Certificate getUseThisCert() {
        return this.useThisCert;
    }

    public boolean isCertSet() {
        return this.useThisCert != null;
    }

    public boolean isIncludeEncryptionToken() {
        return this.includeEncryptionToken;
    }

    public void prepare(Document document, Crypto crypto) throws WSSecurityException {
        this.document = document;
        if (this.symmetricKey == null) {
            byte[] bArr = this.ephemeralKey;
            if (bArr != null) {
                this.symmetricKey = KeyUtils.prepareSecretKey(this.symEncAlgo, bArr);
            } else {
                SecretKey generateKey = KeyUtils.getKeyGenerator(this.symEncAlgo).generateKey();
                this.symmetricKey = generateKey;
                this.ephemeralKey = generateKey.getEncoded();
            }
        }
        if (this.encryptedEphemeralKey != null) {
            prepareInternal(this.symmetricKey);
            return;
        }
        X509Certificate x509Certificate = this.useThisCert;
        if (x509Certificate == null) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            cryptoType.setAlias(this.user);
            if (crypto == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates == null || x509Certificates.length <= 0) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            x509Certificate = x509Certificates[0];
        }
        prepareInternal(this.symmetricKey, x509Certificate, crypto);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void prepareInternal(SecretKey secretKey) throws WSSecurityException {
        this.encryptedKeyElement = createEncryptedKey(this.document, this.keyEncAlgo);
        String str = this.encKeyId;
        if (str == null || "".equals(str)) {
            this.encKeyId = IDGenerator.generateID("EK-");
        }
        this.encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);
        Element element = this.customEKKeyInfoElement;
        if (element != null) {
            this.encryptedKeyElement.appendChild(this.document.adoptNode(element));
        } else if (this.keyIdentifierType == 9 || this.keyIdentifierType == 11 || this.keyIdentifierType == 12) {
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(this.document);
            int i = this.keyIdentifierType;
            if (i == 9) {
                Reference reference = new Reference(this.document);
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                    reference.setValueType(this.customEKTokenValueType);
                } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                    reference.setValueType(this.customEKTokenValueType);
                } else {
                    reference.setValueType(this.customEKTokenValueType);
                }
                reference.setURI("#" + this.customEKTokenId);
                securityTokenReference.setReference(reference);
            } else if (i == 11) {
                Reference reference2 = new Reference(this.document);
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                    reference2.setValueType(this.customEKTokenValueType);
                } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                    reference2.setValueType(this.customEKTokenValueType);
                } else {
                    reference2.setValueType(this.customEKTokenValueType);
                }
                reference2.setURI(this.customEKTokenId);
                securityTokenReference.setReference(reference2);
            } else {
                if (i != 12) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedKeyId");
                }
                securityTokenReference.setKeyIdentifier(this.customEKTokenValueType, this.customEKTokenId);
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1".equals(this.customEKTokenValueType)) {
                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                }
            }
            Element createElementNS = this.document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
            createElementNS.appendChild(securityTokenReference.getElement());
            this.encryptedKeyElement.appendChild(createElementNS);
        }
        Element createCipherValue = createCipherValue(this.document, this.encryptedKeyElement);
        if (!this.storeBytesInAttachment) {
            createCipherValue.appendChild(WSSecurityUtil.createBase64EncodedTextNode(this.document, this.encryptedEphemeralKey));
        } else {
            WSSecurityUtil.storeBytesInAttachment(createCipherValue, this.document, getIdAllocator().createId("", this.document), this.encryptedEphemeralKey, this.attachmentCallbackHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:12:0x0089 A[Catch: InvalidAlgorithmParameterException | InvalidKeyException -> 0x02be, InvalidKeyException -> 0x02c0, TryCatch #4 {InvalidAlgorithmParameterException | InvalidKeyException -> 0x02be, blocks: (B:3:0x0006, B:6:0x0013, B:12:0x0089, B:94:0x008d, B:95:0x001e, B:98:0x0024, B:99:0x002a, B:101:0x0037, B:103:0x0041, B:104:0x0048, B:106:0x0052, B:107:0x005a, B:109:0x0064, B:110:0x006c, B:112:0x0076, B:113:0x007d), top: B:2:0x0006 }] */
    /* JADX WARN: Removed duplicated region for block: B:15:0x009c  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x00e0  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x0291  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x02a5  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x00ed  */
    /* JADX WARN: Removed duplicated region for block: B:94:0x008d A[Catch: InvalidAlgorithmParameterException | InvalidKeyException -> 0x02be, InvalidKeyException -> 0x02c0, TRY_LEAVE, TryCatch #4 {InvalidAlgorithmParameterException | InvalidKeyException -> 0x02be, blocks: (B:3:0x0006, B:6:0x0013, B:12:0x0089, B:94:0x008d, B:95:0x001e, B:98:0x0024, B:99:0x002a, B:101:0x0037, B:103:0x0041, B:104:0x0048, B:106:0x0052, B:107:0x005a, B:109:0x0064, B:110:0x006c, B:112:0x0076, B:113:0x007d), top: B:2:0x0006 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void prepareInternal(javax.crypto.SecretKey r8, java.security.cert.X509Certificate r9, org.apache.wss4j.common.crypto.Crypto r10) throws org.apache.wss4j.common.ext.WSSecurityException {
        /*
            Method dump skipped, instructions count: 728
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.wss4j.dom.message.WSSecEncryptedKey.prepareInternal(javax.crypto.SecretKey, java.security.cert.X509Certificate, org.apache.wss4j.common.crypto.Crypto):void");
    }

    public void prependBSTElementToHeader(WSSecHeader wSSecHeader) {
        if (this.bstToken == null || this.bstAddedToSecurityHeader) {
            return;
        }
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.bstToken.getElement());
        this.bstAddedToSecurityHeader = true;
    }

    public void prependToHeader(WSSecHeader wSSecHeader) {
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.encryptedKeyElement);
    }

    public void setCustomEKKeyInfoElement(Element element) {
        this.customEKKeyInfoElement = element;
    }

    public void setCustomEKTokenId(String str) {
        this.customEKTokenId = str;
    }

    public void setCustomEKTokenValueType(String str) {
        this.customEKTokenValueType = str;
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlgo = str;
    }

    public void setDocument(Document document) {
        this.document = document;
    }

    public void setEncKeyId(String str) {
        this.encKeyId = str;
    }

    public void setEncryptedEphemeralKey(byte[] bArr) {
        this.encryptedEphemeralKey = bArr;
    }

    public void setEncryptedKeyElement(Element element) {
        this.encryptedKeyElement = element;
    }

    public void setEphemeralKey(byte[] bArr) {
        this.ephemeralKey = bArr;
    }

    public void setIncludeEncryptionToken(boolean z) {
        this.includeEncryptionToken = z;
    }

    public void setKeyEncAlgo(String str) {
        this.keyEncAlgo = str;
    }

    public void setMGFAlgorithm(String str) {
        this.mgfAlgo = str;
    }

    public void setSymmetricEncAlgorithm(String str) {
        this.symEncAlgo = str;
    }

    public void setSymmetricKey(SecretKey secretKey) {
        this.symmetricKey = secretKey;
    }

    public void setUseThisCert(X509Certificate x509Certificate) {
        this.useThisCert = x509Certificate;
    }

    public void setUserInfo(String str) {
        this.user = str;
    }
}
