package com.sonicsw.ws.security.wss4j.processor;

import com.sonicsw.ws.axis.DebugObjects;
import com.sonicsw.ws.security.policy.SSPConstants;
import com.sonicsw.ws.security.policy.WSSPConstants;
import com.sonicsw.ws.security.policy.XDSIGConstants;
import com.sonicsw.ws.security.processingresult.EncryptionResult;
import com.sonicsw.wsp.WSPConstants;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Vector;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.processor.X509Util;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com/sonicsw/ws/security/wss4j/processor/EncryptedKeyProcessor.class */
public class EncryptedKeyProcessor extends org.apache.ws.security.processor.EncryptedKeyProcessor {
    private String encryptedKeyId = null;
    private byte[] decryptedBytes = null;

    public void handleToken(Element element, Crypto crypto, Crypto crypto2, CallbackHandler callbackHandler, WSDocInfo wSDocInfo, Vector vector, WSSConfig wSSConfig) throws WSSecurityException {
        DebugObjects.getHandlerDebug().debug(getClass().getName() + ": Found encrypted key element");
        setWSSConfig(wSSConfig);
        if (crypto2 == null) {
            throw new WSSecurityException(0, "noDecCryptoFile");
        }
        if (callbackHandler == null) {
            throw new WSSecurityException(0, "noCallback");
        }
        EncryptionResult encryptionResult = new EncryptionResult(element);
        handleEncryptedKey(element, callbackHandler, crypto2, null, encryptionResult);
        this.encryptedKeyId = element.getAttributeNS(null, WSPConstants.LNAME_ID);
        vector.add(0, encryptionResult);
    }

    public String getId() {
        return this.encryptedKeyId;
    }

    private void handleEncryptedKey(Element element, CallbackHandler callbackHandler, Crypto crypto, PrivateKey privateKey, EncryptionResult encryptionResult) throws WSSecurityException {
        String defaultX509Alias;
        X509Security x509Security;
        long j = 0;
        long j2 = 0;
        if (DebugObjects.getHandlerDebug().getDebug()) {
            j = System.currentTimeMillis();
        }
        Document ownerDocument = element.getOwnerDocument();
        Element element2 = (Element) WSSecurityUtil.getDirectChild(element, "EncryptionMethod", "http://www.w3.org/2001/04/xmlenc#");
        String str = null;
        if (element2 != null) {
            str = element2.getAttribute(WSSPConstants.LN_ALGORITHM);
            encryptionResult.setAsymmetricKeyTransportURI(str);
        }
        if (str == null) {
            throw new WSSecurityException(2, "noEncAlgo");
        }
        Cipher cipherInstance = WSSecurityUtil.getCipherInstance(str);
        Element element3 = null;
        Element element4 = (Element) WSSecurityUtil.getDirectChild(element, "CipherData", "http://www.w3.org/2001/04/xmlenc#");
        if (element4 != null) {
            element3 = (Element) WSSecurityUtil.getDirectChild(element4, "CipherValue", "http://www.w3.org/2001/04/xmlenc#");
        }
        if (element3 == null) {
            throw new WSSecurityException(3, "noCipher");
        }
        if (privateKey == null) {
            Element element5 = (Element) WSSecurityUtil.getDirectChild(element, WSSPConstants.LN_KEY_INFO, XDSIGConstants.NSURI);
            if (element5 != null) {
                Element element6 = (Element) WSSecurityUtil.getDirectChild(element5, "SecurityTokenReference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
                if (element6 == null) {
                    throw new WSSecurityException(3, "noSecTokRef");
                }
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(element6);
                if (securityTokenReference.containsX509Data() || securityTokenReference.containsX509IssuerSerial()) {
                    defaultX509Alias = securityTokenReference.getX509IssuerSerialAlias(crypto);
                    encryptionResult.setTokenReferenceModel(SSPConstants.LN_TOKEN_REF_MODEL_ISSUERSERIAL);
                    if (DebugObjects.getHandlerDebug().getDebug()) {
                        DebugObjects.getHandlerDebug().debug("EncryptedKeyProcessor - X509IssuerSerial alias: " + defaultX509Alias);
                    }
                } else if (securityTokenReference.containsKeyIdentifier()) {
                    X509Certificate[] keyIdentifier = securityTokenReference.getKeyIdentifier(crypto);
                    encryptionResult.setTokenReferenceModel(SSPConstants.LN_TOKEN_REF_MODEL_KEYIDENTIFIER);
                    if (keyIdentifier == null || keyIdentifier.length < 1 || keyIdentifier[0] == null) {
                        throw new WSSecurityException(0, "invalidX509Data", new Object[]{"for decryption (KeyId)"});
                    }
                    defaultX509Alias = crypto.getAliasForX509Cert(keyIdentifier[0]);
                    if (DebugObjects.getHandlerDebug().getDebug()) {
                        DebugObjects.getHandlerDebug().debug("EncryptedKeyProcessor - cert: " + keyIdentifier[0]);
                        DebugObjects.getHandlerDebug().debug("EncryptedKeyProcessor - KeyIdentifier Alias: " + defaultX509Alias);
                    }
                } else {
                    if (!securityTokenReference.containsReference()) {
                        throw new WSSecurityException(0, "unsupportedKeyId");
                    }
                    Element tokenElement = securityTokenReference.getTokenElement(ownerDocument, (WSDocInfo) null);
                    encryptionResult.setTokenReferenceModel(SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE);
                    if (!new QName(tokenElement.getNamespaceURI(), tokenElement.getLocalName()).equals(WSSecurityEngine.binaryToken)) {
                        throw new WSSecurityException(3, "unsupportedToken", (Object[]) null);
                    }
                    if (!X509Security.getType().equals(tokenElement.getAttribute("ValueType")) || (x509Security = new X509Security(tokenElement)) == null) {
                        throw new WSSecurityException(1, "unsupportedBinaryTokenType", new Object[]{"for decryption (BST)"});
                    }
                    X509Certificate x509Certificate = x509Security.getX509Certificate(crypto);
                    if (x509Certificate == null) {
                        throw new WSSecurityException(0, "invalidX509Data", new Object[]{"for decryption"});
                    }
                    defaultX509Alias = crypto.getAliasForX509Cert(x509Certificate);
                    if (DebugObjects.getHandlerDebug().getDebug()) {
                        DebugObjects.getHandlerDebug().debug("EncryptedKeyProcessor - BST Alias: " + defaultX509Alias);
                    }
                }
            } else {
                if (crypto.getDefaultX509Alias() == null) {
                    throw new WSSecurityException(3, "noKeyinfo");
                }
                defaultX509Alias = crypto.getDefaultX509Alias();
            }
            DebugObjects.getHandlerDebug().debug("EncryptedKeyProcessor  - detected token reference model = " + encryptionResult.getTokenReferenceModel());
            WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(defaultX509Alias, 1);
            try {
                callbackHandler.handle(new Callback[]{wSPasswordCallback});
                String password = wSPasswordCallback.getPassword();
                if (password == null) {
                    throw new WSSecurityException(0, "noPassword", new Object[]{defaultX509Alias});
                }
                try {
                    privateKey = crypto.getPrivateKey(defaultX509Alias, password);
                } catch (Exception e) {
                    throw new WSSecurityException(8, (String) null, (Object[]) null, e);
                }
            } catch (IOException e2) {
                throw new WSSecurityException(0, "noPassword", new Object[]{defaultX509Alias});
            } catch (UnsupportedCallbackException e3) {
                throw new WSSecurityException(0, "noPassword", new Object[]{defaultX509Alias});
            }
        }
        try {
            cipherInstance.init(2, privateKey);
            try {
                this.decryptedBytes = cipherInstance.doFinal(getDecodedBase64EncodedData(element3));
                if (DebugObjects.getHandlerDebug().getDebug()) {
                    j2 = System.currentTimeMillis();
                }
                Element element7 = (Element) WSSecurityUtil.getDirectChild(element, "ReferenceList", "http://www.w3.org/2001/04/xmlenc#");
                if (element7 != null) {
                    Node firstChild = element7.getFirstChild();
                    while (true) {
                        Node node = firstChild;
                        if (node == null) {
                            break;
                        }
                        if (node.getNodeType() == 1 && node.getNamespaceURI().equals("http://www.w3.org/2001/04/xmlenc#") && node.getLocalName().equals("DataReference")) {
                            decryptDataRef(ownerDocument, ((Element) node).getAttribute("URI"), this.decryptedBytes, encryptionResult);
                        }
                        firstChild = node.getNextSibling();
                    }
                }
                if (DebugObjects.getHandlerDebug().getDebug()) {
                    long currentTimeMillis = System.currentTimeMillis();
                    DebugObjects.getHandlerDebug().debug("EncryptedKeyProcessor - XMLDecrypt: total= " + (currentTimeMillis - j) + ", get-sym-key= " + (j2 - j) + ", decrypt= " + (currentTimeMillis - j2));
                }
            } catch (IllegalStateException e4) {
                throw new WSSecurityException(8, (String) null, (Object[]) null, e4);
            } catch (BadPaddingException e5) {
                throw new WSSecurityException(8, (String) null, (Object[]) null, e5);
            } catch (IllegalBlockSizeException e6) {
                throw new WSSecurityException(8, (String) null, (Object[]) null, e6);
            }
        } catch (Exception e7) {
            throw new WSSecurityException(8, (String) null, (Object[]) null, e7);
        }
    }

    private void decryptDataRef(Document document, String str, byte[] bArr, EncryptionResult encryptionResult) throws WSSecurityException {
        QName encryptedElement;
        DebugObjects.getHandlerDebug().debug("EncryptedKeyProcessor - found data refernce: " + str);
        Element elementByWsuId = WSSecurityUtil.getElementByWsuId(document, str);
        Element element = elementByWsuId;
        if (elementByWsuId == null) {
            element = WSSecurityUtil.getElementByGenId(document, str);
        }
        if (element == null) {
            throw new WSSecurityException(3, "dataRef", new Object[]{str});
        }
        boolean isContent = X509Util.isContent(element);
        String encAlgo = X509Util.getEncAlgo(element);
        encryptionResult.setEncryptionURI(encAlgo);
        SecretKey prepareSecretKey = WSSecurityUtil.prepareSecretKey(encAlgo, bArr);
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(encAlgo);
            xMLCipher.init(2, prepareSecretKey);
            Node node = null;
            Vector vector = null;
            if (isContent) {
                element = (Element) element.getParentNode();
                encryptionResult.addPart(new QName(element.getNamespaceURI(), element.getLocalName()));
            } else {
                node = element.getParentNode();
                vector = getDirectChildElements(node);
            }
            try {
                xMLCipher.doFinal(document, element, isContent);
                if (vector == null || (encryptedElement = getEncryptedElement(node, vector)) == null) {
                    return;
                }
                encryptionResult.addPart(encryptedElement);
            } catch (Exception e) {
                throw new WSSecurityException(8, (String) null, (Object[]) null, e);
            }
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(2, (String) null, (Object[]) null, e2);
        }
    }

    private Vector getDirectChildElements(Node node) {
        Vector vector = new Vector();
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return vector;
            }
            if (node2.getNodeType() == 1) {
                QName qName = new QName(node2.getNamespaceURI(), node2.getLocalName());
                DebugObjects.getHandlerDebug().debug("EncryptedKeyProcessor - sibling of encrypted elm BEFORE decryption: " + qName);
                vector.add(qName);
            }
            firstChild = node2.getNextSibling();
        }
    }

    private QName getEncryptedElement(Node node, Vector vector) {
        QName qName = null;
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                break;
            }
            if (node2.getNodeType() == 1) {
                DebugObjects.getHandlerDebug().debug("EncryptedKeyProcessor - sibling of encrypted elm AFTER decryption: " + new QName(node2.getNamespaceURI(), node2.getLocalName()));
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i >= vector.size()) {
                        break;
                    }
                    QName qName2 = (QName) vector.elementAt(i);
                    if (qName2.getLocalPart().equals(node2.getLocalName()) && qName2.getNamespaceURI().equals(node2.getNamespaceURI())) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    qName = new QName(node2.getNamespaceURI(), node2.getLocalName());
                    break;
                }
            }
            firstChild = node2.getNextSibling();
        }
        return qName;
    }
}
