package com.sun.xml.wss.filter;

import com.sun.org.apache.xml.security.encryption.EncryptedKey;
import com.sun.org.apache.xml.security.encryption.XMLCipher;
import com.sun.org.apache.xml.security.encryption.XMLEncryptionException;
import com.sun.xml.wss.KeyInfoHeaderBlock;
import com.sun.xml.wss.MessageConstants;
import com.sun.xml.wss.MessageFilter;
import com.sun.xml.wss.ReferenceListHeaderBlock;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.WssSoapFaultException;
import com.sun.xml.wss.XMLUtil;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.helpers.KeyResolver;
import java.security.PrivateKey;
import java.util.logging.Level;
import javax.crypto.SecretKey;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPFactory;

/* loaded from: input_file:119167-15/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/filter/ImportEncryptedKeyFilter.class */
public class ImportEncryptedKeyFilter extends FilterBase implements MessageFilter {
    @Override // com.sun.xml.wss.MessageFilter
    public void process(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        SOAPElement currentHeaderBlockElement = securableSoapMessage.findSecurityHeader().getCurrentHeaderBlockElement();
        if (!currentHeaderBlockElement.getLocalName().equals("EncryptedKey") || !XMLUtil.inEncryptionNS(currentHeaderBlockElement)) {
            log.log(Level.SEVERE, "WSS0209.unexpected.header.block", new Object[]{MessageConstants.XENC_ENCRYPTED_KEY_QNAME, currentHeaderBlockElement.getTagName()});
            throw new XWSSecurityException(new StringBuffer().append("Expected EncryptedKey, found ").append(currentHeaderBlockElement.getTagName()).toString());
        }
        currentHeaderBlockElement.normalize();
        decrypt(currentHeaderBlockElement, securableSoapMessage);
    }

    private void decrypt(SOAPElement sOAPElement, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance();
            EncryptedKey loadEncryptedKey = xMLCipher.loadEncryptedKey(sOAPElement);
            String algorithm = loadEncryptedKey.getEncryptionMethod().getAlgorithm();
            if (!"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(algorithm) && !"http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(algorithm)) {
                log.log(Level.SEVERE, "WSS0210.unsupported.key.encryption.algorithm", algorithm);
                XWSSecurityException xWSSecurityException = new XWSSecurityException(new StringBuffer().append("Expected http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p or http://www.w3.org/2001/04/xmlenc#rsa-1_5 for key encryption, found ").append(algorithm).toString());
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_UNSUPPORTED_ALGORITHM, xWSSecurityException.getMessage(), xWSSecurityException);
            }
            xMLCipher.init(4, (PrivateKey) KeyResolver.getKey(new KeyInfoHeaderBlock(loadEncryptedKey.getKeyInfo()), false, securableSoapMessage));
            try {
                securableSoapMessage.setFilterParameter("SymmetricKey", (SecretKey) xMLCipher.decryptKey(loadEncryptedKey, "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"));
                securableSoapMessage.setFilterParameter("ReferenceList", new ReferenceListHeaderBlock((SOAPElement) sOAPElement.getChildElements(SOAPFactory.newInstance().createName("ReferenceList", MessageConstants.XENC_PREFIX, "http://www.w3.org/2001/04/xmlenc#")).next()));
            } catch (XMLEncryptionException e) {
                log.log(Level.SEVERE, "WSS0211.error.decrypting.key");
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_CHECK, "Decryption of key encryption key failed", e);
            }
        } catch (WssSoapFaultException e2) {
            throw e2;
        } catch (Exception e3) {
            log.log(Level.SEVERE, e3.getMessage());
            throw new XWSSecurityException(e3);
        }
    }
}
