package com.sun.identity.xmlenc;

import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.org.apache.xml.internal.serialize.OutputFormat;
import com.sun.org.apache.xml.internal.serialize.XMLSerializer;
import com.sun.org.apache.xml.security.Init;
import com.sun.org.apache.xml.security.encryption.EncryptedData;
import com.sun.org.apache.xml.security.encryption.EncryptedKey;
import com.sun.org.apache.xml.security.encryption.XMLCipher;
import com.sun.org.apache.xml.security.keys.KeyInfo;
import com.sun.org.apache.xml.security.keys.content.X509Data;
import com.sun.org.apache.xml.security.transforms.Transforms;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:119465-05/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/xmlenc/AMEncryptionProvider.class */
public class AMEncryptionProvider implements EncryptionProvider {
    private KeyProvider keyProvider = null;
    private static Map keyMap = new HashMap();

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public void initialize(KeyProvider keyProvider) throws EncryptionException {
        if (keyProvider == null) {
            EncryptionUtils.debug.error("AMSignatureProvider.initialize: keystore is null");
            throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
        }
        this.keyProvider = keyProvider;
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplace(Document document, Element element, String str, int i, String str2, int i2) throws EncryptionException {
        return encryptAndReplace(document, element, str, i, this.keyProvider.getPublicKey(str2), i2, null, false);
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplace(Document document, Element element, String str, int i, String str2, int i2, String str3) throws EncryptionException {
        return encryptAndReplace(document, element, str, i, this.keyProvider.getPublicKey(str2), i2, str3, false);
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplaceResourceID(Document document, Element element, String str, int i, String str2, int i2, String str3) throws EncryptionException {
        return encryptAndReplace(document, element, str, i, this.keyProvider.getPublicKey(str2), i2, str3, true);
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document encryptAndReplace(Document document, Element element, String str, int i, Key key, int i2, String str2) throws EncryptionException {
        return encryptAndReplace(document, element, str, i, key, i2, str2, false);
    }

    private Document encryptAndReplace(Document document, Element element, String str, int i, Key key, int i2, String str2, boolean z) throws EncryptionException {
        SecretKey generateSecretKey;
        XMLCipher xMLCipher;
        if (document == null || element == null || key == null) {
            EncryptionUtils.debug.error("AMEncryptionProvider.encryptAndReplace: Null values");
            throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
        }
        if (str2 == null) {
            generateSecretKey = generateSecretKey(str, i);
        } else if (keyMap.containsKey(str2)) {
            generateSecretKey = (SecretKey) keyMap.get(str2);
        } else {
            generateSecretKey = generateSecretKey(str, i);
            keyMap.put(str2, generateSecretKey);
        }
        if (generateSecretKey == null) {
            throw new EncryptionException(EncryptionUtils.bundle.getString("generateKeyError"));
        }
        try {
            String algorithm = key.getAlgorithm();
            if (algorithm.equals("RSA")) {
                xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
            } else if (algorithm.equals(EncryptionConstants.TRIPLEDES)) {
                xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#kw-tripledes");
            } else {
                if (!algorithm.equals(EncryptionConstants.AES)) {
                    throw new EncryptionException(EncryptionUtils.bundle.getString("unsupportedKeyAlg"));
                }
                if (i2 == 0 || i2 == 128) {
                    xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#kw-aes128");
                } else if (i == 192) {
                    xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#kw-aes192");
                } else {
                    if (i != 256) {
                        throw new EncryptionException(EncryptionUtils.bundle.getString("invalidKeyStrength"));
                    }
                    xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#kw-aes256");
                }
            }
            xMLCipher.init(3, key);
            EncryptedKey encryptKey = xMLCipher.encryptKey(document, generateSecretKey);
            KeyInfo keyInfo = new KeyInfo(document);
            X509Data x509Data = new X509Data(document);
            x509Data.addCertificate((X509Certificate) this.keyProvider.getCertificate((PublicKey) key));
            keyInfo.add(x509Data);
            encryptKey.setKeyInfo(keyInfo);
            String str3 = null;
            if (z) {
                str3 = SAMLUtils.generateID();
                encryptKey.setId(str3);
            }
            if (EncryptionUtils.debug.messageEnabled()) {
                EncryptionUtils.debug.message(new StringBuffer().append("AMEncryptionProvider.encryptAndReplace: Encrypted key = ").append(toString(xMLCipher.martial(document, encryptKey))).toString());
            }
            XMLCipher xMLCipher2 = XMLCipher.getInstance(getEncryptionAlgorithm(str, i));
            xMLCipher2.init(1, generateSecretKey);
            EncryptedData encryptedData = xMLCipher2.getEncryptedData();
            KeyInfo keyInfo2 = encryptedData.getKeyInfo();
            if (keyInfo2 == null) {
                keyInfo2 = new KeyInfo(document);
                encryptedData.setKeyInfo(keyInfo2);
            }
            if (z) {
                keyInfo2.addKeyName(str2);
                keyInfo2.addRetrievalMethod(new StringBuffer().append("#").append(str3).toString(), (Transforms) null, "http://www.w3.org/2001/04/xmlenc#EncryptedKey");
            } else {
                keyInfo2.add(encryptKey);
            }
            Document doFinal = xMLCipher2.doFinal(document, element);
            if (z) {
                Element element2 = (Element) doFinal.getElementsByTagNameNS(EncryptionConstants.ENC_XML_NS, "EncryptedData").item(0);
                Node parentNode = element2.getParentNode();
                Element createElementNS = doFinal.createElementNS("urn:liberty:disco:2003-08", "EncryptedResourceID");
                parentNode.replaceChild(createElementNS, element2);
                createElementNS.appendChild(element2);
                Element martial = xMLCipher2.martial(document, encryptKey);
                Element createElementNS2 = document.createElementNS(EncryptionConstants.ENC_XML_NS, "xenc:CarriedKeyName");
                createElementNS2.appendChild(document.createTextNode(str2));
                martial.appendChild(createElementNS2);
                createElementNS.appendChild(martial);
            }
            return doFinal;
        } catch (Exception e) {
            EncryptionUtils.debug.error("AMEncryptionProvider.encryptAndReplace: XML Encryption error", e);
            throw new EncryptionException(e);
        }
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document decryptAndReplace(Document document, String str) throws EncryptionException {
        return decryptAndReplace(document, this.keyProvider.getPrivateKey(str));
    }

    @Override // com.sun.identity.xmlenc.EncryptionProvider
    public Document decryptAndReplace(Document document, Key key) throws EncryptionException {
        if (document == null || key == null) {
            throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
        }
        Key key2 = null;
        Document document2 = null;
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(EncryptionConstants.ENC_XML_NS, "EncryptedData");
        int length = elementsByTagNameNS.getLength();
        if (elementsByTagNameNS == null || length == 0) {
            return document;
        }
        Element element = (Element) document.getElementsByTagNameNS(EncryptionConstants.ENC_XML_NS, "EncryptedKey").item(0);
        for (int i = 0; i < length; i++) {
            try {
                Element element2 = (Element) elementsByTagNameNS.item(i);
                XMLCipher xMLCipher = XMLCipher.getInstance();
                xMLCipher.init(2, (Key) null);
                EncryptedData loadEncryptedData = xMLCipher.loadEncryptedData(document, element2);
                EncryptedKey loadEncryptedKey = xMLCipher.loadEncryptedKey(document, element);
                if (loadEncryptedKey == null) {
                    loadEncryptedKey = loadEncryptedData.getKeyInfo().itemEncryptedKey(0);
                }
                if (EncryptionUtils.debug.messageEnabled()) {
                    EncryptionUtils.debug.message(new StringBuffer().append("AMEncryptionProvider.decryptAndReplace: Encrypted key = ").append(toString(xMLCipher.martial(document, loadEncryptedKey))).toString());
                }
                if (loadEncryptedKey != null) {
                    XMLCipher xMLCipher2 = XMLCipher.getInstance();
                    xMLCipher2.init(4, key);
                    key2 = xMLCipher2.decryptKey(loadEncryptedKey, loadEncryptedData.getEncryptionMethod().getAlgorithm());
                }
                XMLCipher xMLCipher3 = XMLCipher.getInstance();
                xMLCipher3.init(2, key2);
                document2 = xMLCipher3.doFinal(document, element2);
            } catch (Exception e) {
                EncryptionUtils.debug.error("AMEncryptionProvider.decryptAndReplace: XML Decryption error.", e);
                throw new EncryptionException(e);
            }
        }
        return document2;
    }

    private String toString(Element element) {
        OutputFormat outputFormat = new OutputFormat();
        outputFormat.setIndenting(true);
        outputFormat.setMethod("xml");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new XMLSerializer(byteArrayOutputStream, outputFormat).serialize(element);
        } catch (IOException e) {
            e.printStackTrace();
        }
        return byteArrayOutputStream.toString();
    }

    private String getEncryptionAlgorithm(String str, int i) throws EncryptionException {
        if (str == null) {
            throw new EncryptionException(EncryptionUtils.bundle.getString("nullValues"));
        }
        if (!str.equals(EncryptionConstants.AES)) {
            if (str.equals(EncryptionConstants.TRIPLEDES)) {
                return "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
            }
            throw new EncryptionException(EncryptionUtils.bundle.getString("unsupportedKeyAlg"));
        }
        if (i == 0 || i == 128) {
            return "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
        }
        if (i == 192) {
            return "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
        }
        if (i == 256) {
            return "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
        }
        throw new EncryptionException(EncryptionUtils.bundle.getString("invalidKeyStrength"));
    }

    private SecretKey generateSecretKey(String str, int i) throws EncryptionException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
            if (i != 0) {
                keyGenerator.init(i);
            }
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new EncryptionException(e);
        }
    }

    static {
        Init.init();
    }
}
