package nl.clockwork.ebms.encryption;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import javax.crypto.SecretKey;
import javax.mail.util.ByteArrayDataSource;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import nl.clockwork.ebms.common.CPAManager;
import nl.clockwork.ebms.common.KeyStoreManager;
import nl.clockwork.ebms.common.util.SecurityUtils;
import nl.clockwork.ebms.model.CacheablePartyId;
import nl.clockwork.ebms.model.EbMSAttachment;
import nl.clockwork.ebms.model.EbMSDocument;
import nl.clockwork.ebms.model.EbMSMessage;
import nl.clockwork.ebms.processor.EbMSProcessingException;
import nl.clockwork.ebms.processor.EbMSProcessorException;
import nl.clockwork.ebms.util.CPAUtils;
import nl.clockwork.ebms.validation.ValidationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.KeyName;
import org.apache.xml.security.utils.EncryptionConstants;
import org.oasis_open.committees.ebxml_cppa.schema.cpp_cpa_2_0.DeliveryChannel;
import org.springframework.beans.factory.InitializingBean;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:nl/clockwork/ebms/encryption/EbMSMessageEncrypter.class */
public class EbMSMessageEncrypter implements InitializingBean {
    protected transient Log logger = LogFactory.getLog(getClass());
    private CPAManager cpaManager;
    private String trustStorePath;
    private String trustStorePassword;
    private KeyStore trustStore;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        this.trustStore = KeyStoreManager.getKeyStore(this.trustStorePath, this.trustStorePassword);
    }

    public void encrypt(EbMSMessage ebMSMessage) throws EbMSProcessingException {
        try {
            if (this.cpaManager.isConfidential(ebMSMessage.getMessageHeader().getCPAId(), new CacheablePartyId(ebMSMessage.getMessageHeader().getFrom().getPartyId()), ebMSMessage.getMessageHeader().getFrom().getRole(), CPAUtils.toString(ebMSMessage.getMessageHeader().getService()), ebMSMessage.getMessageHeader().getAction())) {
                DeliveryChannel receiveDeliveryChannel = this.cpaManager.getReceiveDeliveryChannel(ebMSMessage.getMessageHeader().getCPAId(), new CacheablePartyId(ebMSMessage.getMessageHeader().getTo().getPartyId()), ebMSMessage.getMessageHeader().getTo().getRole(), CPAUtils.toString(ebMSMessage.getMessageHeader().getService()), ebMSMessage.getMessageHeader().getAction());
                X509Certificate x509Certificate = CPAUtils.getX509Certificate(CPAUtils.getEncryptionCertificate(receiveDeliveryChannel));
                validateCertificate(this.trustStore, x509Certificate);
                String encryptionAlgorithm = CPAUtils.getEncryptionAlgorithm(receiveDeliveryChannel);
                ArrayList arrayList = new ArrayList();
                Iterator<EbMSAttachment> it = ebMSMessage.getAttachments().iterator();
                while (it.hasNext()) {
                    arrayList.add(encrypt(createDocument(), x509Certificate, encryptionAlgorithm, it.next()));
                }
                ebMSMessage.setAttachments(arrayList);
            }
        } catch (FileNotFoundException | KeyStoreException | NoSuchAlgorithmException | CertificateException | ValidationException | XMLEncryptionException e) {
            throw new EbMSProcessingException(e);
        } catch (Exception e2) {
            throw new EbMSProcessingException(e2);
        }
    }

    public void encrypt(DeliveryChannel deliveryChannel, EbMSDocument ebMSDocument) throws EbMSProcessingException {
        try {
            X509Certificate x509Certificate = CPAUtils.getX509Certificate(CPAUtils.getEncryptionCertificate(deliveryChannel));
            validateCertificate(this.trustStore, x509Certificate);
            String encryptionAlgorithm = CPAUtils.getEncryptionAlgorithm(deliveryChannel);
            ArrayList arrayList = new ArrayList();
            Iterator<EbMSAttachment> it = ebMSDocument.getAttachments().iterator();
            while (it.hasNext()) {
                arrayList.add(encrypt(createDocument(), x509Certificate, encryptionAlgorithm, it.next()));
            }
            ebMSDocument.getAttachments().clear();
            ebMSDocument.getAttachments().addAll(arrayList);
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | TransformerConfigurationException | TransformerFactoryConfigurationError | ValidationException | XMLEncryptionException e) {
            throw new EbMSProcessingException(e);
        } catch (Exception e2) {
            throw new EbMSProcessingException(e2);
        }
    }

    private XMLCipher createXmlCipher(String str, SecretKey secretKey) throws XMLEncryptionException {
        XMLCipher xMLCipher = XMLCipher.getInstance(str);
        xMLCipher.init(1, secretKey);
        return xMLCipher;
    }

    private void validateCertificate(KeyStore keyStore, X509Certificate x509Certificate) throws KeyStoreException, ValidationException {
        Certificate certificate;
        try {
            x509Certificate.checkValidity(new Date());
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                try {
                    certificate = keyStore.getCertificate(aliases.nextElement());
                } catch (GeneralSecurityException e) {
                    this.logger.trace("", e);
                }
                if ((certificate instanceof X509Certificate) && x509Certificate.getIssuerDN().getName().equals(((X509Certificate) certificate).getSubjectDN().getName())) {
                    x509Certificate.verify(certificate.getPublicKey());
                    return;
                }
            }
            throw new ValidationException("Certificate " + x509Certificate.getIssuerDN() + " not found!");
        } catch (CertificateExpiredException | CertificateNotYetValidException e2) {
            throw new ValidationException(e2);
        }
    }

    private EbMSAttachment encrypt(Document document, X509Certificate x509Certificate, String str, EbMSAttachment ebMSAttachment) throws NoSuchAlgorithmException, XMLEncryptionException, FileNotFoundException, Exception {
        SecretKey generateKey = SecurityUtils.generateKey(str);
        XMLCipher createXmlCipher = createXmlCipher(str, generateKey);
        setEncryptedData(document, createXmlCipher, createEncryptedKey(document, x509Certificate.getPublicKey(), generateKey), x509Certificate, ebMSAttachment);
        EncryptedData encryptData = createXmlCipher.encryptData(document, (String) null, ebMSAttachment.getInputStream());
        StringWriter stringWriter = new StringWriter();
        createTransformer().transform(new DOMSource(createXmlCipher.martial(document, encryptData)), new StreamResult(stringWriter));
        ByteArrayDataSource byteArrayDataSource = new ByteArrayDataSource(stringWriter.toString().getBytes("UTF-8"), "application/xml");
        byteArrayDataSource.setName(ebMSAttachment.getName());
        return new EbMSAttachment(byteArrayDataSource, ebMSAttachment.getContentId());
    }

    private EncryptedKey createEncryptedKey(Document document, Key key, SecretKey secretKey) throws XMLEncryptionException {
        XMLCipher xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        xMLCipher.init(3, key);
        return xMLCipher.encryptKey(document, secretKey);
    }

    private void setEncryptedData(Document document, XMLCipher xMLCipher, EncryptedKey encryptedKey, X509Certificate x509Certificate, EbMSAttachment ebMSAttachment) throws XMLEncryptionException {
        EncryptedData encryptedData = xMLCipher.getEncryptedData();
        KeyInfo keyInfo = new KeyInfo(document);
        keyInfo.add(new KeyName(document, x509Certificate.getSubjectDN().getName()));
        encryptedKey.setKeyInfo(keyInfo);
        KeyInfo keyInfo2 = new KeyInfo(document);
        keyInfo2.add(encryptedKey);
        encryptedData.setKeyInfo(keyInfo2);
        encryptedData.setId(ebMSAttachment.getContentId());
        encryptedData.setMimeType(ebMSAttachment.getContentType());
        encryptedData.setType(EncryptionConstants.TYPE_ELEMENT);
    }

    private Document createDocument() throws EbMSProcessorException {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            return newInstance.newDocumentBuilder().parse(new InputSource(new StringReader("<root></root>")));
        } catch (IOException | ParserConfigurationException | SAXException e) {
            throw new EbMSProcessorException(e);
        }
    }

    private Transformer createTransformer() throws TransformerFactoryConfigurationError, TransformerConfigurationException {
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", "yes");
        return newTransformer;
    }

    public void setCpaManager(CPAManager cPAManager) {
        this.cpaManager = cPAManager;
    }

    public void setTrustStorePath(String str) {
        this.trustStorePath = str;
    }

    public void setTrustStorePassword(String str) {
        this.trustStorePassword = str;
    }
}
