package org.apache.xml.security.stax.impl.processor.output;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.xml.stream.XMLStreamException;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.EncryptionPartDef;
import org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import org.apache.xml.security.utils.XMLUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/xmlsec-3.0.4.jar:org/apache/xml/security/stax/impl/processor/output/XMLEncryptOutputProcessor.class */
public class XMLEncryptOutputProcessor extends AbstractEncryptOutputProcessor {
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) XMLEncryptOutputProcessor.class);

    @Override // org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor, org.apache.xml.security.stax.ext.OutputProcessor
    public void processEvent(XMLSecEvent xMLSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
        SecurePart securePartMatches;
        if (xMLSecEvent.getEventType() == 1) {
            XMLSecStartElement mo6696asStartElement = xMLSecEvent.mo6696asStartElement();
            if (getActiveInternalEncryptionOutputProcessor() == null && (securePartMatches = securePartMatches(mo6696asStartElement, outputProcessorChain, XMLSecurityConstants.ENCRYPTION_PARTS)) != null) {
                LOG.debug("Matched encryptionPart for encryption");
                SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider((String) outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION));
                OutboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
                EncryptionPartDef encryptionPartDef = new EncryptionPartDef();
                encryptionPartDef.setSecurePart(securePartMatches);
                encryptionPartDef.setModifier(securePartMatches.getModifier());
                encryptionPartDef.setEncRefId(IDGenerator.generateID(null));
                encryptionPartDef.setKeyId(securityTokenProvider.getId());
                encryptionPartDef.setSymmetricKey(securityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm()));
                outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
                AbstractEncryptOutputProcessor.AbstractInternalEncryptionOutputProcessor createInternalEncryptionOutputProcessor = createInternalEncryptionOutputProcessor(encryptionPartDef, mo6696asStartElement, outputProcessorChain.getDocumentContext().getEncoding(), (OutboundSecurityToken) securityToken.getKeyWrappingToken());
                createInternalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
                createInternalEncryptionOutputProcessor.setAction(getAction(), getActionOrder());
                createInternalEncryptionOutputProcessor.init(outputProcessorChain);
                setActiveInternalEncryptionOutputProcessor(createInternalEncryptionOutputProcessor);
            }
        }
        outputProcessorChain.processEvent(xMLSecEvent);
    }

    protected AbstractEncryptOutputProcessor.AbstractInternalEncryptionOutputProcessor createInternalEncryptionOutputProcessor(EncryptionPartDef encryptionPartDef, XMLSecStartElement xMLSecStartElement, String str, final OutboundSecurityToken outboundSecurityToken) throws XMLStreamException, XMLSecurityException {
        AbstractEncryptOutputProcessor.AbstractInternalEncryptionOutputProcessor abstractInternalEncryptionOutputProcessor = new AbstractEncryptOutputProcessor.AbstractInternalEncryptionOutputProcessor(encryptionPartDef, xMLSecStartElement, str) { // from class: org.apache.xml.security.stax.impl.processor.output.XMLEncryptOutputProcessor.1
            @Override // org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor.AbstractInternalEncryptionOutputProcessor
            protected void createKeyInfoStructure(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
                int blockSize;
                if (outboundSecurityToken == null) {
                    return;
                }
                String encryptionKeyTransportAlgorithm = getSecurityProperties().getEncryptionKeyTransportAlgorithm();
                PublicKey publicKey = outboundSecurityToken.getPublicKey();
                Key secretKey = outboundSecurityToken.getSecretKey(encryptionKeyTransportAlgorithm);
                if (publicKey == null && secretKey == null) {
                    return;
                }
                createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, (List<XMLSecAttribute>) null);
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID("EK")));
                createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedKey, true, (List<XMLSecAttribute>) arrayList);
                ArrayList arrayList2 = new ArrayList(1);
                arrayList2.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportAlgorithm));
                createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod, false, (List<XMLSecAttribute>) arrayList2);
                String encryptionKeyTransportDigestAlgorithm = getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm();
                String encryptionKeyTransportMGFAlgorithm = getSecurityProperties().getEncryptionKeyTransportMGFAlgorithm();
                if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(encryptionKeyTransportAlgorithm) || "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(encryptionKeyTransportAlgorithm)) {
                    byte[] encryptionKeyTransportOAEPParams = getSecurityProperties().getEncryptionKeyTransportOAEPParams();
                    if (encryptionKeyTransportOAEPParams != null) {
                        createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_OAEPparams, false, (List<XMLSecAttribute>) null);
                        createCharactersAndOutputAsEvent(outputProcessorChain, XMLUtils.encodeToString(encryptionKeyTransportOAEPParams));
                        createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_OAEPparams);
                    }
                    if (encryptionKeyTransportDigestAlgorithm != null) {
                        ArrayList arrayList3 = new ArrayList(1);
                        arrayList3.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportDigestAlgorithm));
                        createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod, true, (List<XMLSecAttribute>) arrayList3);
                        createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DigestMethod);
                    }
                    if (encryptionKeyTransportMGFAlgorithm != null) {
                        ArrayList arrayList4 = new ArrayList(1);
                        arrayList4.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionKeyTransportMGFAlgorithm));
                        createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF, true, (List<XMLSecAttribute>) arrayList4);
                        createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc11_MGF);
                    }
                }
                createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod);
                createKeyInfoStructureForEncryptedKey(outputProcessorChain, outboundSecurityToken);
                createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData, false, (List<XMLSecAttribute>) null);
                createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue, false, (List<XMLSecAttribute>) null);
                String translateURItoJCEID = JCEMapper.translateURItoJCEID(encryptionKeyTransportAlgorithm);
                if (translateURItoJCEID == null) {
                    throw new XMLSecurityException("algorithms.NoSuchMap", new Object[]{encryptionKeyTransportAlgorithm});
                }
                try {
                    Cipher cipher = Cipher.getInstance(translateURItoJCEID);
                    OAEPParameterSpec oAEPParameterSpec = null;
                    if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(encryptionKeyTransportAlgorithm) || "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(encryptionKeyTransportAlgorithm)) {
                        String translateURItoJCEID2 = encryptionKeyTransportDigestAlgorithm != null ? JCEMapper.translateURItoJCEID(encryptionKeyTransportDigestAlgorithm) : "SHA-1";
                        PSource.PSpecified pSpecified = PSource.PSpecified.DEFAULT;
                        byte[] encryptionKeyTransportOAEPParams2 = getSecurityProperties().getEncryptionKeyTransportOAEPParams();
                        if (encryptionKeyTransportOAEPParams2 != null) {
                            pSpecified = new PSource.PSpecified(encryptionKeyTransportOAEPParams2);
                        }
                        MGF1ParameterSpec mGF1ParameterSpec = new MGF1ParameterSpec("SHA-1");
                        if (encryptionKeyTransportMGFAlgorithm != null) {
                            mGF1ParameterSpec = new MGF1ParameterSpec(JCEMapper.translateURItoJCEID(encryptionKeyTransportMGFAlgorithm));
                        }
                        oAEPParameterSpec = new OAEPParameterSpec(translateURItoJCEID2, "MGF1", mGF1ParameterSpec, pSpecified);
                    }
                    if (publicKey != null) {
                        cipher.init(3, publicKey, oAEPParameterSpec);
                    } else {
                        cipher.init(3, secretKey, oAEPParameterSpec);
                    }
                    Key secretKey2 = outputProcessorChain.getSecurityContext().getSecurityTokenProvider((String) outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION)).getSecurityToken().getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm());
                    if (publicKey != null && (blockSize = cipher.getBlockSize()) > 0 && blockSize < secretKey2.getEncoded().length) {
                        throw new XMLSecurityException("stax.unsupportedKeyTransp");
                    }
                    createCharactersAndOutputAsEvent(outputProcessorChain, XMLUtils.encodeToString(cipher.wrap(secretKey2)));
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherValue);
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData);
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedKey);
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
                } catch (InvalidAlgorithmParameterException e) {
                    throw new XMLSecurityException(e);
                } catch (InvalidKeyException e2) {
                    throw new XMLSecurityException(e2);
                } catch (NoSuchAlgorithmException e3) {
                    throw new XMLSecurityException(e3);
                } catch (IllegalBlockSizeException e4) {
                    throw new XMLSecurityException(e4);
                } catch (NoSuchPaddingException e5) {
                    throw new XMLSecurityException(e5);
                }
            }

            protected void createKeyInfoStructureForEncryptedKey(OutputProcessorChain outputProcessorChain, OutboundSecurityToken outboundSecurityToken2) throws XMLStreamException, XMLSecurityException {
                SecurityTokenConstants.KeyIdentifier encryptionKeyIdentifier = getSecurityProperties().getEncryptionKeyIdentifier();
                X509Certificate[] x509Certificates = outboundSecurityToken2.getX509Certificates();
                if (x509Certificates == null) {
                    if (outboundSecurityToken2.getPublicKey() == null || !SecurityTokenConstants.KeyIdentifier_KeyValue.equals(encryptionKeyIdentifier)) {
                        return;
                    }
                    createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, (List<XMLSecAttribute>) null);
                    XMLSecurityUtils.createKeyValueTokenStructure(this, outputProcessorChain, outboundSecurityToken2.getPublicKey());
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
                    return;
                }
                if (SecurityTokenConstants.KeyIdentifier_NoKeyInfo.equals(encryptionKeyIdentifier)) {
                    return;
                }
                createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, (List<XMLSecAttribute>) null);
                if (encryptionKeyIdentifier == null || SecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(encryptionKeyIdentifier)) {
                    XMLSecurityUtils.createX509IssuerSerialStructure(this, outputProcessorChain, x509Certificates);
                } else if (SecurityTokenConstants.KeyIdentifier_KeyValue.equals(encryptionKeyIdentifier)) {
                    XMLSecurityUtils.createKeyValueTokenStructure(this, outputProcessorChain, x509Certificates);
                } else if (SecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier.equals(encryptionKeyIdentifier)) {
                    XMLSecurityUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
                } else if (SecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(encryptionKeyIdentifier)) {
                    XMLSecurityUtils.createX509CertificateStructure(this, outputProcessorChain, x509Certificates);
                } else if (SecurityTokenConstants.KeyIdentifier_X509SubjectName.equals(encryptionKeyIdentifier)) {
                    XMLSecurityUtils.createX509SubjectNameStructure(this, outputProcessorChain, x509Certificates);
                } else {
                    if (!SecurityTokenConstants.KeyIdentifier_KeyName.equals(encryptionKeyIdentifier)) {
                        throw new XMLSecurityException("stax.unsupportedToken", new Object[]{encryptionKeyIdentifier});
                    }
                    XMLSecurityUtils.createKeyNameTokenStructure(this, outputProcessorChain, getSecurityProperties().getEncryptionKeyName());
                }
                createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
            }
        };
        abstractInternalEncryptionOutputProcessor.getAfterProcessors().add(XMLEncryptOutputProcessor.class);
        return abstractInternalEncryptionOutputProcessor;
    }
}
