package org.apache.xml.security.encryption;

import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.Base64;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.keys.content.derivedKey.ConcatKDFParamsImpl;
import org.apache.xml.security.encryption.keys.content.derivedKey.HKDFParamsImpl;
import org.apache.xml.security.encryption.keys.content.derivedKey.KDFParams;
import org.apache.xml.security.encryption.params.ConcatKDFParams;
import org.apache.xml.security.encryption.params.HKDFParams;
import org.apache.xml.security.encryption.params.KeyAgreementParameters;
import org.apache.xml.security.encryption.params.KeyDerivationParameters;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.utils.KeyUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/xml/security/encryption/XMLCipherUtil.class */
public final class XMLCipherUtil {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) XMLCipherUtil.class);
    private static final boolean gcmUseIvParameterSpec = ((Boolean) AccessController.doPrivileged(() -> {
        return Boolean.valueOf(Boolean.getBoolean("org.apache.xml.security.cipher.gcm.useIvParameterSpec"));
    })).booleanValue();

    public static AlgorithmParameterSpec constructBlockCipherParameters(String str, byte[] bArr) {
        if ("http://www.w3.org/2009/xmlenc11#aes128-gcm".equals(str) || "http://www.w3.org/2009/xmlenc11#aes192-gcm".equals(str) || "http://www.w3.org/2009/xmlenc11#aes256-gcm".equals(str)) {
            return constructBlockCipherParametersForGCMAlgorithm(str, bArr);
        }
        LOG.debug("Saw non-AES-GCM mode block cipher, returning IvParameterSpec: {}", str);
        return new IvParameterSpec(bArr);
    }

    public static AlgorithmParameterSpec constructBlockCipherParameters(boolean z, byte[] bArr) {
        if (z) {
            return constructBlockCipherParametersForGCMAlgorithm("AES/GCM/NoPadding", bArr);
        }
        LOG.debug("Saw non-AES-GCM mode block cipher, returning IvParameterSpec");
        return new IvParameterSpec(bArr);
    }

    private static AlgorithmParameterSpec constructBlockCipherParametersForGCMAlgorithm(String str, byte[] bArr) {
        if (gcmUseIvParameterSpec) {
            LOG.debug("Saw AES-GCM block cipher, using IvParameterSpec due to system property override: {}", str);
            return new IvParameterSpec(bArr);
        }
        LOG.debug("Saw AES-GCM block cipher, attempting to create GCMParameterSpec: {}", str);
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr);
        LOG.debug("Successfully created GCMParameterSpec");
        return gCMParameterSpec;
    }

    public static OAEPParameterSpec constructOAEPParameters(String str, String str2, String str3, byte[] bArr) {
        if (!"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str) && !"http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str)) {
            return null;
        }
        String translateURItoJCEID = str2 != null ? JCEMapper.translateURItoJCEID(str2) : "SHA-1";
        PSource.PSpecified pSpecified = bArr == null ? PSource.PSpecified.DEFAULT : new PSource.PSpecified(bArr);
        MGF1ParameterSpec mGF1ParameterSpec = new MGF1ParameterSpec("SHA-1");
        if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str)) {
            mGF1ParameterSpec = constructMGF1Parameter(str3);
        }
        return new OAEPParameterSpec(translateURItoJCEID, "MGF1", mGF1ParameterSpec, pSpecified);
    }

    public static MGF1ParameterSpec constructMGF1Parameter(String str) {
        LOG.debug("Creating MGF1ParameterSpec for [{0}]", str);
        if (str == null || str.isEmpty()) {
            LOG.warn("MGF1 algorithm URI is null or empty. Using SHA-1 as default.");
            return new MGF1ParameterSpec("SHA-1");
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -938511015:
                if (str.equals("http://www.w3.org/2009/xmlenc11#mgf1sha224")) {
                    z = true;
                    break;
                }
                break;
            case -938510920:
                if (str.equals("http://www.w3.org/2009/xmlenc11#mgf1sha256")) {
                    z = 2;
                    break;
                }
                break;
            case -938509868:
                if (str.equals("http://www.w3.org/2009/xmlenc11#mgf1sha384")) {
                    z = 3;
                    break;
                }
                break;
            case -938508165:
                if (str.equals("http://www.w3.org/2009/xmlenc11#mgf1sha512")) {
                    z = 4;
                    break;
                }
                break;
            case 1853769942:
                if (str.equals("http://www.w3.org/2009/xmlenc11#mgf1sha1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new MGF1ParameterSpec("SHA-1");
            case true:
                return new MGF1ParameterSpec("SHA-224");
            case true:
                return new MGF1ParameterSpec("SHA-256");
            case true:
                return new MGF1ParameterSpec("SHA-384");
            case true:
                return new MGF1ParameterSpec("SHA-512");
            default:
                LOG.warn("Unsupported MGF algorithm: [{0}] Using SHA-1 as default.", str);
                return new MGF1ParameterSpec("SHA-1");
        }
    }

    public static String getMgf1URIForParameter(MGF1ParameterSpec mGF1ParameterSpec) {
        String digestAlgorithm = mGF1ParameterSpec.getDigestAlgorithm();
        LOG.debug("Get MGF1 URI for digest algorithm [{0}]", digestAlgorithm);
        boolean z = -1;
        switch (digestAlgorithm.hashCode()) {
            case -1523887821:
                if (digestAlgorithm.equals("SHA-224")) {
                    z = true;
                    break;
                }
                break;
            case -1523887726:
                if (digestAlgorithm.equals("SHA-256")) {
                    z = 2;
                    break;
                }
                break;
            case -1523886674:
                if (digestAlgorithm.equals("SHA-384")) {
                    z = 3;
                    break;
                }
                break;
            case -1523884971:
                if (digestAlgorithm.equals("SHA-512")) {
                    z = 4;
                    break;
                }
                break;
            case 78861104:
                if (digestAlgorithm.equals("SHA-1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "http://www.w3.org/2009/xmlenc11#mgf1sha1";
            case true:
                return "http://www.w3.org/2009/xmlenc11#mgf1sha224";
            case true:
                return "http://www.w3.org/2009/xmlenc11#mgf1sha256";
            case true:
                return "http://www.w3.org/2009/xmlenc11#mgf1sha384";
            case true:
                return "http://www.w3.org/2009/xmlenc11#mgf1sha512";
            default:
                LOG.warn("Unknown hash algorithm: [{0}]  for MGF1", digestAlgorithm);
                return "http://www.w3.org/2009/xmlenc11#mgf1sha1";
        }
    }

    public static KeyAgreementParameters constructRecipientKeyAgreementParameters(String str, AgreementMethod agreementMethod, PrivateKey privateKey) throws XMLSecurityException {
        String algorithm = agreementMethod.getAlgorithm();
        int aESKeyBitSizeForWrapAlgorithm = KeyUtils.getAESKeyBitSizeForWrapAlgorithm(str);
        KeyDerivationMethod keyDerivationMethod = agreementMethod.getKeyDerivationMethod();
        if (keyDerivationMethod == null) {
            throw new XMLEncryptionException("Key Derivation Algorithm is not specified");
        }
        return constructAgreementParameters(algorithm, KeyAgreementParameters.ActorType.RECIPIENT, constructKeyDerivationParameter(keyDerivationMethod, aESKeyBitSizeForWrapAlgorithm), privateKey, agreementMethod.getOriginatorKeyInfo().getPublicKey());
    }

    public static KeyAgreementParameters constructAgreementParameters(String str, KeyAgreementParameters.ActorType actorType, KeyDerivationParameters keyDerivationParameters, PrivateKey privateKey, PublicKey publicKey) {
        KeyAgreementParameters keyAgreementParameters = new KeyAgreementParameters(actorType, str, keyDerivationParameters);
        if (actorType == KeyAgreementParameters.ActorType.RECIPIENT) {
            keyAgreementParameters.setRecipientPrivateKey(privateKey);
            keyAgreementParameters.setOriginatorPublicKey(publicKey);
        } else {
            keyAgreementParameters.setOriginatorPrivateKey(privateKey);
            keyAgreementParameters.setRecipientPublicKey(publicKey);
        }
        return keyAgreementParameters;
    }

    public static KeyDerivationParameters constructKeyDerivationParameter(KeyDerivationMethod keyDerivationMethod, int i) throws XMLEncryptionException {
        String algorithm = keyDerivationMethod.getAlgorithm();
        try {
            KDFParams kDFParams = keyDerivationMethod.getKDFParams();
            if ("http://www.w3.org/2009/xmlenc11#ConcatKDF".equals(algorithm)) {
                if (!(kDFParams instanceof ConcatKDFParamsImpl)) {
                    throw new XMLEncryptionException("KeyDerivation.InvalidParametersType", algorithm, ConcatKDFParamsImpl.class.getName());
                }
                ConcatKDFParamsImpl concatKDFParamsImpl = (ConcatKDFParamsImpl) kDFParams;
                return ConcatKDFParams.createBuilder(i, concatKDFParamsImpl.getDigestMethod()).algorithmID(concatKDFParamsImpl.getAlgorithmId()).partyUInfo(concatKDFParamsImpl.getPartyUInfo()).partyVInfo(concatKDFParamsImpl.getPartyVInfo()).suppPubInfo(concatKDFParamsImpl.getSuppPubInfo()).suppPrivInfo(concatKDFParamsImpl.getSuppPrivInfo()).build();
            }
            if (!"http://www.w3.org/2021/04/xmldsig-more#hkdf".equals(algorithm)) {
                throw new XMLEncryptionException("unknownAlgorithm", algorithm);
            }
            if (!(kDFParams instanceof HKDFParamsImpl)) {
                throw new XMLEncryptionException("KeyDerivation.InvalidParametersType", algorithm, HKDFParamsImpl.class.getName());
            }
            HKDFParamsImpl hKDFParamsImpl = (HKDFParamsImpl) kDFParams;
            return HKDFParams.createBuilder(i, hKDFParamsImpl.getPRFAlgorithm()).salt(hKDFParamsImpl.getSalt() != null ? Base64.getDecoder().decode(hKDFParamsImpl.getSalt()) : null).info(hKDFParamsImpl.getInfo() != null ? Base64.getDecoder().decode(hKDFParamsImpl.getInfo()) : null).build();
        } catch (XMLSecurityException e) {
            throw new XMLEncryptionException(e);
        }
    }

    public static byte[] hexStringToByteArray(String str) {
        if (str == null) {
            return null;
        }
        if (str.isEmpty()) {
            return new byte[0];
        }
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
        }
        return bArr;
    }
}
