package org.apache.wss4j.dom.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.parsers.ParserConfigurationException;
import openejb.shade.org.apache.xalan.templates.Constants;
import org.apache.cxf.staxutils.PropertiesExpandingStreamReader;
import org.apache.wss4j.common.ext.Attachment;
import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.AttachmentResultCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.AttachmentUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.Serializer;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.parser.XMLParserException;
import org.apache.xml.security.utils.JavaUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/wss4j/dom/util/EncryptionUtils.class */
public final class EncryptionUtils {
    private EncryptionUtils() {
    }

    public static Element findEncryptedDataElement(Document document, WSDocInfo wSDocInfo, String str) throws WSSecurityException {
        Node node;
        Element element = wSDocInfo.getCallbackLookup().getElement(str, null, true);
        if (element == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "dataRef", new Object[]{str});
        }
        if (!element.getLocalName().equals("EncryptedHeader") || !element.getNamespaceURI().equals("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd")) {
            return element;
        }
        Node firstChild = element.getFirstChild();
        while (true) {
            node = firstChild;
            if (node == null || node.getNodeType() == 1) {
                break;
            }
            firstChild = node.getNextSibling();
        }
        return (Element) node;
    }

    public static WSDataRef decryptEncryptedData(Document document, String str, Element element, SecretKey secretKey, String str2, CallbackHandler callbackHandler) throws WSSecurityException {
        return decryptEncryptedData(document, str, element, secretKey, str2, callbackHandler, null);
    }

    public static WSDataRef decryptEncryptedData(Document document, String str, Element element, SecretKey secretKey, String str2, CallbackHandler callbackHandler, Serializer serializer) throws WSSecurityException {
        String attributeNS = element.getAttributeNS(null, "Type");
        String xOPURIFromEncryptedData = getXOPURIFromEncryptedData(element);
        if (attributeNS != null && ("http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only".equals(attributeNS) || "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete".equals(attributeNS))) {
            Element directChildElement = XMLUtils.getDirectChildElement(element, "CipherData", "http://www.w3.org/2001/04/xmlenc#");
            if (directChildElement == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
            }
            Element directChildElement2 = XMLUtils.getDirectChildElement(directChildElement, "CipherReference", "http://www.w3.org/2001/04/xmlenc#");
            if (directChildElement2 == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
            }
            return decryptAttachment(str, directChildElement2.getAttributeNS(null, "URI"), element, secretKey, str2, callbackHandler);
        }
        WSDataRef wSDataRef = new WSDataRef();
        wSDataRef.setEncryptedElement(element);
        wSDataRef.setWsuId(str);
        wSDataRef.setAlgorithm(str2);
        boolean isContent = X509Util.isContent(element);
        wSDataRef.setContent(isContent);
        Node parentNode = element.getParentNode();
        Node previousSibling = element.getPreviousSibling();
        if (isContent) {
            element = (Element) element.getParentNode();
            parentNode = element.getParentNode();
        }
        try {
            XMLCipher xMLCipher = serializer != null ? XMLCipher.getInstance(serializer, str2) : XMLCipher.getInstance(str2);
            xMLCipher.setSecureValidation(true);
            xMLCipher.init(2, secretKey);
            Node node = null;
            try {
                if (xOPURIFromEncryptedData != null) {
                    node = decryptXopAttachment(secretKey, str2, callbackHandler, xOPURIFromEncryptedData, isContent ? element : element);
                } else {
                    xMLCipher.doFinal(document, element, isContent);
                }
                if ((parentNode.getLocalName().equals("EncryptedHeader") && parentNode.getNamespaceURI().equals("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd")) || (parentNode.getLocalName().equals("EncryptedAssertion") && parentNode.getNamespaceURI().equals("urn:oasis:names:tc:SAML:2.0:assertion"))) {
                    Node firstChild = parentNode.getFirstChild();
                    parentNode.getParentNode().replaceChild(firstChild, parentNode);
                    wSDataRef.setProtectedElement((Element) firstChild);
                    wSDataRef.setXpath(getXPath(firstChild));
                } else if (isContent) {
                    wSDataRef.setProtectedElement(element);
                    wSDataRef.setXpath(getXPath(element));
                } else {
                    if (node == null) {
                        node = previousSibling == null ? parentNode.getFirstChild() : previousSibling.getNextSibling();
                    }
                    if (node != null && 1 == node.getNodeType()) {
                        wSDataRef.setProtectedElement((Element) node);
                    }
                    wSDataRef.setXpath(getXPath(node));
                }
                return wSDataRef;
            } catch (Exception e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
            }
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e2);
        }
    }

    private static String getXOPURIFromEncryptedData(Element element) {
        Element cipherValueFromEncryptedData = getCipherValueFromEncryptedData(element);
        if (cipherValueFromEncryptedData != null) {
            return getXOPURIFromCipherValue(cipherValueFromEncryptedData);
        }
        return null;
    }

    public static Element getCipherValueFromEncryptedData(Element element) {
        Element directChildElement = XMLUtils.getDirectChildElement(element, "CipherData", "http://www.w3.org/2001/04/xmlenc#");
        if (directChildElement != null) {
            return XMLUtils.getDirectChildElement(directChildElement, "CipherValue", "http://www.w3.org/2001/04/xmlenc#");
        }
        return null;
    }

    public static String getXOPURIFromCipherValue(Element element) {
        Element directChildElement;
        if (element == null || (directChildElement = XMLUtils.getDirectChildElement(element, "Include", "http://www.w3.org/2004/08/xop/include")) == null || !directChildElement.hasAttributeNS(null, Constants.ATTRNAME_HREF)) {
            return null;
        }
        return directChildElement.getAttributeNS(null, Constants.ATTRNAME_HREF);
    }

    private static WSDataRef decryptAttachment(String str, String str2, Element element, SecretKey secretKey, String str3, CallbackHandler callbackHandler) throws WSSecurityException {
        WSDataRef wSDataRef = new WSDataRef();
        wSDataRef.setWsuId(str);
        wSDataRef.setAlgorithm(str3);
        if (str2 != null) {
            try {
                if (str2.length() >= 5 && str2.startsWith("cid:")) {
                    wSDataRef.setWsuId(str2);
                    wSDataRef.setAttachment(true);
                    if (callbackHandler == null) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
                    }
                    String attachmentId = AttachmentUtils.getAttachmentId(str2);
                    AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
                    attachmentRequestCallback.setAttachmentId(attachmentId);
                    callbackHandler.handle(new Callback[]{attachmentRequestCallback});
                    List<Attachment> attachments = attachmentRequestCallback.getAttachments();
                    if (attachments == null || attachments.isEmpty() || !attachmentId.equals(attachments.get(0).getId())) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "empty", new Object[]{"Attachment not found"});
                    }
                    Attachment attachment = attachments.get(0);
                    String encAlgo = X509Util.getEncAlgo(element);
                    InputStream inputStream = AttachmentUtils.setupAttachmentDecryptionStream(encAlgo, Cipher.getInstance(JCEMapper.translateURItoJCEID(encAlgo)), secretKey, attachment.getSourceStream());
                    Attachment attachment2 = new Attachment();
                    attachment2.setId(attachment.getId());
                    attachment2.setMimeType(element.getAttributeNS(null, "MimeType"));
                    attachment2.setSourceStream(inputStream);
                    attachment2.addHeaders(attachment.getHeaders());
                    if ("http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete".equals(element.getAttributeNS(null, "Type"))) {
                        AttachmentUtils.readAndReplaceEncryptedAttachmentHeaders(attachment2.getHeaders(), inputStream);
                    }
                    AttachmentResultCallback attachmentResultCallback = new AttachmentResultCallback();
                    attachmentResultCallback.setAttachment(attachment2);
                    attachmentResultCallback.setAttachmentId(attachment2.getId());
                    callbackHandler.handle(new Callback[]{attachmentResultCallback});
                    wSDataRef.setContent(true);
                    element.getParentNode().removeChild(element);
                    return wSDataRef;
                }
            } catch (IOException | NoSuchAlgorithmException | NoSuchPaddingException | UnsupportedCallbackException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
            }
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
    }

    private static Node decryptXopAttachment(SecretKey secretKey, String str, CallbackHandler callbackHandler, String str2, Element element) throws WSSecurityException, IOException, UnsupportedCallbackException, NoSuchAlgorithmException, NoSuchPaddingException, ParserConfigurationException, XMLParserException {
        if (callbackHandler == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
        }
        String attachmentId = AttachmentUtils.getAttachmentId(str2);
        AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
        attachmentRequestCallback.setAttachmentId(attachmentId);
        callbackHandler.handle(new Callback[]{attachmentRequestCallback});
        List<Attachment> attachments = attachmentRequestCallback.getAttachments();
        if (attachments == null || attachments.isEmpty() || !attachmentId.equals(attachments.get(0).getId())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "empty", new Object[]{"Attachment not found"});
        }
        byte[] bytesFromStream = JavaUtils.getBytesFromStream(AttachmentUtils.setupAttachmentDecryptionStream(str, Cipher.getInstance(JCEMapper.translateURItoJCEID(str)), secretKey, attachments.get(0).getSourceStream()));
        Document document = null;
        try {
            document = org.apache.xml.security.utils.XMLUtils.read((InputStream) new ByteArrayInputStream(bytesFromStream), true);
        } catch (XMLParserException e) {
            if (e.getCause() instanceof SAXException) {
                document = org.apache.xml.security.utils.XMLUtils.read((InputStream) new ByteArrayInputStream(setParentPrefixes(element, new String(bytesFromStream)).getBytes()), true);
            }
        }
        Node importNode = element.getOwnerDocument().importNode(document.getDocumentElement(), true);
        element.getParentNode().appendChild(importNode);
        element.getParentNode().removeChild(element);
        return importNode;
    }

    private static String setParentPrefixes(Element element, String str) {
        Element element2 = element;
        int indexOf = str.indexOf(62);
        StringBuilder sb = new StringBuilder(str.substring(0, indexOf));
        StringBuilder sb2 = new StringBuilder(str.substring(indexOf, str.length()));
        int i = 0;
        while (element2.getParentNode() != null && i < 20 && 9 != element2.getParentNode().getNodeType()) {
            element2 = element2.getParentNode();
            NamedNodeMap attributes = element2.getAttributes();
            int length = attributes.getLength();
            for (int i2 = 0; i2 < length; i2++) {
                Node item = attributes.item(i2);
                String str2 = "xmlns:" + item.getLocalName();
                if ("http://www.w3.org/2000/xmlns/".equals(item.getNamespaceURI()) && !sb.toString().contains(str2)) {
                    sb.append(" " + (str2 + "=\"" + item.getNodeValue() + "\""));
                    i++;
                }
                if (i >= 20) {
                    break;
                }
            }
        }
        return sb.toString() + sb2.toString();
    }

    public static String getXPath(Node node) {
        String prependFullPath;
        if (node == null) {
            return null;
        }
        if (1 == node.getNodeType()) {
            prependFullPath = prependFullPath(node.getNodeName(), node.getParentNode());
        } else {
            if (2 != node.getNodeType()) {
                return null;
            }
            prependFullPath = prependFullPath(PropertiesExpandingStreamReader.DELIMITER + node.getNodeName(), ((Attr) node).getOwnerElement());
        }
        return prependFullPath;
    }

    private static String prependFullPath(String str, Node node) {
        if (node == null) {
            return null;
        }
        return 1 == node.getNodeType() ? prependFullPath(node.getNodeName() + "/" + str, node.getParentNode()) : 9 == node.getNodeType() ? "/" + str : prependFullPath(str, node.getParentNode());
    }

    public static String getDigestAlgorithm(Node node) throws WSSecurityException {
        Element directChildElement;
        Element directChildElement2 = XMLUtils.getDirectChildElement(node, "EncryptionMethod", "http://www.w3.org/2001/04/xmlenc#");
        if (directChildElement2 == null || (directChildElement = XMLUtils.getDirectChildElement(directChildElement2, "DigestMethod", "http://www.w3.org/2000/09/xmldsig#")) == null) {
            return null;
        }
        return directChildElement.getAttributeNS(null, "Algorithm");
    }

    public static String getMGFAlgorithm(Node node) throws WSSecurityException {
        Element directChildElement;
        Element directChildElement2 = XMLUtils.getDirectChildElement(node, "EncryptionMethod", "http://www.w3.org/2001/04/xmlenc#");
        if (directChildElement2 == null || (directChildElement = XMLUtils.getDirectChildElement(directChildElement2, "MGF", "http://www.w3.org/2009/xmlenc11#")) == null) {
            return null;
        }
        return directChildElement.getAttributeNS(null, "Algorithm");
    }

    public static byte[] getPSource(Node node) throws WSSecurityException {
        Element directChildElement;
        Element directChildElement2 = XMLUtils.getDirectChildElement(node, "EncryptionMethod", "http://www.w3.org/2001/04/xmlenc#");
        if (directChildElement2 == null || (directChildElement = XMLUtils.getDirectChildElement(directChildElement2, "OAEPparams", "http://www.w3.org/2001/04/xmlenc#")) == null) {
            return null;
        }
        return getDecodedBase64EncodedData(directChildElement);
    }

    public static byte[] getDecodedBase64EncodedData(Element element) throws WSSecurityException {
        String elementText = XMLUtils.getElementText(element);
        if (elementText == null) {
            return null;
        }
        return org.apache.xml.security.utils.XMLUtils.decode(elementText);
    }
}
