package org.jboss.ws.extensions.security.operation;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.xml.namespace.QName;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.jboss.remoting.marshal.encryption.EncryptionManager;
import org.jboss.util.NotImplementedException;
import org.jboss.ws.extensions.security.QNameTarget;
import org.jboss.ws.extensions.security.SecurityStore;
import org.jboss.ws.extensions.security.SignatureKeysAssociation;
import org.jboss.ws.extensions.security.Target;
import org.jboss.ws.extensions.security.Util;
import org.jboss.ws.extensions.security.element.EncryptedKey;
import org.jboss.ws.extensions.security.element.Reference;
import org.jboss.ws.extensions.security.element.ReferenceList;
import org.jboss.ws.extensions.security.element.SecurityHeader;
import org.jboss.ws.extensions.security.element.X509Token;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/jbossws-native-core-3.0.5.GA.jar:org/jboss/ws/extensions/security/operation/EncryptionOperation.class */
public class EncryptionOperation implements EncodingOperation {
    private List<Target> targets;
    private String alias;
    private String algorithm;
    private String wrap;
    private String tokenRefType;
    private static HashMap<String, Algorithm> algorithms = new HashMap<>(4);
    private static final String DEFAULT_ALGORITHM = "aes-128";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jbossws-native-core-3.0.5.GA.jar:org/jboss/ws/extensions/security/operation/EncryptionOperation$Algorithm.class */
    public static class Algorithm {
        public String jceName;
        public String xmlName;
        public int size;

        Algorithm(String str, String str2, int i) {
            this.jceName = str;
            this.xmlName = str2;
            this.size = i;
        }
    }

    public EncryptionOperation(List<Target> list, String str, String str2, String str3, String str4) {
        this.targets = list;
        this.alias = str;
        this.algorithm = str2;
        this.wrap = str3;
        this.tokenRefType = str4;
    }

    private void processTarget(XMLCipher xMLCipher, Document document, Target target, ReferenceList referenceList, SecretKey secretKey) throws WSSecurityException {
        if (!(target instanceof QNameTarget)) {
            throw new NotImplementedException();
        }
        QName name = ((QNameTarget) target).getName();
        Element findElement = Util.findElement(document.getDocumentElement(), name);
        if (findElement == null) {
            throw new RuntimeException("Could not find element");
        }
        Util.assignWsuId(findElement);
        try {
            xMLCipher.init(1, secretKey);
            EncryptedData encryptedData = xMLCipher.getEncryptedData();
            String generateId = Util.generateId("encrypted");
            encryptedData.setId(generateId);
            referenceList.add(generateId);
            xMLCipher.doFinal(document, findElement, target.isContent());
        } catch (Exception e) {
            throw new WSSecurityException("Error encrypting target: " + name, e);
        }
    }

    public SecretKey getSecretKey(String str) throws WSSecurityException {
        Algorithm algorithm = algorithms.get(str);
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(algorithm.jceName);
            keyGenerator.init(algorithm.size);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(e.getMessage());
        }
    }

    @Override // org.jboss.ws.extensions.security.operation.EncodingOperation
    public void process(Document document, SecurityHeader securityHeader, SecurityStore securityStore) throws WSSecurityException {
        if (!algorithms.containsKey(this.algorithm)) {
            this.algorithm = DEFAULT_ALGORITHM;
        }
        SecretKey secretKey = getSecretKey(this.algorithm);
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(algorithms.get(this.algorithm).xmlName);
            xMLCipher.init(1, secretKey);
            ReferenceList referenceList = new ReferenceList();
            if (this.targets == null || this.targets.size() == 0) {
                processTarget(xMLCipher, document, new QNameTarget(new QName(document.getDocumentElement().getNamespaceURI(), "Body"), true), referenceList, secretKey);
            } else {
                Iterator<Target> it = this.targets.iterator();
                while (it.hasNext()) {
                    processTarget(xMLCipher, document, it.next(), referenceList, secretKey);
                }
            }
            X509Certificate certificate = getCertificate(securityStore, this.alias);
            X509Token x509Token = (X509Token) securityHeader.getSharedToken(certificate);
            if (x509Token == null) {
                x509Token = new X509Token(certificate, document);
                if (this.tokenRefType == null || Reference.DIRECT_REFERENCE.equals(this.tokenRefType)) {
                    securityHeader.addToken(x509Token);
                }
            }
            securityHeader.addSecurityProcess(new EncryptedKey(document, secretKey, x509Token, referenceList, this.wrap, this.tokenRefType));
        } catch (XMLSecurityException e) {
            throw new WSSecurityException("Error initializing xml cipher" + e.getMessage(), e);
        }
    }

    private X509Certificate getCertificate(SecurityStore securityStore, String str) throws WSSecurityException {
        X509Certificate x509Certificate = null;
        if (str != null) {
            x509Certificate = securityStore.getCertificate(str);
            if (x509Certificate == null) {
                throw new WSSecurityException("Cannot load certificate from keystore; alias = " + str);
            }
        } else {
            List<PublicKey> publicKeys = SignatureKeysAssociation.getPublicKeys();
            if (publicKeys != null && publicKeys.size() == 1) {
                x509Certificate = securityStore.getCertificateByPublicKey(publicKeys.iterator().next());
            }
            if (x509Certificate == null) {
                throw new WSSecurityException("Cannot get the certificate for message encryption! Verify the keystore contents, considering the certificate is obtained through the alias specified in the encrypt configuration element or (server side only) through a single key used to sign the incoming message.");
            }
        }
        return x509Certificate;
    }

    public static boolean probeUnlimitedCrypto() throws WSSecurityException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(EncryptionManager.AES);
            keyGenerator.init(256);
            Cipher.getInstance(EncryptionManager.AES).init(1, keyGenerator.generateKey());
            Cipher.getInstance(EncryptionManager.BLOWFISH).init(1, KeyGenerator.getInstance(EncryptionManager.BLOWFISH).generateKey());
            return true;
        } catch (InvalidKeyException e) {
            return false;
        } catch (Exception e2) {
            throw new WSSecurityException("Error probing cryptographic permissions", e2);
        }
    }

    static {
        algorithms.put(DEFAULT_ALGORITHM, new Algorithm(EncryptionManager.AES, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128));
        algorithms.put("aes-192", new Algorithm(EncryptionManager.AES, "http://www.w3.org/2001/04/xmlenc#aes192-cbc", 192));
        algorithms.put("aes-256", new Algorithm(EncryptionManager.AES, "http://www.w3.org/2001/04/xmlenc#aes256-cbc", 256));
        algorithms.put("tripledes", new Algorithm("TripleDes", "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", 168));
    }
}
