package weblogic.wsee.security.wst.helpers;

import com.sun.xml.ws.util.DOMUtil;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.soap.SOAPException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.wsee.security.saml.SAMLCredential;
import weblogic.wsee.security.wss.plan.helper.SOAPSecurityHeaderHelper;
import weblogic.wsee.security.wst.faults.InvalidRequestException;
import weblogic.wsee.security.wst.faults.WSTFaultUtil;
import weblogic.wsee.security.wst.framework.WSTContext;
import weblogic.xml.crypto.api.KeySelector;
import weblogic.xml.crypto.api.KeySelectorResult;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.common.keyinfo.EncryptedKeyProvider;
import weblogic.xml.crypto.encrypt.api.EncryptionMethod;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionException;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionFactory;
import weblogic.xml.crypto.encrypt.api.dom.DOMDecryptContext;
import weblogic.xml.crypto.encrypt.api.keyinfo.EncryptedKey;
import weblogic.xml.crypto.encrypt.api.spec.EncryptionMethodParameterSpec;
import weblogic.xml.crypto.wss.SecurityImpl;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.xml.crypto.wss11.internal.STRType;
import weblogic.xml.crypto.wss11.internal.SecurityBuilderImpl;
import weblogic.xml.crypto.wss11.internal.WSS11Constants;
import weblogic.xml.crypto.wss11.internal.WSS11Context;
import weblogic.xml.crypto.wss11.internal.enckey.EncryptedKeyToken;

/* loaded from: input_file:weblogic/wsee/security/wst/helpers/EncryptedKeyInfoBuilder.class */
public class EncryptedKeyInfoBuilder {
    private static final Logger LOGGER = Logger.getLogger(EncryptedKeyInfoBuilder.class.getName());
    private static final boolean DEBUG = false;
    private SecurityTokenContextHandler ctxHandler;
    protected SecurityBuilderImpl securityBuilder;
    private WSS11Context securityCtx = null;
    private Element soapHeader = null;

    public EncryptedKeyInfoBuilder(WSSecurityContext wSSecurityContext, CredentialProvider credentialProvider) {
        this.securityBuilder = null;
        createWSSecurityContext(wSSecurityContext, credentialProvider);
        this.ctxHandler = new SecurityTokenContextHandler(this.securityCtx);
        this.securityBuilder = new SecurityBuilderImpl(this.securityCtx);
    }

    private void createWSSecurityContext(WSSecurityContext wSSecurityContext, CredentialProvider credentialProvider) {
        try {
            this.soapHeader = SOAPHelper.createEmptyRSTBaseMsgContext(true).getMessage().getSOAPHeader();
            this.securityCtx = new WSS11Context(this.soapHeader, null, null, null);
            transferCredntialProviders(wSSecurityContext, this.securityCtx);
            if (null != credentialProvider) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "setting CredentialProvider =" + credentialProvider.toString());
                }
                this.securityCtx.addCredentialProvider(credentialProvider);
            }
        } catch (SOAPException e) {
            WSTFaultUtil.raiseFault(new InvalidRequestException("Failed to create WSSecurityContext in trust for building EncryptedKey element."));
        }
    }

    private static void transferCredntialProviders(WSSecurityContext wSSecurityContext, WSS11Context wSS11Context) {
        Iterator it = wSSecurityContext.getCredentialProviders().values().iterator();
        while (it.hasNext()) {
            wSS11Context.setCredentialProvider((CredentialProvider) it.next());
        }
    }

    private static EncryptionMethod getEncryptionMethod(String str) throws XMLEncryptionException, InvalidAlgorithmParameterException {
        return XMLEncryptionFactory.getInstance().newEncryptionMethod(str, (Integer) null, (EncryptionMethodParameterSpec) null);
    }

    private static List getSTRTypes(QName qName, String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new STRType(qName, str));
        return arrayList;
    }

    public Node getEncryptedKeyNode(WSTContext wSTContext) throws WSSecurityException {
        try {
            try {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Getting Encrypted Key Node for SAML Issued Token .........");
                }
                Key encryptedKeyToken = this.securityBuilder.getEncryptedKeyToken(getEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"), getEncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes256-cbc"), WSSConstants.VALUE_TYPE_X509V3, getSTRTypes(WSSConstants.KEY_IDENTIFIER_QNAME, WSS11Constants.THUMBPRINT_URI), null, true, this.ctxHandler);
                if (null == encryptedKeyToken) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Unable to get EncryptedKey for tokenType =" + WSSConstants.VALUE_TYPE_X509V3);
                    }
                    return null;
                }
                if (null == ((EncryptedKeyToken) this.securityCtx.getSecurityTokens(WSS11Constants.ENC_KEY_TOKEN_TYPE).get(0))) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Unable to build EncryptedKeyToken for tokenType =http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                    }
                    this.securityCtx = null;
                    this.securityBuilder = null;
                    this.soapHeader = null;
                    this.ctxHandler = null;
                    return null;
                }
                wSTContext.setSymmetricKey(encryptedKeyToken);
                debugKey(encryptedKeyToken, "Created symmetricKey from EncryptedKey for wstCtx ");
                Node buildEncryptedKeyInfoNode = buildEncryptedKeyInfoNode();
                this.securityCtx = null;
                this.securityBuilder = null;
                this.soapHeader = null;
                this.ctxHandler = null;
                return buildEncryptedKeyInfoNode;
            } catch (WSSecurityException e) {
                throw e;
            } catch (Exception e2) {
                throw new WSSecurityException(e2);
            }
        } finally {
            this.securityCtx = null;
            this.securityBuilder = null;
            this.soapHeader = null;
            this.ctxHandler = null;
        }
    }

    public static void debugKey(Key key, String str) {
        if (LOGGER.isLoggable(Level.FINE)) {
            if (key == null) {
                LOGGER.log(Level.FINE, str + " key is null");
            } else {
                LOGGER.log(Level.FINE, "Key for " + str + " Algo =" + key.getAlgorithm() + " Format = " + key.getFormat());
            }
        }
    }

    private Node buildEncryptedKeyInfoNode() throws Exception {
        Element firstChildElement = SOAPSecurityHeaderHelper.getFirstChildElement(this.soapHeader, SecurityImpl.ENCRYPTED_KEY_QNAME);
        Element createElementNS = DOMUtil.createDom().createElementNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
        createElementNS.setPrefix("sig");
        if (null != firstChildElement) {
            createElementNS.appendChild(createElementNS.getOwnerDocument().importNode(firstChildElement, true));
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Unable to find EncryptedKey element!!!!!");
        }
        return createElementNS;
    }

    public static void processEncryptedKey(SAMLCredential sAMLCredential, MessageContext messageContext) throws WSSecurityException, MarshalException {
        if (null == sAMLCredential || null == messageContext) {
            throw new IllegalArgumentException("Null SAMLCredential = " + (null == sAMLCredential) + " MessageContext msgCtx = null  is " + (null == messageContext));
        }
        Element encryptedKey = sAMLCredential.getEncryptedKey();
        WSSecurityContext wSSecurityContext = (WSSecurityContext) messageContext.getProperty(WSSecurityContext.WS_SECURITY_CONTEXT);
        if (null == encryptedKey || null == wSSecurityContext) {
            throw new IllegalArgumentException("Null EncryptedKey element = " + (null == encryptedKey) + " WSSecurityContext securityCtx = null  " + (null == wSSecurityContext));
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Processing EncryptedKey element to get EncryptedKeyProvider ");
        }
        DOMDecryptContext dOMDecryptContext = new DOMDecryptContext(wSSecurityContext.getKeySelector(), encryptedKey);
        dOMDecryptContext.setProperty(WSSecurityContext.MESSAGE_CONTEXT, messageContext);
        dOMDecryptContext.setProperty(WSSecurityContext.WS_SECURITY_CONTEXT, wSSecurityContext);
        try {
            EncryptedKeyProvider encryptedKeyProvider = new EncryptedKeyProvider((EncryptedKey) wSSecurityContext.getEncryptionFactory().unmarshalEncryptedType(dOMDecryptContext), dOMDecryptContext);
            sAMLCredential.setEncryptedKeyProvider(encryptedKeyProvider);
            KeySelectorResult key = encryptedKeyProvider.getKey("http://www.w3.org/2000/09/xmldsig#hmac-sha1", KeySelector.Purpose.VERIFY);
            sAMLCredential.setSymmetircKey(key.getKey());
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "set EncryptedKeyProvider in SAMLCrential");
            }
            debugKey(key.getKey(), "Set symmetricKey from input EncryptedKey into SAML Credentail");
        } catch (XMLEncryptionException e) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "XMLEncryptionException  when getting EncryptedKeyProvider from EncryptedKey ", (Throwable) e);
            }
            throw new WSSecurityException(e, WSSConstants.FAILURE_INVALID);
        }
    }
}
