package org.apache.ws.security.processor;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import javax.crypto.SecretKey;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.str.SecurityTokenRefSTRParser;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/ws/security/processor/EncryptedDataProcessor.class */
public class EncryptedDataProcessor implements Processor {
    private static Log log = LogFactory.getLog(EncryptedDataProcessor.class);

    @Override // org.apache.ws.security.processor.Processor
    public List<WSSecurityEngineResult> handleToken(Element element, RequestData requestData, WSDocInfo wSDocInfo) throws WSSecurityException {
        SecretKey prepareSecretKey;
        if (log.isDebugEnabled()) {
            log.debug("Found EncryptedData element");
        }
        Element directChildElement = WSSecurityUtil.getDirectChildElement(element, WSConstants.KEYINFO_LN, WSConstants.SIG_NS);
        if (directChildElement == null) {
            throw new WSSecurityException(2, "noKeyinfo");
        }
        String encAlgo = X509Util.getEncAlgo(element);
        if (requestData.getWssConfig().isWsiBSPCompliant()) {
            checkBSPCompliance(encAlgo);
        }
        Element directChildElement2 = WSSecurityUtil.getDirectChildElement(directChildElement, "SecurityTokenReference", WSConstants.WSSE_NS);
        Element directChildElement3 = WSSecurityUtil.getDirectChildElement(directChildElement, "EncryptedKey", WSConstants.ENC_NS);
        if (element != null && requestData.isRequireSignedEncryptedDataElements()) {
            WSSecurityUtil.verifySignedElement(element, element.getOwnerDocument(), wSDocInfo.getSecurityHeader());
        }
        List<WSSecurityEngineResult> list = null;
        if (directChildElement2 != null) {
            SecurityTokenRefSTRParser securityTokenRefSTRParser = new SecurityTokenRefSTRParser();
            HashMap hashMap = new HashMap();
            hashMap.put("signature_method", encAlgo);
            securityTokenRefSTRParser.parseSecurityTokenReference(directChildElement2, requestData, wSDocInfo, hashMap);
            prepareSecretKey = WSSecurityUtil.prepareSecretKey(encAlgo, securityTokenRefSTRParser.getSecretKey());
        } else {
            if (directChildElement3 == null) {
                throw new WSSecurityException(2, "noEncKey");
            }
            list = new EncryptedKeyProcessor().handleToken(directChildElement3, requestData, wSDocInfo);
            prepareSecretKey = WSSecurityUtil.prepareSecretKey(encAlgo, (byte[]) list.get(0).get(WSSecurityEngineResult.TAG_SECRET));
        }
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(encAlgo);
            xMLCipher.setSecureValidation(true);
            xMLCipher.init(2, prepareSecretKey);
            Node previousSibling = element.getPreviousSibling();
            Node parentNode = element.getParentNode();
            try {
                xMLCipher.doFinal(element.getOwnerDocument(), element, false);
                WSDataRef wSDataRef = new WSDataRef();
                wSDataRef.setWsuId(element.getAttributeNS(null, "Id"));
                wSDataRef.setAlgorithm(encAlgo);
                wSDataRef.setContent(false);
                Node firstChild = previousSibling == null ? parentNode.getFirstChild() : previousSibling.getNextSibling();
                if (firstChild != null && 1 == firstChild.getNodeType()) {
                    wSDataRef.setProtectedElement((Element) firstChild);
                }
                wSDataRef.setXpath(ReferenceListProcessor.getXPath(firstChild));
                WSSecurityEngineResult wSSecurityEngineResult = new WSSecurityEngineResult(4, (List<WSDataRef>) Collections.singletonList(wSDataRef));
                wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_ID, element.getAttributeNS(null, "Id"));
                wSDocInfo.addResult(wSSecurityEngineResult);
                wSDocInfo.addTokenElement(element);
                if (requestData.getWssConfig() != null) {
                    Element element2 = previousSibling == null ? (Element) parentNode.getFirstChild() : (Element) previousSibling.getNextSibling();
                    Processor processor = requestData.getWssConfig().getProcessor(new QName(element2.getNamespaceURI(), element2.getLocalName()));
                    if (processor != null) {
                        if (log.isDebugEnabled()) {
                            log.debug("Processing decrypted element with: " + processor.getClass().getName());
                        }
                        List<WSSecurityEngineResult> handleToken = processor.handleToken(element2, requestData, wSDocInfo);
                        ArrayList arrayList = new ArrayList();
                        if (list != null) {
                            arrayList.addAll(list);
                        }
                        arrayList.add(wSSecurityEngineResult);
                        arrayList.addAll(0, handleToken);
                        return arrayList;
                    }
                }
                list.add(wSSecurityEngineResult);
                return list;
            } catch (Exception e) {
                throw new WSSecurityException(6, null, null, e);
            }
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(2, null, null, e2);
        }
    }

    private static void checkBSPCompliance(String str) throws WSSecurityException {
        if (str == null) {
            throw new WSSecurityException(2, "noEncAlgo");
        }
        if (!WSConstants.TRIPLE_DES.equals(str) && !WSConstants.AES_128.equals(str) && !WSConstants.AES_128_GCM.equals(str) && !WSConstants.AES_256.equals(str) && !WSConstants.AES_256_GCM.equals(str)) {
            throw new WSSecurityException(3, "badEncAlgo", new Object[]{str});
        }
    }
}
