package ee.sk.xmlenc;

import ee.sk.digidoc.Base64Util;
import ee.sk.digidoc.DigiDocException;
import ee.sk.utils.ConvertUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.crypto.Cipher;
import org.apache.log4j.Logger;

/* loaded from: input_file:ee/sk/xmlenc/EncryptedKey.class */
public class EncryptedKey implements Serializable {
    private static final long serialVersionUID = 1;
    private String m_id;
    private String m_recipient;
    private String m_encryptionMethod;
    private String m_keyName;
    private String m_carriedKeyName;
    private X509Certificate m_recipientsCert;
    private byte[] m_transportKeyData;
    private static Logger m_logger = Logger.getLogger(EncryptedKey.class);

    public EncryptedKey(X509Certificate x509Certificate) throws DigiDocException {
        setId(null);
        setRecipient(null);
        setEncryptionMethod(EncryptedData.DENC_ENC_METHOD_RSA1_5);
        setKeyName(null);
        setCarriedKeyName(null);
        setRecipientsCertificate(x509Certificate);
        this.m_transportKeyData = null;
    }

    public EncryptedKey() {
        m_logger = Logger.getLogger(EncryptedKey.class);
        setId(null);
        setRecipient(null);
        this.m_encryptionMethod = null;
        setKeyName(null);
        setCarriedKeyName(null);
        this.m_recipientsCert = null;
        this.m_transportKeyData = null;
    }

    public EncryptedKey(String str, String str2, String str3, String str4, String str5, X509Certificate x509Certificate) throws DigiDocException {
        setId(str);
        setRecipient(str2);
        setEncryptionMethod(str3);
        setKeyName(str4);
        setCarriedKeyName(str5);
        setRecipientsCertificate(x509Certificate);
        this.m_transportKeyData = null;
    }

    public byte[] getTransportKeyData() {
        return this.m_transportKeyData;
    }

    public void setTransportKeyData(byte[] bArr) {
        this.m_transportKeyData = bArr;
    }

    public String getId() {
        return this.m_id;
    }

    public void setId(String str) {
        this.m_id = str;
    }

    public String getRecipient() {
        return this.m_recipient;
    }

    public void setRecipient(String str) {
        this.m_recipient = str;
    }

    public String getEncryptionMethod() {
        return this.m_encryptionMethod;
    }

    public void setEncryptionMethod(String str) throws DigiDocException {
        String str2 = str;
        if (str2 != null && str2.equals(EncryptedData.DENC_ENC_METHOD_RSA1_5_BUGGY)) {
            str2 = EncryptedData.DENC_ENC_METHOD_RSA1_5;
        }
        DigiDocException validateEncryptionMethod = validateEncryptionMethod(str2);
        if (validateEncryptionMethod != null) {
            throw validateEncryptionMethod;
        }
        this.m_encryptionMethod = str2;
    }

    private DigiDocException validateEncryptionMethod(String str) {
        DigiDocException digiDocException = null;
        if (str == null || !str.equals(EncryptedData.DENC_ENC_METHOD_RSA1_5)) {
            digiDocException = new DigiDocException(DigiDocException.ERR_XMLENC_ENCKEY_ENCRYPTION_METHOD, "EncryptionMethod atribute is required and currently the only supported value is: http://www.w3.org/2001/04/xmlenc#rsa-1_5", null);
        }
        return digiDocException;
    }

    public String getKeyName() {
        return this.m_keyName;
    }

    public void setKeyName(String str) {
        this.m_keyName = str;
    }

    public String getCarriedKeyName() {
        return this.m_carriedKeyName;
    }

    public void setCarriedKeyName(String str) {
        this.m_carriedKeyName = str;
    }

    public X509Certificate getRecipientsCertificate() {
        return this.m_recipientsCert;
    }

    public void setRecipientsCertificate(X509Certificate x509Certificate) throws DigiDocException {
        DigiDocException validateRecipientsCertificate = validateRecipientsCertificate(x509Certificate);
        if (validateRecipientsCertificate != null) {
            throw validateRecipientsCertificate;
        }
        this.m_recipientsCert = x509Certificate;
    }

    private DigiDocException validateRecipientsCertificate(X509Certificate x509Certificate) {
        DigiDocException digiDocException = null;
        if (x509Certificate == null) {
            digiDocException = new DigiDocException(DigiDocException.ERR_XMLENC_ENCKEY_CERT, "RecipientsCertificate atribute is required", null);
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null || keyUsage.length < 2 || !keyUsage[2]) {
            digiDocException = new DigiDocException(DigiDocException.ERR_XMLENC_ENCKEY_CERT, "RecipientsCertificate is not suitable for encryption - keyEncipherment flag not set!", null);
        }
        return digiDocException;
    }

    public void encryptKey(EncryptedData encryptedData) throws DigiDocException {
        if (encryptedData.getTransportKey() == null) {
            throw new DigiDocException(DigiDocException.ERR_XMLENC_KEY_STATUS, "Transport key has not been initialized!", null);
        }
        if (this.m_recipientsCert == null) {
            throw new DigiDocException(DigiDocException.ERR_XMLENC_KEY_STATUS, "Recipients certificate has not been initialized!", null);
        }
        try {
            Cipher cipher = Cipher.getInstance(EncryptedData.DIGIDOC_KEY_ALOGORITHM, EncryptedData.DIGIDOC_SECURITY_PROVIDER_NAME);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("EncryptKey - algorithm: " + cipher.getAlgorithm());
            }
            cipher.init(3, this.m_recipientsCert.getPublicKey());
            this.m_transportKeyData = cipher.wrap(encryptedData.getTransportKey());
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("EncryptKey - data: " + (this.m_transportKeyData == null ? 0 : this.m_transportKeyData.length));
            }
        } catch (Exception e) {
            DigiDocException.handleException(e, DigiDocException.ERR_XMLENC_KEY_ENCRYPT);
        }
    }

    public byte[] toXML() throws DigiDocException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(ConvertUtils.str2data("<denc:EncryptedKey"));
            if (this.m_id != null) {
                byteArrayOutputStream.write(ConvertUtils.str2data(" Id=\"" + this.m_id + "\""));
            }
            if (this.m_recipient != null) {
                byteArrayOutputStream.write(ConvertUtils.str2data(" Recipient=\"" + this.m_recipient + "\""));
            }
            byteArrayOutputStream.write(ConvertUtils.str2data(">"));
            byteArrayOutputStream.write(ConvertUtils.str2data("<denc:EncryptionMethod Algorithm=\""));
            byteArrayOutputStream.write(ConvertUtils.str2data(this.m_encryptionMethod));
            byteArrayOutputStream.write(ConvertUtils.str2data("\"></denc:EncryptionMethod>"));
            byteArrayOutputStream.write(ConvertUtils.str2data("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">"));
            if (this.m_keyName != null) {
                byteArrayOutputStream.write(ConvertUtils.str2data("<ds:KeyName>"));
                byteArrayOutputStream.write(ConvertUtils.str2data(this.m_keyName));
                byteArrayOutputStream.write(ConvertUtils.str2data("</ds:KeyName>"));
            }
            byteArrayOutputStream.write(ConvertUtils.str2data("<ds:X509Data><ds:X509Certificate>"));
            try {
                byteArrayOutputStream.write(ConvertUtils.str2data(Base64Util.encode(this.m_recipientsCert.getEncoded(), 64)));
            } catch (CertificateEncodingException e) {
                DigiDocException.handleException(e, 74);
            }
            byteArrayOutputStream.write(ConvertUtils.str2data("</ds:X509Certificate></ds:X509Data>"));
            byteArrayOutputStream.write(ConvertUtils.str2data("</ds:KeyInfo>"));
            byteArrayOutputStream.write(ConvertUtils.str2data("<denc:CipherData><denc:CipherValue>"));
        } catch (IOException e2) {
            DigiDocException.handleException(e2, 89);
        }
        if (this.m_transportKeyData == null) {
            throw new DigiDocException(DigiDocException.ERR_XMLENC_KEY_STATUS, "Invalid transport key status for transport!", null);
        }
        byteArrayOutputStream.write(ConvertUtils.str2data(Base64Util.encode(this.m_transportKeyData, 64)));
        byteArrayOutputStream.write(ConvertUtils.str2data("</denc:CipherValue></denc:CipherData>"));
        if (this.m_carriedKeyName != null) {
            byteArrayOutputStream.write(ConvertUtils.str2data("<denc:CarriedKeyName>"));
            byteArrayOutputStream.write(ConvertUtils.str2data(this.m_carriedKeyName));
            byteArrayOutputStream.write(ConvertUtils.str2data("</denc:CarriedKeyName>"));
        }
        byteArrayOutputStream.write(ConvertUtils.str2data("</denc:EncryptedKey>"));
        return byteArrayOutputStream.toByteArray();
    }

    public ArrayList validate() {
        ArrayList arrayList = new ArrayList();
        DigiDocException validateEncryptionMethod = validateEncryptionMethod(this.m_encryptionMethod);
        if (validateEncryptionMethod != null) {
            arrayList.add(validateEncryptionMethod);
        }
        DigiDocException validateRecipientsCertificate = validateRecipientsCertificate(this.m_recipientsCert);
        if (validateRecipientsCertificate != null) {
            arrayList.add(validateRecipientsCertificate);
        }
        return arrayList;
    }

    public String toString() {
        String str = null;
        try {
            str = new String(toXML());
        } catch (Exception e) {
        }
        return str;
    }
}
