package org.apache.wss4j.dom.message;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.Collections;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.DOMX509Data;
import org.apache.wss4j.common.token.DOMX509IssuerSerial;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/dom/message/WSSecEncryptedKey.class */
public class WSSecEncryptedKey extends WSSecBase {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) WSSecEncryptedKey.class);
    protected byte[] encryptedEphemeralKey;
    private byte[] ephemeralKey;
    protected SecretKey symmetricKey;
    private String keyEncAlgo;
    private String symEncAlgo;
    private String digestAlgo;
    private String mgfAlgo;
    private Element encryptedKeyElement;
    private String encKeyId;
    private BinarySecurity bstToken;
    private X509Certificate useThisCert;
    private PublicKey useThisPublicKey;
    private String customEKTokenValueType;
    private String customEKTokenId;
    private boolean bstAddedToSecurityHeader;
    private boolean includeEncryptionToken;
    private Element customEKKeyInfoElement;
    private Provider provider;

    public WSSecEncryptedKey(WSSecHeader wSSecHeader) {
        super(wSSecHeader);
        this.keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
        this.symEncAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    }

    public WSSecEncryptedKey(Document document) {
        this(document, null);
    }

    public WSSecEncryptedKey(Document document, Provider provider) {
        super(document);
        this.keyEncAlgo = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
        this.symEncAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
        this.provider = provider;
    }

    public void setUserInfo(String str) {
        this.user = str;
    }

    public String getId() {
        return this.encKeyId;
    }

    public void clean() {
        this.ephemeralKey = null;
        this.symmetricKey = null;
        this.encryptedEphemeralKey = null;
    }

    public void prepare(Crypto crypto) throws WSSecurityException {
        if (this.symmetricKey == null) {
            if (this.ephemeralKey != null) {
                this.symmetricKey = KeyUtils.prepareSecretKey(this.symEncAlgo, this.ephemeralKey);
            } else {
                this.symmetricKey = KeyUtils.getKeyGenerator(this.symEncAlgo).generateKey();
                this.ephemeralKey = this.symmetricKey.getEncoded();
            }
        }
        if (this.encryptedEphemeralKey != null) {
            prepareInternal(this.symmetricKey);
            return;
        }
        if (this.useThisPublicKey != null) {
            prepareInternal(this.symmetricKey, this.useThisPublicKey, crypto);
            return;
        }
        X509Certificate x509Certificate = this.useThisCert;
        if (x509Certificate == null) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            cryptoType.setAlias(this.user);
            if (crypto == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates == null || x509Certificates.length <= 0) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            x509Certificate = x509Certificates[0];
        }
        prepareInternal(this.symmetricKey, x509Certificate, crypto);
    }

    private void encryptSymmetricKey(PublicKey publicKey, SecretKey secretKey) throws WSSecurityException {
        Cipher cipherInstance = KeyUtils.getCipherInstance(this.keyEncAlgo);
        try {
            OAEPParameterSpec oAEPParameterSpec = null;
            if ("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(this.keyEncAlgo) || "http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(this.keyEncAlgo)) {
                String translateURItoJCEID = this.digestAlgo != null ? JCEMapper.translateURItoJCEID(this.digestAlgo) : "SHA-1";
                MGF1ParameterSpec mGF1ParameterSpec = new MGF1ParameterSpec("SHA-1");
                if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(this.keyEncAlgo)) {
                    if ("http://www.w3.org/2009/xmlenc11#mgf1sha224".equals(this.mgfAlgo)) {
                        mGF1ParameterSpec = new MGF1ParameterSpec("SHA-224");
                    } else if ("http://www.w3.org/2009/xmlenc11#mgf1sha256".equals(this.mgfAlgo)) {
                        mGF1ParameterSpec = new MGF1ParameterSpec("SHA-256");
                    } else if ("http://www.w3.org/2009/xmlenc11#mgf1sha384".equals(this.mgfAlgo)) {
                        mGF1ParameterSpec = new MGF1ParameterSpec("SHA-384");
                    } else if ("http://www.w3.org/2009/xmlenc11#mgf1sha512".equals(this.mgfAlgo)) {
                        mGF1ParameterSpec = new MGF1ParameterSpec("SHA-512");
                    }
                }
                oAEPParameterSpec = new OAEPParameterSpec(translateURItoJCEID, "MGF1", mGF1ParameterSpec, PSource.PSpecified.DEFAULT);
            }
            if (oAEPParameterSpec == null) {
                cipherInstance.init(3, publicKey);
            } else {
                cipherInstance.init(3, publicKey, oAEPParameterSpec);
            }
            LOG.debug("cipher blksize: {}", Integer.valueOf(cipherInstance.getBlockSize()));
            try {
                this.encryptedEphemeralKey = cipherInstance.wrap(secretKey);
            } catch (IllegalStateException | InvalidKeyException | IllegalBlockSizeException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Failed to find 'out' block for switch in B:16:0x0077. Please report as an issue. */
    public void prepareInternal(SecretKey secretKey, X509Certificate x509Certificate, Crypto crypto) throws WSSecurityException {
        encryptSymmetricKey(x509Certificate.getPublicKey(), secretKey);
        this.encryptedKeyElement = createEncryptedKey(getDocument(), this.keyEncAlgo);
        if (this.encKeyId == null || "".equals(this.encKeyId)) {
            this.encKeyId = IDGenerator.generateID("EK-");
        }
        this.encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);
        if (this.customEKKeyInfoElement == null) {
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(getDocument());
            switch (this.keyIdentifierType) {
                case 1:
                    Reference reference = new Reference(getDocument());
                    String generateID = IDGenerator.generateID(null);
                    reference.setURI("#" + generateID);
                    this.bstToken = new X509Security(getDocument());
                    ((X509Security) this.bstToken).setX509Certificate(x509Certificate);
                    this.bstToken.setID(generateID);
                    reference.setValueType(this.bstToken.getValueType());
                    securityTokenReference.setReference(reference);
                    Element createElementNS = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                    createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                    createElementNS.appendChild(securityTokenReference.getElement());
                    this.encryptedKeyElement.appendChild(createElementNS);
                    break;
                case 2:
                    securityTokenReference.setUnknownElement(new DOMX509Data(getDocument(), new DOMX509IssuerSerial(getDocument(), x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber())).getElement());
                    if (this.includeEncryptionToken) {
                        addBST(x509Certificate);
                    }
                    Element createElementNS2 = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                    createElementNS2.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                    createElementNS2.appendChild(securityTokenReference.getElement());
                    this.encryptedKeyElement.appendChild(createElementNS2);
                    break;
                case 3:
                    securityTokenReference.setKeyIdentifier(x509Certificate);
                    Element createElementNS22 = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                    createElementNS22.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                    createElementNS22.appendChild(securityTokenReference.getElement());
                    this.encryptedKeyElement.appendChild(createElementNS22);
                    break;
                case 4:
                    securityTokenReference.setKeyIdentifierSKI(x509Certificate, crypto);
                    if (this.includeEncryptionToken) {
                        addBST(x509Certificate);
                    }
                    Element createElementNS222 = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                    createElementNS222.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                    createElementNS222.appendChild(securityTokenReference.getElement());
                    this.encryptedKeyElement.appendChild(createElementNS222);
                    break;
                case 5:
                case 6:
                case 7:
                default:
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedKeyId");
                case 8:
                case 10:
                    securityTokenReference.setKeyIdentifierThumb(x509Certificate);
                    if (this.includeEncryptionToken) {
                        addBST(x509Certificate);
                    }
                    Element createElementNS2222 = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                    createElementNS2222.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                    createElementNS2222.appendChild(securityTokenReference.getElement());
                    this.encryptedKeyElement.appendChild(createElementNS2222);
                    break;
                case 9:
                    Reference reference2 = new Reference(getDocument());
                    if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                        reference2.setValueType(this.customEKTokenValueType);
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                        reference2.setValueType(this.customEKTokenValueType);
                    } else {
                        reference2.setValueType(this.customEKTokenValueType);
                    }
                    reference2.setURI("#" + this.customEKTokenId);
                    securityTokenReference.setReference(reference2);
                    Element createElementNS22222 = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                    createElementNS22222.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                    createElementNS22222.appendChild(securityTokenReference.getElement());
                    this.encryptedKeyElement.appendChild(createElementNS22222);
                    break;
                case 11:
                    Reference reference3 = new Reference(getDocument());
                    if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                        reference3.setValueType(this.customEKTokenValueType);
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                        reference3.setValueType(this.customEKTokenValueType);
                    } else {
                        reference3.setValueType(this.customEKTokenValueType);
                    }
                    reference3.setURI(this.customEKTokenId);
                    securityTokenReference.setReference(reference3);
                    Element createElementNS222222 = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                    createElementNS222222.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                    createElementNS222222.appendChild(securityTokenReference.getElement());
                    this.encryptedKeyElement.appendChild(createElementNS222222);
                    break;
                case 12:
                    securityTokenReference.setKeyIdentifier(this.customEKTokenValueType, this.customEKTokenId);
                    if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                    }
                    Element createElementNS2222222 = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                    createElementNS2222222.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                    createElementNS2222222.appendChild(securityTokenReference.getElement());
                    this.encryptedKeyElement.appendChild(createElementNS2222222);
                    break;
            }
        } else {
            this.encryptedKeyElement.appendChild(getDocument().adoptNode(this.customEKKeyInfoElement));
        }
        Element createCipherValue = createCipherValue(getDocument(), this.encryptedKeyElement);
        if (!this.storeBytesInAttachment) {
            createCipherValue.appendChild(WSSecurityUtil.createBase64EncodedTextNode(getDocument(), this.encryptedEphemeralKey));
        } else {
            WSSecurityUtil.storeBytesInAttachment(createCipherValue, getDocument(), getIdAllocator().createId("", getDocument()), this.encryptedEphemeralKey, this.attachmentCallbackHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void prepareInternal(SecretKey secretKey, PublicKey publicKey, Crypto crypto) throws WSSecurityException {
        XMLSignatureFactory xMLSignatureFactory;
        encryptSymmetricKey(publicKey, secretKey);
        this.encryptedKeyElement = createEncryptedKey(getDocument(), this.keyEncAlgo);
        if (this.encKeyId == null || "".equals(this.encKeyId)) {
            this.encKeyId = IDGenerator.generateID("EK-");
        }
        this.encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);
        if (this.customEKKeyInfoElement != null) {
            this.encryptedKeyElement.appendChild(getDocument().adoptNode(this.customEKKeyInfoElement));
        } else {
            SecurityTokenReference securityTokenReference = null;
            switch (this.keyIdentifierType) {
                case 9:
                    securityTokenReference = new SecurityTokenReference(getDocument());
                    Reference reference = new Reference(getDocument());
                    if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                        reference.setValueType(this.customEKTokenValueType);
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                        reference.setValueType(this.customEKTokenValueType);
                    } else {
                        reference.setValueType(this.customEKTokenValueType);
                    }
                    reference.setURI("#" + this.customEKTokenId);
                    securityTokenReference.setReference(reference);
                    break;
                case 10:
                default:
                    try {
                        if (this.provider == null) {
                            try {
                                xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
                            } catch (NoSuchProviderException e) {
                                xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
                            }
                        } else {
                            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", this.provider);
                        }
                        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
                        keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue(publicKey)), getIdAllocator().createSecureId("KI-", null)).marshal(new DOMStructure(this.encryptedKeyElement), (XMLCryptoContext) null);
                        break;
                    } catch (KeyException | MarshalException e2) {
                        LOG.error("", (Throwable) e2);
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e2);
                    }
                case 11:
                    securityTokenReference = new SecurityTokenReference(getDocument());
                    Reference reference2 = new Reference(getDocument());
                    if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                        reference2.setValueType(this.customEKTokenValueType);
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                        reference2.setValueType(this.customEKTokenValueType);
                    } else {
                        reference2.setValueType(this.customEKTokenValueType);
                    }
                    reference2.setURI(this.customEKTokenId);
                    securityTokenReference.setReference(reference2);
                    break;
                case 12:
                    securityTokenReference = new SecurityTokenReference(getDocument());
                    securityTokenReference.setKeyIdentifier(this.customEKTokenValueType, this.customEKTokenId);
                    if (!"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                        if (!"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                            if (!"http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                                if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1".equals(this.customEKTokenValueType)) {
                                    securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                                    break;
                                }
                            } else {
                                securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                                break;
                            }
                        } else {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                            break;
                        }
                    } else {
                        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                        break;
                    }
                    break;
            }
            if (securityTokenReference != null) {
                Element createElementNS = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                createElementNS.appendChild(securityTokenReference.getElement());
                this.encryptedKeyElement.appendChild(createElementNS);
            }
        }
        Element createCipherValue = createCipherValue(getDocument(), this.encryptedKeyElement);
        if (!this.storeBytesInAttachment) {
            createCipherValue.appendChild(WSSecurityUtil.createBase64EncodedTextNode(getDocument(), this.encryptedEphemeralKey));
        } else {
            WSSecurityUtil.storeBytesInAttachment(createCipherValue, getDocument(), getIdAllocator().createId("", getDocument()), this.encryptedEphemeralKey, this.attachmentCallbackHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Failed to find 'out' block for switch in B:22:0x0088. Please report as an issue. */
    public void prepareInternal(SecretKey secretKey) throws WSSecurityException {
        this.encryptedKeyElement = createEncryptedKey(getDocument(), this.keyEncAlgo);
        if (this.encKeyId == null || "".equals(this.encKeyId)) {
            this.encKeyId = IDGenerator.generateID("EK-");
        }
        this.encryptedKeyElement.setAttributeNS(null, "Id", this.encKeyId);
        if (this.customEKKeyInfoElement == null) {
            if (this.keyIdentifierType == 9 || this.keyIdentifierType == 11 || this.keyIdentifierType == 12) {
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(getDocument());
                switch (this.keyIdentifierType) {
                    case 9:
                        Reference reference = new Reference(getDocument());
                        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                            reference.setValueType(this.customEKTokenValueType);
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                            reference.setValueType(this.customEKTokenValueType);
                        } else {
                            reference.setValueType(this.customEKTokenValueType);
                        }
                        reference.setURI("#" + this.customEKTokenId);
                        securityTokenReference.setReference(reference);
                        Element createElementNS = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                        createElementNS.appendChild(securityTokenReference.getElement());
                        this.encryptedKeyElement.appendChild(createElementNS);
                        break;
                    case 10:
                    default:
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedKeyId");
                    case 11:
                        Reference reference2 = new Reference(getDocument());
                        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                            reference2.setValueType(this.customEKTokenValueType);
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                            reference2.setValueType(this.customEKTokenValueType);
                        } else {
                            reference2.setValueType(this.customEKTokenValueType);
                        }
                        reference2.setURI(this.customEKTokenId);
                        securityTokenReference.setReference(reference2);
                        Element createElementNS2 = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                        createElementNS2.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                        createElementNS2.appendChild(securityTokenReference.getElement());
                        this.encryptedKeyElement.appendChild(createElementNS2);
                        break;
                    case 12:
                        securityTokenReference.setKeyIdentifier(this.customEKTokenValueType, this.customEKTokenId);
                        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1".equals(this.customEKTokenValueType)) {
                            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                        }
                        Element createElementNS22 = getDocument().createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                        createElementNS22.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                        createElementNS22.appendChild(securityTokenReference.getElement());
                        this.encryptedKeyElement.appendChild(createElementNS22);
                        break;
                }
            }
        } else {
            this.encryptedKeyElement.appendChild(getDocument().adoptNode(this.customEKKeyInfoElement));
        }
        Element createCipherValue = createCipherValue(getDocument(), this.encryptedKeyElement);
        if (!this.storeBytesInAttachment) {
            createCipherValue.appendChild(WSSecurityUtil.createBase64EncodedTextNode(getDocument(), this.encryptedEphemeralKey));
        } else {
            WSSecurityUtil.storeBytesInAttachment(createCipherValue, getDocument(), getIdAllocator().createId("", getDocument()), this.encryptedEphemeralKey, this.attachmentCallbackHandler);
        }
    }

    private void addBST(X509Certificate x509Certificate) throws WSSecurityException {
        this.bstToken = new X509Security(getDocument());
        ((X509Security) this.bstToken).setX509Certificate(x509Certificate);
        this.bstAddedToSecurityHeader = false;
        this.bstToken.setID(IDGenerator.generateID(null));
    }

    protected Element createEncryptedKey(Document document, String str) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptedKey");
        XMLUtils.setNamespace(createElementNS, "http://www.w3.org/2001/04/xmlenc#", "xenc");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptionMethod");
        createElementNS2.setAttributeNS(null, "Algorithm", str);
        if (this.digestAlgo != null) {
            Element createElementInSignatureSpace = org.apache.xml.security.utils.XMLUtils.createElementInSignatureSpace(document, "DigestMethod");
            createElementInSignatureSpace.setAttributeNS(null, "Algorithm", this.digestAlgo);
            createElementNS2.appendChild(createElementInSignatureSpace);
        }
        if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(this.keyEncAlgo) && this.mgfAlgo != null) {
            Element createElementNS3 = document.createElementNS("http://www.w3.org/2009/xmlenc11#", "xenc11:MGF");
            createElementNS3.setAttributeNS(null, "Algorithm", this.mgfAlgo);
            createElementNS2.appendChild(createElementNS3);
        }
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    protected Element createCipherValue(Document document, Element element) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherData");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherValue");
        createElementNS.appendChild(createElementNS2);
        element.appendChild(createElementNS);
        return createElementNS2;
    }

    public void prependToHeader() {
        WSSecurityUtil.prependChildElement(getSecurityHeader().getSecurityHeaderElement(), this.encryptedKeyElement);
    }

    public void appendToHeader() {
        getSecurityHeader().getSecurityHeaderElement().appendChild(this.encryptedKeyElement);
    }

    public void prependBSTElementToHeader() {
        if (this.bstToken == null || this.bstAddedToSecurityHeader) {
            return;
        }
        WSSecurityUtil.prependChildElement(getSecurityHeader().getSecurityHeaderElement(), this.bstToken.getElement());
        this.bstAddedToSecurityHeader = true;
    }

    public void appendBSTElementToHeader() {
        if (this.bstToken == null || this.bstAddedToSecurityHeader) {
            return;
        }
        getSecurityHeader().getSecurityHeaderElement().appendChild(this.bstToken.getElement());
        this.bstAddedToSecurityHeader = true;
    }

    public byte[] getEphemeralKey() {
        return this.ephemeralKey;
    }

    public void setUseThisCert(X509Certificate x509Certificate) {
        this.useThisCert = x509Certificate;
    }

    public X509Certificate getUseThisCert() {
        return this.useThisCert;
    }

    public void setUseThisPublicKey(PublicKey publicKey) {
        this.useThisPublicKey = publicKey;
    }

    public PublicKey getUseThisPublicKey() {
        return this.useThisPublicKey;
    }

    public Element getEncryptedKeyElement() {
        return this.encryptedKeyElement;
    }

    public void setEncryptedKeyElement(Element element) {
        this.encryptedKeyElement = element;
    }

    public Element getBinarySecurityTokenElement() {
        if (this.bstToken != null) {
            return this.bstToken.getElement();
        }
        return null;
    }

    public void setKeyEncAlgo(String str) {
        this.keyEncAlgo = str;
    }

    public String getKeyEncAlgo() {
        return this.keyEncAlgo;
    }

    public void setEphemeralKey(byte[] bArr) {
        this.ephemeralKey = bArr;
    }

    public String getBSTTokenId() {
        if (this.bstToken == null) {
            return null;
        }
        return this.bstToken.getID();
    }

    public void setEncKeyId(String str) {
        this.encKeyId = str;
    }

    public boolean isCertSet() {
        return this.useThisCert != null;
    }

    public byte[] getEncryptedEphemeralKey() {
        return this.encryptedEphemeralKey;
    }

    public void setEncryptedEphemeralKey(byte[] bArr) {
        this.encryptedEphemeralKey = bArr;
    }

    public void setCustomEKTokenValueType(String str) {
        this.customEKTokenValueType = str;
    }

    public void setCustomEKTokenId(String str) {
        this.customEKTokenId = str;
    }

    public void setSymmetricEncAlgorithm(String str) {
        this.symEncAlgo = str;
    }

    public String getSymmetricEncAlgorithm() {
        return this.symEncAlgo;
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlgo = str;
    }

    public String getDigestAlgorithm() {
        return this.digestAlgo;
    }

    public void setMGFAlgorithm(String str) {
        this.mgfAlgo = str;
    }

    public String getMGFAlgorithm() {
        return this.mgfAlgo;
    }

    public SecretKey getSymmetricKey() {
        return this.symmetricKey;
    }

    public void setSymmetricKey(SecretKey secretKey) {
        this.symmetricKey = secretKey;
    }

    public boolean isIncludeEncryptionToken() {
        return this.includeEncryptionToken;
    }

    public void setIncludeEncryptionToken(boolean z) {
        this.includeEncryptionToken = z;
    }

    public Element getCustomEKKeyInfoElement() {
        return this.customEKKeyInfoElement;
    }

    public void setCustomEKKeyInfoElement(Element element) {
        this.customEKKeyInfoElement = element;
    }
}
