package com.sun.xml.ws.security.opt.impl.keyinfo;

import com.sun.xml.ws.security.impl.PasswordDerivedKey;
import com.sun.xml.ws.security.opt.api.EncryptedKey;
import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
import com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult;
import com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedKey;
import com.sun.xml.ws.security.opt.impl.tokens.UsernameToken;
import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.logging.impl.opt.token.LogStringsMessages;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.logging.Level;

/* loaded from: input_file:BOOT-INF/lib/webservices-rt-2.4.7.jar:com/sun/xml/ws/security/opt/impl/keyinfo/SymmetricTokenBuilder.class */
public class SymmetricTokenBuilder extends TokenBuilder {
    private Key dataProtectionKey;
    private Key keyProtectionKey;
    private SymmetricKeyBinding binding;
    private String dataProtectionAlg;
    private String keyProtectionAlg;
    private BuilderResult result;

    public SymmetricTokenBuilder(SymmetricKeyBinding symmetricKeyBinding, JAXBFilterProcessingContext jAXBFilterProcessingContext, String str, String str2) {
        super(jAXBFilterProcessingContext);
        this.dataProtectionKey = null;
        this.keyProtectionKey = null;
        this.binding = null;
        this.binding = symmetricKeyBinding;
        this.dataProtectionAlg = str;
        this.keyProtectionAlg = str2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v111, types: [com.sun.xml.ws.security.opt.impl.outgoing.SecurityHeader] */
    /* JADX WARN: Type inference failed for: r0v235, types: [com.sun.xml.ws.security.opt.impl.outgoing.SecurityHeader] */
    /* JADX WARN: Type inference failed for: r17v3, types: [com.sun.xml.ws.security.opt.api.SecurityHeaderElement] */
    /* JADX WARN: Type inference failed for: r18v2, types: [com.sun.xml.ws.security.opt.api.SecurityHeaderElement] */
    @Override // com.sun.xml.ws.security.opt.api.keyinfo.TokenBuilder
    public BuilderResult process() throws XWSSecurityException {
        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding;
        boolean equals = "true".equals(this.context.getExtraneousProperty("EnableWSS11PolicyReceiver"));
        boolean equals2 = "true".equals(this.context.getExtraneousProperty("EnableWSS11PolicySender"));
        boolean z = equals && equals2;
        boolean z2 = !equals2;
        ((NamespaceContextEx) this.context.getNamespaceContext()).addEncryptionNS();
        if (z && this.context.getExtraneousProperty(MessageConstants.SECRET_KEY_VALUE) == null) {
            z = false;
        }
        BuilderResult builderResult = new BuilderResult();
        WSSPolicy wSSPolicy = (WSSPolicy) this.binding.getKeyBinding();
        if (PolicyTypeUtil.usernameTokenBinding(wSSPolicy)) {
            if (z) {
                buildKeyInfoWithEKSHA1((String) this.context.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE));
                this.dataProtectionKey = this.binding.getSecretKey();
                if (this.dataProtectionKey == null) {
                    throw new XWSSecurityException("DataProtectionKey got from the  UsernameToken Binding is NULL");
                }
                builderResult.setKeyInfo(this.keyInfo);
                builderResult.setDataProtectionKey(this.dataProtectionKey);
            } else if (equals2 || z2) {
                this.dataProtectionKey = this.binding.getSecretKey();
                if (this.dataProtectionKey == null) {
                    throw new XWSSecurityException("DataProtectionKey got from the  UsernameToken Binding is NULL");
                }
                if (this.context.getusernameTokenBinding() == null) {
                    throw new XWSSecurityException("Internal error: UsernameToken Binding not set on context");
                }
                AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding = this.context.getusernameTokenBinding();
                usernameTokenBinding.setReferenceType("Direct");
                UsernameToken usernameToken = usernameTokenBinding.getUsernameToken();
                String uuid = usernameTokenBinding.getUUID();
                if (uuid == null || uuid.equals("")) {
                    uuid = this.context.generateID();
                }
                if (logger.isLoggable(Level.FINEST)) {
                    logger.log(Level.FINEST, "UsernameToken for SymmetricBinding is: " + usernameToken);
                    logger.log(Level.FINEST, "Token ID for SymmetricBinding is: " + uuid);
                }
                EncryptedKey encryptedKey = null;
                HashMap encryptedKeyCache = this.context.getEncryptedKeyCache();
                String str = (String) encryptedKeyCache.get(uuid);
                this.keyProtectionKey = usernameTokenBinding.getSecretKey();
                if (str == null) {
                    this.result = new UsernameTokenBuilder(this.context, usernameTokenBinding).process();
                    KeyInfo keyInfo = this.result.getKeyInfo();
                    this.context.setExtraneousProperty("SecretKey", this.dataProtectionKey);
                    ?? r17 = (SecurityHeaderElement) this.elementFactory.createEncryptedKey(this.context.generateID(), this.context.getAlgorithmSuite().getSymmetricKeyAlgorithm(), keyInfo, new PasswordDerivedKey().generate16ByteKeyforEncryption(usernameTokenBinding.getSecretKey().getEncoded()), this.dataProtectionKey);
                    this.context.getSecurityHeader().add(r17);
                    str = r17.getId();
                    encryptedKeyCache.put(uuid, str);
                    this.context.addToCurrentSecretMap(str, this.dataProtectionKey);
                    try {
                        this.context.setExtraneousProperty(MessageConstants.EK_SHA1_TYPE, Base64.encode(MessageDigest.getInstance("SHA-1").digest(((JAXBEncryptedKey) r17).getCipherValue())));
                        encryptedKey = r17;
                    } catch (NoSuchAlgorithmException e) {
                        throw new XWSSecurityException(e);
                    }
                } else {
                    if (str == null || str.length() == 0) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1804_WRONG_ENCRYPTED_KEY());
                        throw new XWSSecurityException("Invalid EncryptedKey Id ");
                    }
                    this.dataProtectionKey = this.context.getCurrentSecretFromMap(str);
                }
                String str2 = null;
                if (equals2) {
                    str2 = MessageConstants.EncryptedKey_NS;
                }
                buildKeyInfo(buildSTR(usernameTokenBinding.getUUID(), buildDirectReference(str, str2)));
                builderResult.setDataProtectionKey(this.dataProtectionKey);
                builderResult.setKeyInfo(this.keyInfo);
                builderResult.setEncryptedKey(encryptedKey);
            }
        } else if (PolicyTypeUtil.kerberosTokenBinding(wSSPolicy)) {
            if (this.context.getKerberosTokenBinding() == null) {
                throw new XWSSecurityException("Internal error: Kerberos Binding not set on context");
            }
            AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding = this.context.getKerberosTokenBinding();
            this.context.setKerberosTokenBinding(null);
            this.dataProtectionKey = kerberosTokenBinding.getSecretKey();
            builderResult = new KerberosTokenBuilder(this.context, kerberosTokenBinding).process();
            builderResult.setDataProtectionKey(this.dataProtectionKey);
        } else if (!this.binding.getKeyIdentifier().equals(MessageConstants._EMPTY)) {
            if (this.keyProtectionAlg != null && !"".equals(this.keyProtectionAlg)) {
                this.dataProtectionKey = SecurityUtil.generateSymmetricKey(this.dataProtectionAlg);
            }
            this.keyProtectionKey = this.binding.getSecretKey();
            if (this.dataProtectionKey == null) {
                this.dataProtectionKey = this.keyProtectionKey;
                this.keyProtectionKey = null;
                buildKIWithKeyName(this.binding.getKeyIdentifier());
            }
            builderResult.setKeyInfo(this.keyInfo);
            builderResult.setDataProtectionKey(this.dataProtectionKey);
        } else if (z) {
            buildKeyInfoWithEKSHA1((String) this.context.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE));
            this.dataProtectionKey = this.binding.getSecretKey();
            builderResult.setKeyInfo(this.keyInfo);
            builderResult.setDataProtectionKey(this.dataProtectionKey);
        } else if (equals2 || z2) {
            this.dataProtectionKey = this.binding.getSecretKey();
            if (!this.binding.getCertAlias().equals(MessageConstants._EMPTY)) {
                x509CertificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
                x509CertificateBinding.setCertificateIdentifier(this.binding.getCertAlias());
                x509CertificateBinding.setX509Certificate(this.context.getSecurityEnvironment().getCertificate(this.context.getExtraneousProperties(), x509CertificateBinding.getCertificateIdentifier(), false));
                x509CertificateBinding.setReferenceType("Direct");
            } else {
                if (this.context.getX509CertificateBinding() == null) {
                    throw new XWSSecurityException("Internal Error: X509CertificateBinding not set on context");
                }
                x509CertificateBinding = this.context.getX509CertificateBinding();
                this.context.setX509CertificateBinding(null);
            }
            X509Certificate x509Certificate = x509CertificateBinding.getX509Certificate();
            String uuid2 = x509CertificateBinding.getUUID();
            if (uuid2 == null || uuid2.equals("")) {
                uuid2 = this.context.generateID();
            }
            SecurityUtil.checkIncludeTokenPolicyOpt(this.context, x509CertificateBinding, uuid2);
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, "Certificate for SymmetricBinding is: " + x509Certificate);
                logger.log(Level.FINEST, "BinaryToken ID for SymmetricBinding is: " + uuid2);
            }
            EncryptedKey encryptedKey2 = null;
            HashMap encryptedKeyCache2 = this.context.getEncryptedKeyCache();
            String str3 = (String) encryptedKeyCache2.get(uuid2);
            this.keyProtectionKey = x509Certificate.getPublicKey();
            if (str3 == null) {
                KeyInfo keyInfo2 = new X509TokenBuilder(this.context, x509CertificateBinding).process().getKeyInfo();
                this.context.setExtraneousProperty("SecretKey", this.dataProtectionKey);
                ?? r18 = (SecurityHeaderElement) this.elementFactory.createEncryptedKey(this.context.generateID(), this.keyProtectionAlg, keyInfo2, this.keyProtectionKey, this.dataProtectionKey);
                this.context.getSecurityHeader().add(r18);
                str3 = r18.getId();
                encryptedKeyCache2.put(uuid2, str3);
                this.context.addToCurrentSecretMap(str3, this.dataProtectionKey);
                builderResult.setEncryptedKey((EncryptedKey) r18);
                try {
                    this.context.setExtraneousProperty(MessageConstants.EK_SHA1_TYPE, Base64.encode(MessageDigest.getInstance("SHA-1").digest(((JAXBEncryptedKey) r18).getCipherValue())));
                    encryptedKey2 = r18;
                } catch (NoSuchAlgorithmException e2) {
                    throw new XWSSecurityException(e2);
                }
            } else {
                if (str3 == null || str3.length() == 0) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1804_WRONG_ENCRYPTED_KEY());
                    throw new XWSSecurityException("Invalid EncryptedKey Id ");
                }
                this.dataProtectionKey = this.context.getCurrentSecretFromMap(str3);
            }
            String str4 = null;
            if (equals2) {
                str4 = MessageConstants.EncryptedKey_NS;
            }
            buildKeyInfo(buildSTR(x509CertificateBinding.getUUID(), buildDirectReference(str3, str4)));
            builderResult.setDataProtectionKey(this.dataProtectionKey);
            builderResult.setKeyInfo(this.keyInfo);
            builderResult.setEncryptedKey(encryptedKey2);
        }
        return builderResult;
    }
}
