package com.sun.xml.wss.filter;

import com.sun.enterprise.management.support.WebModuleSupport;
import com.sun.org.apache.xml.security.encryption.XMLCipher;
import com.sun.org.apache.xml.security.encryption.XMLEncryptionException;
import com.sun.org.apache.xpath.internal.XPathAPI;
import com.sun.xml.wss.EncryptedDataHeaderBlock;
import com.sun.xml.wss.KeyInfoHeaderBlock;
import com.sun.xml.wss.KeyInfoStrategy;
import com.sun.xml.wss.MessageFilter;
import com.sun.xml.wss.ReferenceListHeaderBlock;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.SecurityEnvironment;
import com.sun.xml.wss.Target;
import com.sun.xml.wss.XMLUtil;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.keyinfo.KeyNameStrategy;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.logging.Level;
import javax.crypto.SecretKey;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPPart;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:119166-17/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/filter/EncryptElementFilter.class */
public class EncryptElementFilter extends FilterBase implements MessageFilter {
    public EncryptElementFilter(String str, boolean z, KeyInfoStrategy keyInfoStrategy) {
        this.targets = new ArrayList();
        this.targets.add(new Target("xpath", str, z));
        this.keyInfoStrategy = keyInfoStrategy;
    }

    public EncryptElementFilter(String str, boolean z) {
        this(str, z, null);
    }

    public EncryptElementFilter(String str) {
        this(str, true);
    }

    public EncryptElementFilter(ArrayList arrayList, KeyInfoStrategy keyInfoStrategy) {
        this.targets = arrayList;
        this.keyInfoStrategy = keyInfoStrategy;
    }

    public EncryptElementFilter(ArrayList arrayList) {
        this(arrayList, (KeyInfoStrategy) null);
    }

    public EncryptElementFilter() {
        this.targets = new ArrayList();
        this.targets.add(new Target());
    }

    @Override // com.sun.xml.wss.filter.FilterBase, com.sun.xml.wss.MessageFilter
    public void init() throws XWSSecurityException {
    }

    @Override // com.sun.xml.wss.MessageFilter
    public void process(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        SecretKey symmetricKey = getSymmetricKey(securableSoapMessage);
        if (symmetricKey == null) {
            log.log(Level.SEVERE, "WSS0191.symmetrickey.not.set");
            throw new XWSSecurityException("Symmetric key required for encryption is not set");
        }
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
            xMLCipher.init(1, symmetricKey);
            if (this.targets == null) {
                log.log(Level.SEVERE, "WSS0192.encryption.targets.not.specified");
                throw new XWSSecurityException("No encryption targets specified");
            }
            Iterator it = this.targets.iterator();
            while (it.hasNext()) {
                Target target = (Target) it.next();
                String type = target.getType();
                String value = target.getValue();
                boolean contentOnly = target.getContentOnly();
                if (type.equals(Target.TARGET_TYPE_VALUE_QNAME)) {
                    process(xMLCipher, securableSoapMessage, convertToXpath(value), contentOnly);
                } else if (type.equals("xpath")) {
                    process(xMLCipher, securableSoapMessage, value, contentOnly);
                } else if (type.equals("uri")) {
                    processElement(xMLCipher, (SOAPElement) securableSoapMessage.getElementById(value), securableSoapMessage, contentOnly);
                }
            }
        } catch (XMLEncryptionException e) {
            log.log(Level.SEVERE, "WSS0134.unableto.initialize.xml.cipher");
            throw new XWSSecurityException("Unable to initialize XML Cipher", e);
        }
    }

    private void process(XMLCipher xMLCipher, SecurableSoapMessage securableSoapMessage, String str, boolean z) throws XWSSecurityException {
        try {
            NodeList selectNodeList = XPathAPI.selectNodeList(securableSoapMessage.getSOAPPart(), str, securableSoapMessage.getNSContext());
            if (selectNodeList == null || selectNodeList.getLength() == 0) {
                log.log(Level.SEVERE, "WSS0193.invalid.target");
                throw new XWSSecurityException(new StringBuffer().append("No element exists with the xpath: ").append(str).toString());
            }
            for (int i = 0; i < selectNodeList.getLength(); i++) {
                processElement(xMLCipher, (SOAPElement) selectNodeList.item(i), securableSoapMessage, z);
            }
        } catch (TransformerException e) {
            throw new XWSSecurityException(e);
        }
    }

    private void processElement(XMLCipher xMLCipher, SOAPElement sOAPElement, SecurableSoapMessage securableSoapMessage, boolean z) throws XWSSecurityException {
        if (sOAPElement.getNodeType() != 1) {
            log.log(Level.SEVERE, "WSS0165.unable.to.encrypt");
            throw new XWSSecurityException("XPath does not correspond to a DOM Element");
        }
        if (sOAPElement.getLocalName().equals("Header") && !z) {
            log.log(Level.SEVERE, "WSS0194.illegal.target", "SOAP-ENV:Header");
            throw new XWSSecurityException("Encryption of Soap Header is not allowed");
        }
        if (!sOAPElement.getLocalName().equals("Body") || z) {
            encrypt(xMLCipher, sOAPElement, securableSoapMessage, z);
        } else {
            log.log(Level.SEVERE, "WSS0194.illegal.target", "SOAP-ENV:Body");
            throw new XWSSecurityException("Encryption of Soap Body is not allowed");
        }
    }

    private void encrypt(XMLCipher xMLCipher, SOAPElement sOAPElement, SecurableSoapMessage securableSoapMessage, boolean z) throws XWSSecurityException {
        SOAPElement parentNode;
        SOAPPart sOAPPart = securableSoapMessage.getSOAPPart();
        securableSoapMessage.getNSContext();
        Node node = null;
        if (z) {
            parentNode = sOAPElement;
        } else {
            parentNode = sOAPElement.getParentNode();
            node = sOAPElement.getNextSibling();
        }
        try {
            xMLCipher.doFinal(sOAPPart, sOAPElement, z);
            Node node2 = z ? (Element) parentNode.getFirstChild() : node == null ? (Element) parentNode.getLastChild() : (Element) node.getPreviousSibling();
            String generateId = securableSoapMessage.generateId();
            String stringBuffer = new StringBuffer().append("#").append(generateId).toString();
            node2.setAttribute("Id", generateId);
            ReferenceListHeaderBlock referenceListHeaderBlock = (ReferenceListHeaderBlock) securableSoapMessage.getFilterParameter("ReferenceList");
            if (referenceListHeaderBlock == null) {
                log.log(Level.SEVERE, "WSS0195.referencelist.not.set");
                throw new XWSSecurityException("REFERENCE_LIST filter parameter is not set");
            }
            referenceListHeaderBlock.addReference(stringBuffer);
            if (this.keyInfoStrategy != null) {
                KeyInfoHeaderBlock keyInfoHeaderBlock = new KeyInfoHeaderBlock(sOAPPart);
                this.keyInfoStrategy.insertKey(keyInfoHeaderBlock, securableSoapMessage, null);
                EncryptedDataHeaderBlock encryptedDataHeaderBlock = new EncryptedDataHeaderBlock(XMLUtil.convertToSoapElement(sOAPPart, node2));
                encryptedDataHeaderBlock.setKeyInfo(keyInfoHeaderBlock);
                node2.getParentNode().replaceChild(encryptedDataHeaderBlock.getAsSoapElement(), node2);
            }
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0128.unableto.encrypt.message");
            throw new XWSSecurityException("Unable to encrypt element", e);
        }
    }

    private SecretKey getSymmetricKey(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        if (!(this.keyInfoStrategy instanceof KeyNameStrategy)) {
            return (SecretKey) securableSoapMessage.getFilterParameter("SymmetricKey");
        }
        SecurityEnvironment securityEnvironment = securableSoapMessage.getSecurityEnvironment();
        if (securityEnvironment != null) {
            return securityEnvironment.getSecretKey(((KeyNameStrategy) this.keyInfoStrategy).getKeyName(), true);
        }
        log.log(Level.SEVERE, "WSS0196.securityenvironment.not.set");
        throw new XWSSecurityException("Security environment has not been set");
    }

    private String convertToXpath(String str) {
        QName valueOf = QName.valueOf(str);
        return "".equals(valueOf.getNamespaceURI()) ? new StringBuffer().append(WebModuleSupport.VIRTUAL_SERVER_PREFIX).append(valueOf.getLocalPart()).toString() : new StringBuffer().append("//*[local-name()='").append(valueOf.getLocalPart()).append("' and namespace-uri()='").append(valueOf.getNamespaceURI()).append("']").toString();
    }
}
