package com.sun.xml.wss.filter;

import com.sun.org.apache.xml.security.encryption.EncryptedKey;
import com.sun.org.apache.xml.security.encryption.XMLCipher;
import com.sun.org.apache.xml.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.security.keys.KeyInfo;
import com.sun.xml.wss.KeyInfoHeaderBlock;
import com.sun.xml.wss.KeyInfoStrategy;
import com.sun.xml.wss.MessageFilter;
import com.sun.xml.wss.ReferenceListHeaderBlock;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.SecurityHeader;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.configuration.ConfigurationConstants;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPPart;

/* loaded from: input_file:119167-16/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/filter/ExportEncryptedKeyFilter.class */
public class ExportEncryptedKeyFilter extends FilterBase implements MessageFilter {
    private String algorithm;
    private String x509TokenId;

    public ExportEncryptedKeyFilter() {
        this.algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
    }

    public ExportEncryptedKeyFilter(String str, KeyInfoStrategy keyInfoStrategy) throws XWSSecurityException {
        if (null == str) {
            throw new XWSSecurityException("'algorithm' argument should not be null");
        }
        this.algorithm = str;
        if (null == keyInfoStrategy) {
            throw new XWSSecurityException("'keyInfoStrategy' argument should not be null");
        }
        this.keyInfoStrategy = keyInfoStrategy;
    }

    public ExportEncryptedKeyFilter(KeyInfoStrategy keyInfoStrategy) throws XWSSecurityException {
        this("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", keyInfoStrategy);
    }

    @Override // com.sun.xml.wss.filter.FilterBase, com.sun.xml.wss.MessageFilter
    public void init() throws XWSSecurityException {
        if (getParameter("x509TokenId") != null) {
            this.x509TokenId = getParameter("x509TokenId");
        }
        this.algorithm = getParameter(ConfigurationConstants.KEY_ENC_ALGO_ATTRIBUTE_NAME);
    }

    @Override // com.sun.xml.wss.MessageFilter
    public void process(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        SOAPPart sOAPPart = securableSoapMessage.getSOAPPart();
        SecurityHeader findOrCreateSecurityHeader = securableSoapMessage.findOrCreateSecurityHeader();
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede");
            keyGenerator.init(168);
            SecretKey generateKey = keyGenerator.generateKey();
            securableSoapMessage.setFilterParameter("SymmetricKey", generateKey);
            X509Certificate associatedCertificate = getAssociatedCertificate(securableSoapMessage);
            if (associatedCertificate == null) {
                throw new XWSSecurityException("Could not retrieve certificate for encryption");
            }
            this.keyInfoStrategy.setCertificate(associatedCertificate);
            try {
                XMLCipher xMLCipher = XMLCipher.getInstance(this.algorithm);
                xMLCipher.init(3, associatedCertificate.getPublicKey());
                EncryptedKey encryptKey = xMLCipher.encryptKey(sOAPPart, generateKey);
                KeyInfoHeaderBlock keyInfoHeaderBlock = new KeyInfoHeaderBlock(sOAPPart);
                this.keyInfoStrategy.insertKey(keyInfoHeaderBlock, securableSoapMessage, this.x509TokenId);
                encryptKey.setKeyInfo(new KeyInfo(keyInfoHeaderBlock.getAsSoapElement(), null));
                SOAPElement sOAPElement = (SOAPElement) xMLCipher.martial(encryptKey);
                findOrCreateSecurityHeader.insertHeaderBlockElement(sOAPElement);
                ReferenceListHeaderBlock referenceListHeaderBlock = new ReferenceListHeaderBlock(sOAPPart);
                sOAPElement.appendChild(referenceListHeaderBlock.getAsSoapElement());
                securableSoapMessage.setFilterParameter("ReferenceList", referenceListHeaderBlock);
            } catch (XMLSecurityException e) {
                throw new XWSSecurityException(e);
            }
        } catch (Exception e2) {
            log.log(Level.SEVERE, "WSS0168.failedto.generate.random.symmetrickey", new Object[]{e2.getMessage()});
            throw new XWSSecurityException("Unable to Generate Symmetric Key", e2);
        }
    }

    private X509Certificate getAssociatedCertificate(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        return securableSoapMessage.getSecurityEnvironment().getCertificate(this.keyInfoStrategy.getAlias(), false);
    }
}
