package de.osci.osci12.messageparts;

import de.osci.helper.Base64;
import de.osci.helper.Canonizer;
import de.osci.helper.ParserHelper;
import de.osci.helper.SymCipherInputStream;
import de.osci.helper.Tools;
import de.osci.osci12.OSCIException;
import de.osci.osci12.common.Constants;
import de.osci.osci12.common.DialogHandler;
import de.osci.osci12.common.OSCICancelledException;
import de.osci.osci12.encryption.CipherReference;
import de.osci.osci12.encryption.CipherValue;
import de.osci.osci12.encryption.Crypto;
import de.osci.osci12.encryption.EncryptedData;
import de.osci.osci12.encryption.EncryptedKey;
import de.osci.osci12.encryption.OSCICipherException;
import de.osci.osci12.messagetypes.OSCIMessage;
import de.osci.osci12.roles.OSCIRoleException;
import de.osci.osci12.roles.Role;
import de.osci.osci12.signature.KeyInfo;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Vector;
import javax.crypto.SecretKey;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;

/* loaded from: input_file:de/osci/osci12/messageparts/EncryptedDataOSCI.class */
public class EncryptedDataOSCI extends MessagePart {
    private int keyIDs;
    private static final int TYPE_OF_DATA_ATTACHMENT = 0;
    private static final int TYPE_OF_DATA_CONTENTCONTAINER = 1;
    private int typeOfData;
    private int stateOfObject;
    private EncryptedData encryptedDataObject;
    Vector<Role> roles;
    Vector<Role> readers;
    Vector<Attachment> attachments;
    private Hashtable<Role, EncryptedKey> encryptedKeyList;
    private MessagePart content;
    private OSCIMessage msg;
    private SecretKey secretKey;
    private static Log log = LogFactory.getLog(EncryptedDataOSCI.class);
    private static int idNr = -1;
    private static int ENCRYPTEDDATA_START = 0;
    private static int ENCRYPTEDDATA_ENCRYPTED = 1;

    EncryptedDataOSCI(Attachment attachment) throws OSCICipherException, IOException {
        this.keyIDs = 0;
        this.typeOfData = -1;
        this.stateOfObject = ENCRYPTEDDATA_START;
        this.encryptedDataObject = null;
        this.roles = new Vector<>();
        this.readers = new Vector<>();
        this.attachments = new Vector<>();
        this.encryptedKeyList = new Hashtable<>();
        this.content = null;
        this.msg = null;
        this.secretKey = null;
        this.typeOfData = 0;
        if (attachment == null) {
            throw new IllegalArgumentException(DialogHandler.text.getString(Constants.LanguageTextEntries.invalid_thirdargument.name()) + " attachment = null");
        }
        this.typeOfData = 0;
        this.attachments.add(attachment);
        if (!attachment.isEncrypted()) {
            throw new IllegalArgumentException(DialogHandler.text.getString("error_unencrypted_attachment"));
        }
        if (attachment.getSymmetricCipherAlgorithm() == null) {
            if (log.isDebugEnabled()) {
                log.error("SymmetricCipherAlgorithm wurde nicht gesetzt.");
            }
            throw new IllegalArgumentException(DialogHandler.text.getString("error_unencrypted_attachment"));
        }
        this.secretKey = attachment.secretKey;
        if (log.isDebugEnabled()) {
            log.debug("Secret-Key des Attachments wird verwendet.");
        }
        CipherReference cipherReference = new CipherReference("cid:" + attachment.getRefID());
        setRefID("Attachment" + attachment.getRefID());
        this.encryptedDataObject = new EncryptedData(cipherReference, attachment.getSymmetricCipherAlgorithm(), attachment.getIvLength(), getRefID());
        this.stateOfObject = ENCRYPTEDDATA_ENCRYPTED;
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.setMgmtData(Base64.encode(attachment.secretKey.getEncoded()));
        this.encryptedDataObject.setKeyInfo(keyInfo);
        this.content = attachment;
    }

    public EncryptedDataOSCI(ContentContainer contentContainer) throws NoSuchAlgorithmException, IOException {
        this(null, "http://www.w3.org/2009/xmlenc11#aes256-gcm", 12, contentContainer);
    }

    @Deprecated
    public EncryptedDataOSCI(SecretKey secretKey, ContentContainer contentContainer) throws NoSuchAlgorithmException, IOException {
        this(secretKey, Crypto.getCipherAlgoID(secretKey), 12, contentContainer);
    }

    public EncryptedDataOSCI(String str, int i, ContentContainer contentContainer) throws NoSuchAlgorithmException, IOException {
        this(null, str, i, contentContainer);
    }

    public EncryptedDataOSCI(String str, ContentContainer contentContainer) throws NoSuchAlgorithmException, IOException {
        this(null, str, 12, contentContainer);
    }

    public EncryptedDataOSCI(SecretKey secretKey, String str, ContentContainer contentContainer) throws NoSuchAlgorithmException {
        this(secretKey, str, 12, contentContainer);
    }

    public EncryptedDataOSCI(SecretKey secretKey, String str, int i, ContentContainer contentContainer) throws NoSuchAlgorithmException {
        int length;
        this.keyIDs = 0;
        this.typeOfData = -1;
        this.stateOfObject = ENCRYPTEDDATA_START;
        this.encryptedDataObject = null;
        this.roles = new Vector<>();
        this.readers = new Vector<>();
        this.attachments = new Vector<>();
        this.encryptedKeyList = new Hashtable<>();
        this.content = null;
        this.msg = null;
        this.secretKey = null;
        this.transformers.add("<ds:Transform Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"></ds:Transform>");
        StringBuilder append = new StringBuilder().append(this.typ);
        int i2 = idNr + 1;
        idNr = i2;
        this.id = append.append(i2).toString();
        if (str == null) {
            throw new IllegalArgumentException(DialogHandler.text.getString(Constants.LanguageTextEntries.invalid_firstargument.name()) + " algo = null");
        }
        secretKey = secretKey == null ? Crypto.createSymKey(str) : secretKey;
        String algorithm = secretKey.getAlgorithm();
        if (!algorithm.equals("DESede") && !algorithm.equals("AES")) {
            throw new NoSuchAlgorithmException(DialogHandler.text.getString("encryption_algorithm_not_supported") + algorithm);
        }
        if (algorithm.equals("AES") && (length = secretKey.getEncoded().length) != 16 && length != 24 && length != 32) {
            throw new NoSuchAlgorithmException(DialogHandler.text.getString("encryption_algorithm_not_supported AES-" + (length * 8)));
        }
        if (contentContainer == null) {
            throw new IllegalArgumentException(DialogHandler.text.getString(Constants.LanguageTextEntries.invalid_thirdargument.name()) + " coco = null");
        }
        this.typeOfData = 1;
        StringBuilder append2 = new StringBuilder().append("encdata_");
        int i3 = idNr;
        idNr = i3 + 1;
        this.id = append2.append(i3).toString();
        this.secretKey = secretKey;
        this.content = contentContainer;
        this.encryptedDataObject = new EncryptedData(contentContainer, str, i, this.id, this.secretKey);
        Attachment[] attachments = contentContainer.getAttachments();
        if (attachments != null && attachments.length > 0) {
            for (Attachment attachment : attachments) {
                this.attachments.add(attachment);
            }
        }
        for (int i4 = 0; i4 < contentContainer.roles.size(); i4++) {
            this.roles.add(contentContainer.roles.get(i4));
        }
        setNSPrefixes(contentContainer.soapNSPrefix, contentContainer.osciNSPrefix, contentContainer.dsNSPrefix, contentContainer.xencNSPrefix, contentContainer.xsiNSPrefix);
        try {
            setNS(new String(contentContainer.ns, Constants.CHAR_ENCODING));
        } catch (UnsupportedEncodingException e) {
        }
    }

    public EncryptedDataOSCI(EncryptedData encryptedData, OSCIMessage oSCIMessage) throws SAXException {
        this.keyIDs = 0;
        this.typeOfData = -1;
        this.stateOfObject = ENCRYPTEDDATA_START;
        this.encryptedDataObject = null;
        this.roles = new Vector<>();
        this.readers = new Vector<>();
        this.attachments = new Vector<>();
        this.encryptedKeyList = new Hashtable<>();
        this.content = null;
        this.msg = null;
        this.secretKey = null;
        this.encryptedDataObject = encryptedData;
        this.stateOfObject = ENCRYPTEDDATA_ENCRYPTED;
        this.id = encryptedData.getId();
        this.msg = oSCIMessage;
        for (EncryptedKey encryptedKey : encryptedData.getKeyInfo().getEncryptedKeys()) {
            String uri = encryptedKey.getKeyInfo().getRetrievalMethod().getURI();
            uri = uri.startsWith("#") ? uri.substring(1) : uri;
            Role roleForRefID = oSCIMessage.getRoleForRefID(uri);
            if (roleForRefID == null) {
                throw new SAXException(DialogHandler.text.getString("no_cipher_cert") + uri);
            }
            this.roles.add(roleForRefID);
            this.readers.add(roleForRefID);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setNS(String str) {
        this.encryptedDataObject.encNS = str;
    }

    @Override // de.osci.osci12.messageparts.MessagePart
    public void setNSPrefixes(String str, String str2, String str3, String str4, String str5) {
        this.encryptedDataObject.soapNSPrefix = str;
        this.encryptedDataObject.osciNSPrefix = str2;
        this.encryptedDataObject.dsNSPrefix = str3;
        this.encryptedDataObject.xencNSPrefix = str4;
        this.encryptedDataObject.xsiNSPrefix = str5;
    }

    public ContentContainer decrypt(Role role) throws OSCICipherException, OSCIRoleException, IOException, OSCICancelledException, SAXException, NoSuchAlgorithmException {
        EncryptedKey findEncrypedKey = this.encryptedDataObject.findEncrypedKey(getCertificatIdForRole(role));
        if (log.isDebugEnabled()) {
            log.debug("Anzahl der Empfänger: " + this.encryptedKeyList.size());
        }
        if (findEncrypedKey == null || !role.hasCipherPrivateKey()) {
            throw new IllegalArgumentException(DialogHandler.text.getString("no_encryption_for_role"));
        }
        if (log.isDebugEnabled()) {
            log.debug("key: " + findEncrypedKey.getKeyInfo().getRetrievalMethod().getURI());
        }
        InputStream cipherValueStream = findEncrypedKey.getCipherData().getCipherValue().getCipherValueStream();
        cipherValueStream.reset();
        byte[] readBytes = Tools.readBytes(cipherValueStream);
        byte[] decrypt = findEncrypedKey.getEncryptionMethodAlgorithm().equals("http://www.w3.org/2009/xmlenc11#rsa-oaep") ? role.getDecrypter().decrypt(readBytes, findEncrypedKey.mgfAlgorithm, findEncrypedKey.digestAlgorithm) : role.getDecrypter().decrypt(readBytes);
        if (this.encryptedDataObject.getCipherData().getCipherReference() != null) {
            if (log.isDebugEnabled()) {
                log.debug("Es handelt sich um eine CipherReference unbekannter herkunft.");
            }
            throw new OSCICipherException("invalid_reference");
        }
        if (log.isDebugEnabled()) {
            log.debug("Es handelt sich um ein CipherValue.");
        }
        InputStream cipherValueStream2 = this.encryptedDataObject.getCipherData().getCipherValue().getCipherValueStream();
        cipherValueStream2.reset();
        if (!this.encryptedDataObject.isIvLengthParsed()) {
            this.encryptedDataObject.setIvLength(16);
        }
        return parseInputStream(new SymCipherInputStream(cipherValueStream2, Crypto.createSymKey(decrypt, this.encryptedDataObject.getEncryptionMethodAlgorithm()), this.encryptedDataObject.getEncryptionMethodAlgorithm(), this.encryptedDataObject.getIvLength(), false));
    }

    private String getCertificatIdForRole(Role role) throws OSCIRoleException {
        if (role == null) {
            throw new IllegalArgumentException(DialogHandler.text.getString(Constants.LanguageTextEntries.invalid_firstargument.name()) + " reader = null");
        }
        String str = null;
        int i = 0;
        while (true) {
            if (i >= this.roles.size()) {
                break;
            }
            if (role.getCipherCertificate().equals(this.roles.get(i).getCipherCertificate())) {
                str = this.roles.get(i).getCipherCertificateId();
                break;
            }
            i++;
        }
        if (str == null) {
            throw new IllegalArgumentException(DialogHandler.text.getString("no_encryption_for_role"));
        }
        return str;
    }

    public String getAsymEncryptionAlgorithm(Role role) throws OSCICipherException, OSCIRoleException, IOException, OSCICancelledException, SAXException, NoSuchAlgorithmException {
        EncryptedKey findEncrypedKey = this.encryptedDataObject.findEncrypedKey(getCertificatIdForRole(role));
        if (findEncrypedKey != null) {
            return findEncrypedKey.getEncryptionMethodAlgorithm();
        }
        return null;
    }

    public void encrypt(byte[] bArr, Role role) throws OSCIRoleException, IOException, OSCICipherException {
        encrypt(bArr, role, "http://www.w3.org/2009/xmlenc11#rsa-oaep");
    }

    public void encrypt(byte[] bArr, Role role, String str) throws OSCIRoleException, IOException, OSCICipherException {
        if (!this.readers.contains(role)) {
            this.roles.add(role);
            this.readers.add(role);
        }
        this.stateOfObject = ENCRYPTEDDATA_ENCRYPTED;
        if (log.isDebugEnabled()) {
            log.debug("Encrypted-Data Methode encrypt mit :" + role.getCipherCertificateId());
        }
        KeyInfo keyInfo = this.content == null ? new KeyInfo("#" + role.getCipherCertificate()) : new KeyInfo("#" + role.getCipherCertificateId());
        EncryptedKey encryptedKey = new EncryptedKey(str, new CipherValue(bArr));
        encryptedKey.setId("EncData_" + this.id + "_" + this.keyIDs);
        encryptedKey.setKeyInfo(keyInfo);
        if (this.encryptedDataObject.getKeyInfo() == null) {
            this.encryptedDataObject.setKeyInfo(new KeyInfo());
        }
        this.encryptedDataObject.getKeyInfo().addEncryptedKey(encryptedKey);
        this.encryptedKeyList.put(role, encryptedKey);
        if (this.content instanceof ContentContainer) {
            createEncryptedAttachments((ContentContainer) this.content, bArr, role);
        }
        if (log.isDebugEnabled()) {
            log.debug("Fertig mit Encrypted-Data Methode encrypt mit.");
        }
    }

    private ContentContainer parseInputStream(InputStream inputStream) throws OSCICipherException, IOException, SAXException, NoSuchAlgorithmException {
        try {
            try {
                Canonizer canonizer = ParserHelper.isSecureContentDataCheck() ? new Canonizer(inputStream, null, true) : new Canonizer(inputStream, null, false);
                InputStreamReader inputStreamReader = new InputStreamReader(canonizer, Constants.CHAR_ENCODING);
                SAXParserFactory newInstance = SAXParserFactory.newInstance();
                newInstance.setNamespaceAware(true);
                XMLReader xMLReader = newInstance.newSAXParser().getXMLReader();
                ParserHelper.setFeatures(xMLReader);
                ContentPackageBuilder contentPackageBuilder = new ContentPackageBuilder(xMLReader, this.msg, canonizer);
                xMLReader.setContentHandler(contentPackageBuilder);
                xMLReader.parse(new InputSource(inputStreamReader));
                inputStream.close();
                if (!(contentPackageBuilder.getLastCreatedObject() instanceof ContentContainer)) {
                    throw new OSCICipherException("sax_exception");
                }
                ContentContainer contentContainer = (ContentContainer) contentPackageBuilder.getLastCreatedObject();
                decryptAttachments(contentContainer);
                return contentContainer;
            } catch (ParserConfigurationException e) {
                throw new SAXException(e);
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    private void decryptAttachments(ContentContainer contentContainer) throws IOException {
        EncryptedDataOSCI[] encryptedData = contentContainer.getEncryptedData();
        for (int i = 0; i < encryptedData.length; i++) {
            if (encryptedData[i].encryptedDataObject.getCipherData().getCipherReference() != null) {
                String uri = encryptedData[i].encryptedDataObject.getCipherData().getCipherReference().getURI();
                if (uri.startsWith("cid:")) {
                    uri = uri.substring(4);
                }
                encryptedData[i].setRefID(uri);
                Attachment attachment = this.msg.attachments.get(uri);
                attachment.stateOfAttachment = 2;
                attachment.encrypt = true;
                if (log.isDebugEnabled()) {
                    log.debug("das Attachment: " + attachment + " URI: " + uri);
                }
                attachment.secretKey = Crypto.createSymKey(Base64.decode(encryptedData[i].encryptedDataObject.getKeyInfo().getMgmtData()), encryptedData[i].encryptedDataObject.getEncryptionMethodAlgorithm());
                attachment.symmetricCipherAlgorithm = encryptedData[i].encryptedDataObject.getEncryptionMethodAlgorithm();
                attachment.ivLength = encryptedData[i].encryptedDataObject.getIvLength();
                contentContainer.attachments.put(attachment.getRefID(), attachment);
                contentContainer.removeEncryptedData(encryptedData[i], false);
            }
        }
        Content[] contents = contentContainer.getContents();
        for (int i2 = 0; i2 < contents.length; i2++) {
            if (contents[i2].getContentType() == 1) {
                decryptAttachments(contents[i2].getContentContainer());
            }
        }
    }

    private void createEncryptedAttachments(ContentContainer contentContainer, byte[] bArr, Role role) throws OSCICipherException, IOException {
        Attachment[] attachments = contentContainer.getAttachments();
        if (attachments != null) {
            ContentContainer contentContainer2 = (ContentContainer) this.content;
            contentContainer2.stateOfObject = ContentContainer.STATE_OF_OBJECT_PARSING;
            HashSet hashSet = new HashSet();
            for (EncryptedDataOSCI encryptedDataOSCI : contentContainer2.getEncryptedData()) {
                hashSet.add(encryptedDataOSCI.getRefID());
            }
            for (int i = 0; i < attachments.length; i++) {
                if (log.isDebugEnabled()) {
                    log.debug("Ein weiteres Attachment." + attachments[i].getRefID());
                }
                if (hashSet.add("Attachment" + attachments[i].getRefID())) {
                    EncryptedDataOSCI encryptedDataOSCI2 = new EncryptedDataOSCI(attachments[i]);
                    encryptedDataOSCI2.setNSPrefixes(contentContainer2.soapNSPrefix, contentContainer2.osciNSPrefix, contentContainer2.dsNSPrefix, contentContainer2.xencNSPrefix, contentContainer2.xsiNSPrefix);
                    encryptedDataOSCI2.setNS(new String(contentContainer2.ns, Constants.CHAR_ENCODING));
                    contentContainer2.addEncryptedData(encryptedDataOSCI2);
                }
            }
            Role[] roles = ((ContentContainer) this.content).getRoles();
            for (int i2 = 0; i2 < roles.length; i2++) {
                if (!this.roles.contains(roles[i2])) {
                    this.roles.add(roles[i2]);
                }
            }
        }
        Content[] contents = contentContainer.getContents();
        for (int i3 = 0; i3 < contents.length; i3++) {
            if (contents[i3].getContentType() == 1) {
                createEncryptedAttachments(contents[i3].getContentContainer(), bArr, role);
            }
        }
    }

    public void encrypt(Role role) throws OSCICipherException, OSCIRoleException, IOException, NoSuchAlgorithmException {
        encrypt(role, "http://www.w3.org/2009/xmlenc11#rsa-oaep");
    }

    public void encrypt(Role role, String str) throws OSCICipherException, OSCIRoleException, IOException, NoSuchAlgorithmException {
        if (!this.readers.contains(role)) {
            this.roles.add(role);
            this.readers.add(role);
        }
        this.stateOfObject = ENCRYPTEDDATA_ENCRYPTED;
        if (log.isDebugEnabled()) {
            log.debug("Encrypted-Data Methode encrypt mit :" + role.getCipherCertificateId() + " Es handelt sich um ein EncryptedData Objekt vom Typ:" + this.typeOfData);
        }
        if (this.secretKey == null) {
            throw new OSCICipherException("no_secret_key");
        }
        encrypt(Crypto.doRSAEncryption(role.getCipherCertificate(), this.secretKey, str), role, str);
    }

    @Override // de.osci.osci12.messageparts.MessagePart
    public void writeXML(OutputStream outputStream) throws IOException, OSCIException {
        writeXML(outputStream, true);
    }

    public void writeXML(OutputStream outputStream, boolean z) throws IOException, OSCIException {
        if (this.stateOfObject < ENCRYPTEDDATA_ENCRYPTED) {
            throw new IllegalStateException(DialogHandler.text.getString("invalid_stateofobject") + " not encrypted.");
        }
        this.encryptedDataObject.setId(getRefID());
        this.encryptedDataObject.writeXML(outputStream, z);
    }

    public String getSymEncryptionMethod() {
        return this.encryptedDataObject.getEncryptionMethodAlgorithm();
    }

    public Attachment[] getAttachments() {
        return (Attachment[]) this.attachments.toArray(new Attachment[0]);
    }

    public Role[] getRoles() {
        return (Role[]) this.roles.toArray(new Role[0]);
    }

    public Role[] getReaders() {
        return (Role[]) this.readers.toArray(new Role[0]);
    }

    public void setIvLength(int i) {
        if (this.encryptedDataObject != null) {
            this.encryptedDataObject.setIvLength(i);
        } else {
            log.warn("Could not set IV, encryptedDataObject is null");
        }
    }
}
