package com.ibm.xml.enc.dom;

import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.xml.crypto.dsig.Constants;
import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.spec.HMACParameterSpec;
import javax.xml.crypto.enc.EncryptedType;
import javax.xml.crypto.enc.spec.EncryptionMethodParameterSpec;
import javax.xml.crypto.enc.spec.RSAOAEPParameterSpec;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:jre/lib/ext/ibmxmlencprovider.jar:com/ibm/xml/enc/dom/DOMRSAOAEP.class */
public final class DOMRSAOAEP extends DOMEncryptionMethod {
    private static Debug debug = Debug.getInstance(Debug.XMLENC);
    private Cipher cipher;
    private AlgorithmParameters aps;
    private SecureRandom random;
    private RSAOAEPParameterSpec rsaSpec;
    private XMLSignatureFactory fac;

    public DOMRSAOAEP(Integer num, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        this.random = null;
        this.rsaSpec = null;
        this.fac = null;
        if (algorithmParameterSpec == null) {
            try {
                if (this.fac == null) {
                    this.fac = XMLSignatureFactory.getInstance("DOM");
                }
                new RSAOAEPParameterSpec(this.fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null));
            } catch (Exception e) {
                throw ((InvalidAlgorithmParameterException) new InvalidAlgorithmParameterException(e.getMessage()).initCause(e));
            }
        }
        super.init("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", num, algorithmParameterSpec);
    }

    public DOMRSAOAEP(Element element) throws MarshalException {
        super(element);
        this.random = null;
        this.rsaSpec = null;
        this.fac = null;
    }

    public String getAlgorithmConstant() {
        return "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    protected void checkParams(Integer num, EncryptionMethodParameterSpec encryptionMethodParameterSpec) throws InvalidAlgorithmParameterException {
        String str;
        String str2;
        if (encryptionMethodParameterSpec != null) {
            if (!(encryptionMethodParameterSpec instanceof RSAOAEPParameterSpec)) {
                throw new InvalidAlgorithmParameterException("Unsupported EncryptionMethodParameterSpec " + encryptionMethodParameterSpec.getClass());
            }
            RSAOAEPParameterSpec rSAOAEPParameterSpec = (RSAOAEPParameterSpec) encryptionMethodParameterSpec;
            this.rsaSpec = rSAOAEPParameterSpec;
            String algorithm = rSAOAEPParameterSpec.getDigestMethod().getAlgorithm();
            try {
                this.aps = AlgorithmParameters.getInstance("OAEP");
                if (algorithm.equals("http://www.w3.org/2000/09/xmldsig#sha1")) {
                    str = "RSA/ /OAEPPADDINGSHA-1";
                    str2 = "SHA-1";
                } else if (algorithm.equals("http://www.w3.org/2001/04/xmlenc#sha256")) {
                    str = "RSA/ /OAEPPADDINGSHA-256";
                    str2 = "SHA-256";
                } else {
                    if (!algorithm.equals("http://www.w3.org/2001/04/xmlenc#sha512")) {
                        throw new InvalidAlgorithmParameterException("unsupported cipher " + ((String) null));
                    }
                    str = "RSA/ /OAEPPADDINGSHA-512";
                    str2 = "SHA-512";
                }
                byte[] oAEPParams = rSAOAEPParameterSpec.getOAEPParams();
                try {
                    if (oAEPParams != null) {
                        if (debug != null) {
                            debug.trace("DOMRSAOAEP", "checkParams", oAEPParams);
                        }
                        this.aps.init(encodeParams(str2, oAEPParams));
                    } else {
                        if (debug != null) {
                            debug.trace("DOMRSAOAEP", "checkParams", "no parameters");
                        }
                        this.aps.init(encodeParams(str2, new byte[0]));
                    }
                    this.cipher = Cipher.getInstance(str);
                } catch (Exception e) {
                    throw ((InvalidAlgorithmParameterException) new InvalidAlgorithmParameterException(e.getMessage()).initCause(e));
                }
            } catch (Exception e2) {
                throw ((InvalidAlgorithmParameterException) new InvalidAlgorithmParameterException(e2.getMessage()).initCause(e2));
            }
        }
    }

    private byte[] encodeParams(String str, byte[] bArr) throws IOException, NoSuchAlgorithmException {
        byte[] encode = AlgorithmId.get(str).encode();
        AlgorithmId algorithmId = new AlgorithmId(new ObjectIdentifier("1.2.840.113549.1.1.8"), AlgorithmId.get("SHA-1").encode());
        ObjectIdentifier objectIdentifier = new ObjectIdentifier("1.2.840.113549.1.1.9");
        DerOutputStream derOutputStream = new DerOutputStream();
        derOutputStream.putOctetString(bArr);
        DerValue[] derValueArr = {new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), encode), new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), algorithmId.encode()), new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 2), new AlgorithmId(objectIdentifier, derOutputStream.toByteArray()).encode())};
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.putSequence(derValueArr);
        return derOutputStream2.toByteArray();
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    protected EncryptionMethodParameterSpec unmarshalParams(Element element) throws MarshalException {
        String localName = element.getLocalName();
        byte[] bArr = null;
        if (localName == null) {
            throw new MarshalException("Document implement must be namespace aware");
        }
        if (localName.equals(EncryptionConstants._TAG_OAEPPARAMS)) {
            checkNamespace(element, "http://www.w3.org/2001/04/xmlenc#");
            Node firstChild = element.getFirstChild();
            if (firstChild.getNodeType() != 3) {
                throw new MarshalException("Malformed element");
            }
            try {
                bArr = Utils.base64Decode(firstChild.getNodeValue());
                if (firstChild.getNextSibling() != null) {
                    throw new MarshalException("Malformed element");
                }
            } catch (IOException e) {
                throw new MarshalException(e);
            }
        }
        Element nextSiblingElement = DOMUtils.getNextSiblingElement(element);
        if (nextSiblingElement == null) {
            if (debug == null) {
                return null;
            }
            debug.trace("DOMRSAOAEP", "unmarshalParams", "localname=" + element.getLocalName());
            return null;
        }
        if (!nextSiblingElement.getLocalName().equals("DigestMethod")) {
            throw new MarshalException("Malformed element");
        }
        checkNamespace(nextSiblingElement, "http://www.w3.org/2000/09/xmldsig#");
        if (debug != null) {
            debug.trace("DOMRSAOAEP", "unmarshalParams", "Found digestMethod node");
        }
        String attribute = nextSiblingElement.getAttribute("Algorithm");
        if (attribute == null) {
            throw new MarshalException("DigestMethod element does not have Algorithm attribute");
        }
        if (!attribute.equals("http://www.w3.org/2000/09/xmldsig#sha1") && !attribute.equals("http://www.w3.org/2001/04/xmlenc#sha256") && !attribute.equals("http://www.w3.org/2001/04/xmlenc#sha512")) {
            throw new MarshalException("Unsupported DigestMethod algorithm");
        }
        if (DOMUtils.getFirstChildElement(nextSiblingElement) != null) {
            throw new MarshalException("Can't process the child element of DigestMethod");
        }
        try {
            if (this.fac == null) {
                this.fac = XMLSignatureFactory.getInstance("DOM");
            }
            return new RSAOAEPParameterSpec(this.fac.newDigestMethod(attribute, null), bArr);
        } catch (Exception e2) {
            throw new MarshalException(e2);
        }
    }

    private void checkNamespace(Element element, String str) throws MarshalException {
        String namespaceURI = element.getNamespaceURI();
        if (namespaceURI != null && !str.equals(namespaceURI)) {
            throw new MarshalException("Unexpected element: " + element.getNodeName());
        }
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    protected void marshalParams(Element element, String str) throws MarshalException {
        Document ownerDocument = DOMUtils.getOwnerDocument(element);
        if (this.rsaSpec != null) {
            byte[] oAEPParams = this.rsaSpec.getOAEPParams();
            if (oAEPParams != null) {
                Node createElement = DOMUtils.createElement(ownerDocument, EncryptionConstants._TAG_OAEPPARAMS, "http://www.w3.org/2001/04/xmlenc#", str);
                createElement.appendChild(ownerDocument.createTextNode(Utils.base64Encode(oAEPParams)));
                element.appendChild(createElement);
            }
            DigestMethod digestMethod = this.rsaSpec.getDigestMethod();
            if (digestMethod != null) {
                Element createElement2 = DOMUtils.createElement(ownerDocument, "DigestMethod", "http://www.w3.org/2000/09/xmldsig#", Constants.PREFIX_DSIG);
                createElement2.setAttributeNS(null, "Algorithm", digestMethod.getAlgorithm());
                AlgorithmParameterSpec parameterSpec = digestMethod.getParameterSpec();
                if (parameterSpec != null) {
                    if (!"http://www.w3.org/2000/09/xmldsig#hmac-sha1".equals(digestMethod.getAlgorithm())) {
                        throw new MarshalException("unsupported algorithm with parameterSpec");
                    }
                    Document ownerDocument2 = createElement2.getOwnerDocument();
                    int outputLength = ((HMACParameterSpec) parameterSpec).getOutputLength();
                    Element createElement3 = DOMUtils.createElement(ownerDocument2, "HMACOutputLength", "http://www.w3.org/2000/09/xmldsig#", Constants.PREFIX_DSIG);
                    createElement3.appendChild(ownerDocument2.createTextNode(Integer.toString(outputLength)));
                    createElement2.appendChild(createElement3);
                }
                element.appendChild(createElement2);
            }
        }
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    protected boolean paramsEqual(AlgorithmParameterSpec algorithmParameterSpec) {
        return getParameterSpec() == algorithmParameterSpec;
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    public byte[] decrypt(Key key, byte[] bArr) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        if (debug != null) {
            debug.entry("DOMRSAOAEP", "decrypt");
        }
        if (key == null || bArr == null) {
            throw new NullPointerException("key or cipher data cannot be null");
        }
        if (!(key instanceof RSAPrivateKey)) {
            throw new InvalidKeyException("key must be a RSAPrivateKey");
        }
        Integer keySize = getKeySize();
        if (keySize != null) {
            Utils.checkKeySize(keySize, (RSAKey) key);
        }
        if (this.cipher == null) {
            try {
                RSAOAEPParameterSpec rSAOAEPParameterSpec = (RSAOAEPParameterSpec) super.getParameterSpec();
                if (rSAOAEPParameterSpec != null) {
                    checkParams(null, rSAOAEPParameterSpec);
                } else {
                    this.cipher = Cipher.getInstance("RSA/ /OAEPPADDINGSHA-1");
                    this.aps = AlgorithmParameters.getInstance("OAEP");
                    this.aps.init(encodeParams("SHA-1", new byte[0]));
                }
            } catch (Exception e) {
                throw ((InvalidKeyException) new InvalidKeyException(e.getMessage()).initCause(e));
            }
        }
        try {
            this.cipher.init(2, key, this.aps);
            byte[] doFinal = this.cipher.doFinal(bArr);
            if (debug != null) {
                debug.trace("DOMRSAOAEP", "decrypt", "decrypted data: " + Utils.base64EncodeNoWhite(doFinal));
            }
            return doFinal;
        } catch (Exception e2) {
            throw ((InvalidKeyException) new InvalidKeyException(e2.getMessage()).initCause(e2));
        }
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    public Key decryptKey(Key key, byte[] bArr, AlgorithmMethod algorithmMethod) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException {
        if (debug != null) {
            debug.entry("DOMRSAOAEP", "decryptKey");
        }
        if (key == null || bArr == null) {
            throw new NullPointerException("key and cipher data can not be null");
        }
        Integer keySize = getKeySize();
        if (keySize != null) {
            Utils.checkKeySize(keySize, (RSAKey) key);
        }
        if (this.cipher == null) {
            try {
                RSAOAEPParameterSpec rSAOAEPParameterSpec = (RSAOAEPParameterSpec) super.getParameterSpec();
                if (rSAOAEPParameterSpec != null) {
                    checkParams(null, rSAOAEPParameterSpec);
                } else {
                    this.cipher = Cipher.getInstance("RSA/ /OAEPPADDINGSHA-1");
                    this.aps = AlgorithmParameters.getInstance("OAEP");
                    this.aps.init(encodeParams("SHA-1", new byte[0]));
                }
            } catch (Exception e) {
                throw ((InvalidKeyException) new InvalidKeyException(e.getMessage()).initCause(e));
            }
        }
        try {
            this.cipher.init(4, key, this.aps);
            String mapAlgorithm = Utils.mapAlgorithm(algorithmMethod.getAlgorithm());
            if (!mapAlgorithm.equals("RSA")) {
                return this.cipher.unwrap(bArr, mapAlgorithm, 3);
            }
            try {
                Key unwrap = this.cipher.unwrap(bArr, mapAlgorithm, 2);
                return unwrap == null ? this.cipher.unwrap(bArr, mapAlgorithm, 1) : unwrap;
            } catch (Exception e2) {
                return this.cipher.unwrap(bArr, mapAlgorithm, 1);
            }
        } catch (Exception e3) {
            throw ((InvalidKeyException) new InvalidKeyException(e3.getMessage()).initCause(e3));
        }
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    public byte[] encrypt(Key key, byte[] bArr, EncryptedType encryptedType) throws InvalidKeyException {
        if (debug != null) {
            debug.entry("DOMRSAOAEP", "encrypt");
        }
        if (key == null || bArr == null) {
            throw new NullPointerException();
        }
        Integer keySize = getKeySize();
        if (!(key instanceof RSAPublicKey)) {
            throw new InvalidKeyException("key must be a RSAPublicKey");
        }
        if (keySize != null) {
            Utils.checkKeySize(keySize, (RSAKey) key);
        }
        if (debug != null) {
            debug.trace("DOMRSAOAEP", "encrypt", "encrypting data: " + Utils.base64EncodeNoWhite(bArr));
        }
        if (this.cipher == null) {
            try {
                RSAOAEPParameterSpec rSAOAEPParameterSpec = (RSAOAEPParameterSpec) super.getParameterSpec();
                if (rSAOAEPParameterSpec != null) {
                    checkParams(null, rSAOAEPParameterSpec);
                } else {
                    this.cipher = Cipher.getInstance("RSA/ /OAEPPADDINGSHA-1");
                    this.aps = AlgorithmParameters.getInstance("OAEP");
                    this.aps.init(encodeParams("SHA-1", new byte[0]));
                }
            } catch (Exception e) {
                throw ((InvalidKeyException) new InvalidKeyException(e.getMessage()).initCause(e));
            }
        }
        try {
            this.cipher.init(1, key, this.aps);
            byte[] doFinal = this.cipher.doFinal(bArr);
            this.cipher.getIV();
            return doFinal;
        } catch (Exception e2) {
            throw ((InvalidKeyException) new InvalidKeyException(e2.getMessage()).initCause(e2));
        }
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    public byte[] wrap(Key key, Key key2) throws InvalidKeyException, IllegalBlockSizeException {
        throw new UnsupportedOperationException("Wrap is not supported");
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    public byte[] unwrap(Key key, byte[] bArr) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        throw new UnsupportedOperationException("Unwrap is not supported");
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    public Key unwrap(Key key, byte[] bArr, AlgorithmMethod algorithmMethod) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        throw new UnsupportedOperationException("Unwrap is not supported");
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    public /* bridge */ /* synthetic */ String parseAlg(AlgorithmMethod algorithmMethod) {
        return super.parseAlg(algorithmMethod);
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod
    public /* bridge */ /* synthetic */ boolean equals(Object obj) {
        return super.equals(obj);
    }

    @Override // com.ibm.xml.enc.dom.DOMEncryptionMethod, com.ibm.xml.enc.dom.DOMStructure
    public /* bridge */ /* synthetic */ void marshal(Node node, String str, DOMCryptoContext dOMCryptoContext) throws MarshalException {
        super.marshal(node, str, dOMCryptoContext);
    }
}
