package org.apache.cxf.rs.security.xml;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-rs-security-xml-3.5.3.jar:org/apache/cxf/rs/security/xml/EncryptionUtils.class */
public final class EncryptionUtils {
    private EncryptionUtils() {
    }

    public static Cipher initCipherWithCert(String str, int i, X509Certificate x509Certificate) throws WSSecurityException {
        return initCipherWithCert(str, null, i, x509Certificate);
    }

    public static Cipher initCipherWithCert(String str, String str2, int i, X509Certificate x509Certificate) throws WSSecurityException {
        Cipher cipherInstance = KeyUtils.getCipherInstance(str);
        try {
            OAEPParameterSpec constructOAEPParameters = constructOAEPParameters(str, str2, null, null);
            if (constructOAEPParameters == null) {
                cipherInstance.init(i, x509Certificate);
            } else {
                cipherInstance.init(i, x509Certificate.getPublicKey(), constructOAEPParameters);
            }
            return cipherInstance;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
        }
    }

    public static Cipher initCipherWithKey(String str, int i, Key key) throws WSSecurityException {
        return initCipherWithKey(str, null, i, key);
    }

    public static Cipher initCipherWithKey(String str, String str2, int i, Key key) throws WSSecurityException {
        Cipher cipherInstance = KeyUtils.getCipherInstance(str);
        try {
            OAEPParameterSpec constructOAEPParameters = constructOAEPParameters(str, str2, null, null);
            if (constructOAEPParameters == null) {
                cipherInstance.init(i, key);
            } else {
                cipherInstance.init(i, key, constructOAEPParameters);
            }
            return cipherInstance;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
        }
    }

    public static OAEPParameterSpec constructOAEPParameters(String str, String str2, String str3, byte[] bArr) {
        if (!"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str) && !"http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str)) {
            return null;
        }
        String translateURItoJCEID = str2 != null ? JCEMapper.translateURItoJCEID(str2) : "SHA-1";
        PSource.PSpecified pSpecified = PSource.PSpecified.DEFAULT;
        if (bArr != null) {
            pSpecified = new PSource.PSpecified(bArr);
        }
        MGF1ParameterSpec mGF1ParameterSpec = new MGF1ParameterSpec("SHA-1");
        if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str)) {
            if ("http://www.w3.org/2009/xmlenc11#mgf1sha256".equals(str3)) {
                mGF1ParameterSpec = new MGF1ParameterSpec("SHA-256");
            } else if ("http://www.w3.org/2009/xmlenc11#mgf1sha384".equals(str3)) {
                mGF1ParameterSpec = new MGF1ParameterSpec("SHA-384");
            } else if ("http://www.w3.org/2009/xmlenc11#mgf1sha512".equals(str3)) {
                mGF1ParameterSpec = new MGF1ParameterSpec("SHA-512");
            }
        }
        return new OAEPParameterSpec(translateURItoJCEID, "MGF1", mGF1ParameterSpec, pSpecified);
    }

    public static XMLCipher initXMLCipher(String str, int i, Key key) throws WSSecurityException {
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(str);
            xMLCipher.setSecureValidation(true);
            xMLCipher.init(i, key);
            return xMLCipher;
        } catch (XMLEncryptionException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e);
        }
    }
}
