package wss4j.examples.other.hack;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.DerivedKeyToken;
import org.apache.ws.security.processor.DerivedKeyTokenProcessor;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import ru.CryptoPro.Crypto.Key.GostSecretKey;
import ru.CryptoPro.JCP.Key.SecretKeySpec;
import ru.CryptoPro.JCP.tools.Decoder;
import wss4j.examples.other.CallbackHandlers;

/* loaded from: classes5.dex */
public class MyDerivedKeyTokenProcessor extends DerivedKeyTokenProcessor {
    public List<WSSecurityEngineResult> handleToken(Element element, RequestData requestData, WSDocInfo wSDocInfo) throws WSSecurityException {
        boolean z;
        Element securityHeader = WSSecurityUtil.getSecurityHeader(wSDocInfo.getDocument(), (String) null);
        DerivedKeyToken derivedKeyToken = new DerivedKeyToken(element, requestData.getWssConfig().isWsiBSPCompliant());
        CallbackHandler callbackHandler = requestData.getCallbackHandler();
        SecretKeySpec key = (callbackHandler == null || !(callbackHandler instanceof CallbackHandlers.SecretKeyAndKeyStoreCallbackHandler)) ? null : ((CallbackHandlers.SecretKeyAndKeyStoreCallbackHandler) callbackHandler).getKey(derivedKeyToken.getSecurityTokenReference().getKeyIdentifierValue());
        if (key == null) {
            Node firstChild = securityHeader.getFirstChild();
            while (true) {
                if (firstChild == null) {
                    z = false;
                    break;
                }
                Node nextSibling = firstChild.getNextSibling();
                if (1 == firstChild.getNodeType()) {
                    QName qName = new QName(firstChild.getNamespaceURI(), firstChild.getLocalName());
                    System.out.println(qName.getLocalPart());
                    if (qName.getLocalPart().equalsIgnoreCase("EncryptedKey")) {
                        z = true;
                        break;
                    }
                }
                firstChild = (firstChild.getNextSibling() != null || nextSibling == null) ? firstChild.getNextSibling() : nextSibling;
            }
            if (!z) {
                throw new WSSecurityException("Cached secret key is absent and EncryptedKey is not found.");
            }
            WSSecurityEngineResult wSSecurityEngineResult = new MyEncryptedKeyProcessor().handleToken((Element) firstChild, requestData, wSDocInfo).get(0);
            String str = (String) wSSecurityEngineResult.get("encrypted-key-transport-method");
            X509Certificate x509Certificate = (X509Certificate) wSSecurityEngineResult.get("x509-certificate");
            byte[] bArr = (byte[]) wSSecurityEngineResult.get("encrypted-ephemeral-key-bytes");
            PrivateKey privateKey = requestData.getDecCrypto().getPrivateKey(x509Certificate, requestData.getCallbackHandler());
            Cipher cipherInstance = WSSecurityUtil.getCipherInstance(str);
            try {
                cipherInstance.init(4, privateKey);
                key = (SecretKeySpec) ((GostSecretKey) ((SecretKey) cipherInstance.unwrap(bArr, null, 3))).getSpec();
            } catch (Exception e) {
                throw new WSSecurityException(e.getMessage(), e);
            }
        }
        String nonce = derivedKeyToken.getNonce();
        if (nonce == null) {
            throw new WSSecurityException("Missing wsc:Nonce value");
        }
        try {
            byte[] decodeBuffer = new Decoder().decodeBuffer(nonce);
            byte[] bArr2 = new byte[32];
            try {
                byte[] bytes = "WS-SecureConversationWS-SecureConversation".getBytes("UTF-8");
                byte[] bArr3 = new byte[bytes.length + decodeBuffer.length];
                System.arraycopy(bytes, 0, bArr3, 0, bytes.length);
                System.arraycopy(decodeBuffer, 0, bArr3, bytes.length, decodeBuffer.length);
                try {
                    key.methodGOSTR3411PRF(new byte[][]{bArr3}, bArr2, false);
                    WSSecurityEngineResult wSSecurityEngineResult2 = new WSSecurityEngineResult(2048, (byte[]) null, bArr2, (List) null);
                    wSDocInfo.addTokenElement(element);
                    wSSecurityEngineResult2.put("id", derivedKeyToken.getID());
                    wSSecurityEngineResult2.put("derived-key-token", derivedKeyToken);
                    wSSecurityEngineResult2.put("secret", bArr2);
                    wSSecurityEngineResult2.put("token-element", derivedKeyToken.getElement());
                    wSDocInfo.addResult(wSSecurityEngineResult2);
                    return Collections.singletonList(wSSecurityEngineResult2);
                } catch (InvalidKeyException e2) {
                    throw new WSSecurityException(e2.getMessage(), e2);
                }
            } catch (UnsupportedEncodingException e3) {
                throw new WSSecurityException("UTF-8 encoding is not supported", e3);
            }
        } catch (IOException e4) {
            throw new WSSecurityException(e4.getMessage(), e4);
        }
    }
}
