package org.apache.camel.component.crypto.cms.crypt;

import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import org.apache.camel.CamelContext;
import org.apache.camel.component.crypto.cms.common.AttributesGeneratorProvider;
import org.apache.camel.component.crypto.cms.common.CryptoCmsMarshallerConfiguration;
import org.apache.camel.component.crypto.cms.common.OriginatorInformationProvider;
import org.apache.camel.component.crypto.cms.exception.CryptoCmsException;
import org.apache.camel.spi.UriParam;
import org.apache.camel.spi.UriParams;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.cms.CMSAlgorithm;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@UriParams
/* loaded from: input_file:org/apache/camel/component/crypto/cms/crypt/EnvelopedDataEncryptorConfiguration.class */
public class EnvelopedDataEncryptorConfiguration extends CryptoCmsMarshallerConfiguration {
    private static final String CAST5_CBC_PKCS5_PADDING = "CAST5/CBC/PKCS5Padding";
    private static final String RC2_CBC_PKCS5_PADDING = "RC2/CBC/PKCS5Padding";
    private static final String CAMELLIA_CBC_PKCS5_PADDING = "Camellia/CBC/PKCS5Padding";
    private static final String AES_CBC_PKCS5_PADDING = "AES/CBC/PKCS5Padding";
    private static final String DES_CBC_PKCS5_PADDING = "DES/CBC/PKCS5Padding";
    private static final String DESEDE_CBC_PKCS5_PADDING = "DESede/CBC/PKCS5Padding";
    private static final Logger LOG = LoggerFactory.getLogger(EnvelopedDataEncryptorConfiguration.class);
    private static final Map<String, List<Integer>> SUPPORTED_ENCRYPTION_ALGORITHMS = new HashMap(7);

    @UriParam(label = "encrypt", multiValue = true, description = "Recipient Info: reference to a bean which implements the interface org.apache.camel.component.crypto.cms.api.TransRecipientInfo")
    private final List<RecipientInfo> recipient;

    @UriParam(label = "encrypt", enums = "AES/CBC/PKCS5Padding,DESede/CBC/PKCS5Padding,Camellia/CBC/PKCS5Padding,CAST5/CBC/PKCS5Padding")
    private String contentEncryptionAlgorithm;

    @UriParam(label = "encrypt")
    private int secretKeyLength;

    @UriParam(label = "encrypt", defaultValue = "null")
    private AttributesGeneratorProvider unprotectedAttributesGeneratorProvider;

    @UriParam(label = "encrypt", defaultValue = "null")
    private OriginatorInformationProvider originatorInformationProvider;
    private ASN1ObjectIdentifier algorithmId;

    public EnvelopedDataEncryptorConfiguration(CamelContext camelContext) {
        super(camelContext);
        this.recipient = new ArrayList(3);
    }

    private static boolean isLimitedEncryptionStrength() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES") < 256;
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    public List<RecipientInfo> getRecipient() {
        return this.recipient;
    }

    public void setRecipient(RecipientInfo recipientInfo) {
        this.recipient.add(recipientInfo);
    }

    public void setRecipient(List<?> list) {
        RecipientInfo recipientInfo;
        if (list == null) {
            return;
        }
        for (Object obj : list) {
            if (obj instanceof String) {
                String str = (String) obj;
                String replaceAll = str.replaceAll("#", "");
                if (getContext() != null && str != null && (recipientInfo = (RecipientInfo) getContext().getRegistry().lookupByNameAndType(replaceAll, RecipientInfo.class)) != null) {
                    setRecipient(recipientInfo);
                }
            }
        }
    }

    public String getContentEncryptionAlgorithm() {
        return this.contentEncryptionAlgorithm;
    }

    public void setContentEncryptionAlgorithm(String str) {
        this.contentEncryptionAlgorithm = str;
    }

    public int getSecretKeyLength() {
        return this.secretKeyLength;
    }

    public void setSecretKeyLength(int i) {
        this.secretKeyLength = i;
    }

    public AttributesGeneratorProvider getUnprotectedAttributesGeneratorProvider() {
        return this.unprotectedAttributesGeneratorProvider;
    }

    public void setUnprotectedAttributesGeneratorProvider(AttributesGeneratorProvider attributesGeneratorProvider) {
        this.unprotectedAttributesGeneratorProvider = attributesGeneratorProvider;
    }

    public OriginatorInformationProvider getOriginatorInformationProvider() {
        return this.originatorInformationProvider;
    }

    public void setOriginatorInformationProvider(OriginatorInformationProvider originatorInformationProvider) {
        this.originatorInformationProvider = originatorInformationProvider;
    }

    public void init() throws CryptoCmsException {
        if (this.recipient.size() == 0) {
            logErrorAndThrow(LOG, "No recipient configured.");
        }
        checkEncryptionAlgorithmAndSecretKeyLength();
        calcualteAlgorithmIdWithKeyLength();
    }

    private void checkEncryptionAlgorithmAndSecretKeyLength() throws CryptoCmsException {
        if (this.contentEncryptionAlgorithm == null) {
            logErrorAndThrow(LOG, "Content encryption algorithm is null");
        } else if (!SUPPORTED_ENCRYPTION_ALGORITHMS.keySet().contains(this.contentEncryptionAlgorithm)) {
            logErrorAndThrow(LOG, "Content encryption algorithm " + this.contentEncryptionAlgorithm + " not supported");
        } else {
            if (SUPPORTED_ENCRYPTION_ALGORITHMS.get(this.contentEncryptionAlgorithm).contains(Integer.valueOf(this.secretKeyLength))) {
                return;
            }
            logErrorAndThrow(LOG, "Content encryption algorithm " + this.contentEncryptionAlgorithm + " does not supported secretKeyLength of " + this.secretKeyLength);
        }
    }

    private void calcualteAlgorithmIdWithKeyLength() {
        if (DESEDE_CBC_PKCS5_PADDING.equals(getContentEncryptionAlgorithm())) {
            this.algorithmId = CMSAlgorithm.DES_EDE3_CBC;
            return;
        }
        if (DES_CBC_PKCS5_PADDING.equals(getContentEncryptionAlgorithm())) {
            this.algorithmId = CMSAlgorithm.DES_CBC;
            return;
        }
        if (AES_CBC_PKCS5_PADDING.equals(getContentEncryptionAlgorithm())) {
            switch (getSecretKeyLength()) {
                case 128:
                    this.algorithmId = CMSAlgorithm.AES128_CBC;
                    return;
                case 192:
                    this.algorithmId = CMSAlgorithm.AES192_CBC;
                    return;
                case 256:
                    this.algorithmId = CMSAlgorithm.AES256_CBC;
                    return;
                default:
                    throw new IllegalStateException("Unsupported secret key length " + getSecretKeyLength() + " for algorithm AES");
            }
        }
        if (!CAMELLIA_CBC_PKCS5_PADDING.equals(getContentEncryptionAlgorithm())) {
            if (RC2_CBC_PKCS5_PADDING.equals(getContentEncryptionAlgorithm())) {
                this.algorithmId = CMSAlgorithm.RC2_CBC;
                return;
            } else {
                if (!CAST5_CBC_PKCS5_PADDING.equals(getContentEncryptionAlgorithm())) {
                    throw new IllegalStateException("Content encryption algorithm " + getContentEncryptionAlgorithm() + " not supported");
                }
                this.algorithmId = CMSAlgorithm.CAST5_CBC;
                return;
            }
        }
        switch (getSecretKeyLength()) {
            case 128:
                this.algorithmId = CMSAlgorithm.CAMELLIA128_CBC;
                return;
            case 192:
                this.algorithmId = CMSAlgorithm.CAMELLIA192_CBC;
                return;
            case 256:
                this.algorithmId = CMSAlgorithm.CAMELLIA256_CBC;
                return;
            default:
                throw new IllegalStateException("Unsupported secret key length " + getSecretKeyLength() + " for algorithm Camellia");
        }
    }

    public ASN1ObjectIdentifier getAlgorithmID() {
        return this.algorithmId;
    }

    static {
        List<Integer> asList = isLimitedEncryptionStrength() ? Arrays.asList(128) : Arrays.asList(256, 192, 128);
        SUPPORTED_ENCRYPTION_ALGORITHMS.put(DESEDE_CBC_PKCS5_PADDING, Arrays.asList(192, 128));
        SUPPORTED_ENCRYPTION_ALGORITHMS.put(DES_CBC_PKCS5_PADDING, Arrays.asList(64, 56));
        SUPPORTED_ENCRYPTION_ALGORITHMS.put(AES_CBC_PKCS5_PADDING, asList);
        SUPPORTED_ENCRYPTION_ALGORITHMS.put(CAMELLIA_CBC_PKCS5_PADDING, asList);
        SUPPORTED_ENCRYPTION_ALGORITHMS.put(RC2_CBC_PKCS5_PADDING, Arrays.asList(128, 120, 112, 104, 96, 88, 80, 72, 64, 56, 48, 40));
        SUPPORTED_ENCRYPTION_ALGORITHMS.put(CAST5_CBC_PKCS5_PADDING, Arrays.asList(128, 120, 112, 104, 96, 88, 80, 72, 64, 56, 48, 40));
    }
}
