package org.apache.camel.component.crypto.cms.crypt;

import java.io.Closeable;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.apache.camel.Exchange;
import org.apache.camel.component.crypto.cms.common.AttributesGeneratorProvider;
import org.apache.camel.component.crypto.cms.common.CryptoCmsMarshallerAbstract;
import org.apache.camel.component.crypto.cms.common.OriginatorInformationProvider;
import org.apache.camel.component.crypto.cms.exception.CryptoCmsException;
import org.apache.camel.util.IOHelper;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator;
import org.bouncycastle.cms.OriginatorInformation;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/component/crypto/cms/crypt/EnvelopedDataEncryptor.class */
public class EnvelopedDataEncryptor extends CryptoCmsMarshallerAbstract {
    private static final Logger LOG = LoggerFactory.getLogger(EnvelopedDataEncryptor.class);
    private final EnvelopedDataEncryptorConfiguration conf;

    public EnvelopedDataEncryptor(EnvelopedDataEncryptorConfiguration envelopedDataEncryptorConfiguration) {
        super(envelopedDataEncryptorConfiguration);
        this.conf = envelopedDataEncryptorConfiguration;
    }

    @Override // org.apache.camel.component.crypto.cms.common.CryptoCmsMarshallerAbstract
    protected void marshalInternal(InputStream inputStream, OutputStream outputStream, Exchange exchange) throws Exception {
        LOG.debug("Content encryption algorithm: {}", this.conf.getAlgorithmID());
        LOG.debug("Parameter secretKeyLength: {}", Integer.valueOf(this.conf.getSecretKeyLength()));
        try {
            CMSEnvelopedDataStreamGenerator cMSEnvelopedDataStreamGenerator = new CMSEnvelopedDataStreamGenerator();
            OriginatorInformationProvider originatorInformationProvider = this.conf.getOriginatorInformationProvider();
            if (originatorInformationProvider != null) {
                LOG.debug("originatorInformationProvider found");
                OriginatorInformation originatorInformation = originatorInformationProvider.getOriginatorInformation(exchange);
                if (originatorInformation != null) {
                    LOG.debug("originatorInformation found");
                    cMSEnvelopedDataStreamGenerator.setOriginatorInfo(originatorInformation);
                }
            }
            AttributesGeneratorProvider unprotectedAttributesGeneratorProvider = this.conf.getUnprotectedAttributesGeneratorProvider();
            if (unprotectedAttributesGeneratorProvider != null) {
                LOG.debug("attributeGeneratorProvider found");
                cMSEnvelopedDataStreamGenerator.setUnprotectedAttributeGenerator(unprotectedAttributesGeneratorProvider.getAttributesGenerator(exchange));
            }
            if (this.conf.getRecipient().isEmpty()) {
                throw new CryptoCmsException("No recipient configured.");
            }
            Iterator<RecipientInfo> it = this.conf.getRecipient().iterator();
            while (it.hasNext()) {
                TransRecipientInfo transRecipientInfo = (TransRecipientInfo) it.next();
                LOG.debug("Recipient info: {}", transRecipientInfo);
                X509Certificate certificate = transRecipientInfo.getCertificate(exchange);
                LOG.debug("Encryption certificate for recipient with '{}' : {}", transRecipientInfo, certificate);
                JceKeyTransRecipientInfoGenerator jceKeyTransRecipientInfoGenerator = new JceKeyTransRecipientInfoGenerator(certificate, determineKeyEncryptionAlgorithmIdentifier(transRecipientInfo.getKeyEncryptionAlgorithm(exchange), transRecipientInfo));
                jceKeyTransRecipientInfoGenerator.setProvider("BC");
                cMSEnvelopedDataStreamGenerator.addRecipientInfoGenerator(jceKeyTransRecipientInfoGenerator);
            }
            OutputStream open = cMSEnvelopedDataStreamGenerator.open(outputStream, new JceCMSContentEncryptorBuilder(this.conf.getAlgorithmID()).setProvider("BC").build());
            IOHelper.copy(inputStream, open);
            LOG.debug("CMS Enveloped Data creation successful");
            IOHelper.close(inputStream);
            IOHelper.close(open);
        } catch (Throwable th) {
            IOHelper.close(inputStream);
            IOHelper.close((Closeable) null);
            throw th;
        }
    }

    private AlgorithmIdentifier determineKeyEncryptionAlgorithmIdentifier(String str, TransRecipientInfo transRecipientInfo) throws CryptoCmsException {
        if (str == null) {
            throw new CryptoCmsException("Key encryption algorithm  of recipient info '" + transRecipientInfo + "' is missing");
        }
        if ("RSA".equals(str)) {
            return new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption);
        }
        throw new CryptoCmsException("Key encryption algorithm '" + str + "' of recipient info '" + transRecipientInfo + "' is not supported");
    }
}
