package com.ibm.ws.webservices.wssecurity.util;

import com.ibm.websphere.pmi.reqmetrics.PmiReqMetrics;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.webservices.wssecurity.Constants;
import com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.webservices.wssecurity.core.ElementSelector;
import com.ibm.ws.webservices.wssecurity.core.RequestMessagePool;
import com.ibm.ws.webservices.wssecurity.core.WSSGenerator;
import com.ibm.ws.webservices.wssecurity.enc.PartList;
import com.ibm.ws.webservices.wssecurity.time.TimestampRequest;
import com.ibm.ws.webservices.wssecurity.token.TokenManager;
import com.ibm.ws.wssecurity.xss4j.domutil.XPathCanonicalizer;
import com.ibm.ws.wssecurity.xss4j.dsig.IDResolver;
import com.ibm.wsspi.webservices.rpc.handler.soap.SOAPMessageContext;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.Token;
import com.ibm.wsspi.wssecurity.config.TokenConsumerConfig;
import com.ibm.wsspi.wssecurity.config.TokenGeneratorConfig;
import com.ibm.xml.soap.security.dsig.SOAPSignature;
import com.ibm.xml.soapsec.Request;
import com.ibm.xml.soapsec.RequestPool;
import com.ibm.xml.soapsec.token.NonceManager;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Duration;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import org.eclipse.wst.validation.internal.RegistryConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/webservices/wssecurity/util/IntegralDialectElementSelector.class */
public class IntegralDialectElementSelector implements ElementSelector {
    private static final String comp = "security.wssecurity";
    public static final String TIMESTAMP_DURATION = "security.wssecurity.integraldialectelementselector.duration";
    public static final String KEYSIGN_TYPE = "security.wssecurity.integraldialectelementselector.keysigntype";
    public static final String EXIST_STRTRANSFORM = "security.wssecurity.integraldialectelementselector.existstrtransform";
    public static final int BODY = 0;
    public static final int TIMESTAMP = 1;
    public static final int SECURITYTOKEN = 2;
    public static final int DSIGKEY = 3;
    public static final int ENCKEY = 4;
    public static final int MESSAGEID = 5;
    public static final int TO = 6;
    public static final int ACTION = 7;
    public static final int RELATESTO = 8;
    public static final int WSCONTEXT = 9;
    public static final int WSA_FROM = 10;
    public static final int WSA_REPLYTO = 11;
    public static final int WSA_FAULTTO = 12;
    public static final int WSA_ALL = 13;
    public static final int KS_KEYINFO = 0;
    public static final int KS_CHILDELEMENT = 1;
    private static final TraceComponent tc = Tr.register(IntegralDialectElementSelector.class, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
    private static final String clsName = IntegralDialectElementSelector.class.getName();
    public static final String[] WASDIALECTS = {"body".intern(), "timestamp".intern(), "securitytoken".intern(), "dsigkey".intern(), "enckey".intern(), "messageid".intern(), RegistryConstants.ATT_TO.intern(), "action".intern(), "relatesto".intern(), "wscontext".intern(), "wsafrom".intern(), "wsareplyto".intern(), "wsafaultto".intern(), "wsaall".intern()};
    private static final String[] WSAELEMENTS = {"MessageID".intern(), "To".intern(), AuditConstants.ACTION.intern(), "RelatesTo".intern(), "From".intern(), "ReplyTo".intern(), "FaultTo".intern()};
    public static final String[] KEYSIGNMETHOD = {"keyinfo", "keyinfochildelements"};

    @Override // com.ibm.ws.webservices.wssecurity.core.ElementSelector
    public void init(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map properties)");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map properties)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.core.ElementSelector
    public NodeList getElements(Node node, Map map) throws SoapSecurityException {
        XPathCanonicalizer.NodeListImpl wSAAllElements;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getElements(Node node[" + DOMUtil.getDisplayName(node) + "],Map context)");
        }
        if (node == null) {
            throw SoapSecurityException.format("security.wssecurity.ConfidentialDialectElementSelector.s02");
        }
        if (!(node instanceof Document)) {
            throw SoapSecurityException.format("security.wssecurity.IntegralDialectElementSelector.s01", node.getClass().getName(), Document.class.getName());
        }
        String str = (String) map.get(ElementSelector.DIALECT);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Dialect [" + str + "]");
        }
        if (str == null) {
            throw SoapSecurityException.format("Null is not allowed as the WAS dialect");
        }
        if (!Constants.DIALECT_WAS.equals(str)) {
            throw SoapSecurityException.format(clsName + " does not allow the dialect: " + str + ".");
        }
        String str2 = (String) map.get(ElementSelector.KEYWORD);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Keyword [" + str2 + "]");
        }
        if (str2 == null) {
            throw SoapSecurityException.format("security.wssecurity.ConfidentialDialectElementSelector.s03");
        }
        Object obj = map.get(ElementSelector.MODE);
        boolean equals = ElementSelector.SIGNATURE_MODE.equals((String) obj);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Mode [" + obj + "]");
        }
        String str3 = (String) map.get(ElementSelector.PROCESS_TYPE);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Process type [" + str3 + "]");
        }
        Object[] objArr = (Object[]) map.get(ElementSelector.ELEMENT);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Elements [" + objArr + "]");
        }
        Set set = (Set) map.get(ElementSelector.CONFIG);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Token generator configs [" + set + "]");
        }
        String str4 = (String) map.get(KEYSIGN_TYPE);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The type of signing key [" + str4 + "]");
        }
        boolean isTrue = ConfigUtil.isTrue((String) map.get(EXIST_STRTRANSFORM));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "STR-Transform exists [" + isTrue + "]");
        }
        IDResolver iDResolver = (IDResolver) map.get(ElementSelector.IDRESOLVER);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "ID resolver [" + iDResolver + "]");
        }
        Duration duration = (Duration) map.get(TIMESTAMP_DURATION);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Duration [" + duration + "]");
        }
        NonceManager nonceManager = (NonceManager) map.get(NonceManager.class);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Nonce manager [" + nonceManager + "]");
        }
        Object obj2 = map.get(Constants.SOAP_VERSION);
        int i = 0;
        if (obj2 != null && (obj2 instanceof Integer)) {
            i = ((Integer) obj2).intValue();
        }
        String str5 = Constants.NAMESPACES[2][i];
        Object obj3 = map.get(Constants.WSS_VERSION);
        int i2 = 0;
        if (obj3 != null && (obj3 instanceof Integer)) {
            i2 = ((Integer) obj3).intValue();
        }
        String str6 = Constants.NAMESPACES[0][i2];
        String str7 = Constants.NAMESPACES[1][i2];
        Document document = (Document) node;
        SOAPEnvelope documentElement = document.getDocumentElement();
        if (WASDIALECTS[0].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[0] + "]");
            }
            wSAAllElements = new XPathCanonicalizer.NodeListImpl();
            try {
                wSAAllElements.add(documentElement instanceof SOAPEnvelope ? documentElement.getBody() : DOMUtil.getOneChildElement(documentElement, str5, "Body"));
            } catch (SOAPException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception from SOAPEnvelope.getBody()" + e);
                }
                FFDCFilter.processException((Throwable) e, getClass().getName() + ".getElements", "273", (Object) this);
                throw new SoapSecurityException((Throwable) e);
            }
        } else if (WASDIALECTS[1].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[1] + "]");
            }
            wSAAllElements = equals ? getTimestampForSignature(map) : getTimestampForVerification(documentElement, str7, map);
        } else if (WASDIALECTS[2].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[2] + "]");
            }
            wSAAllElements = equals ? getTokensForSignature(set, map) : getTokensForVerification(set, map);
        } else if (WASDIALECTS[3].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[3] + "]");
            }
            wSAAllElements = getDsigKeyObjects(document, map, str4, isTrue, iDResolver, str6);
        } else if (WASDIALECTS[4].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[4] + "]");
            }
            wSAAllElements = getEncKeyObjects(document, map, str4, isTrue, iDResolver, str6);
        } else if (WASDIALECTS[5].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[5] + "]");
            }
            wSAAllElements = getWSAElement(map, document, "MessageID");
        } else if (WASDIALECTS[6].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[6] + "]");
            }
            wSAAllElements = getWSAElement(map, document, "To");
        } else if (WASDIALECTS[7].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[7] + "]");
            }
            wSAAllElements = getWSAElement(map, document, AuditConstants.ACTION);
        } else if (WASDIALECTS[8].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[8] + "]");
            }
            wSAAllElements = getWSAElement(map, document, "RelatesTo");
        } else if (WASDIALECTS[9].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[9] + "]");
            }
            wSAAllElements = getWSContextHeaderElement(document);
        } else if (WASDIALECTS[10].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[10] + "]");
            }
            wSAAllElements = getWSAElement(map, document, "From");
        } else if (WASDIALECTS[11].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[11] + "]");
            }
            wSAAllElements = getWSAElement(map, document, "ReplyTo");
        } else if (WASDIALECTS[12].equals(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[12] + "]");
            }
            wSAAllElements = getWSAElement(map, document, "FaultTo");
        } else {
            if (!WASDIALECTS[13].equals(str2)) {
                throw SoapSecurityException.format("security.wssecurity.SignatureGenerator.s03", str2);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing the keyword [" + WASDIALECTS[13] + "]");
            }
            wSAAllElements = getWSAAllElements(map, document);
        }
        if (str3 != null && equals) {
            wSAAllElements = postprocess(document, str3, wSAAllElements, objArr, duration, str6, str7, nonceManager, equals, false, str, str2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getElements(Node node,Map context)");
        }
        return wSAAllElements;
    }

    public static NodeList postprocess(Document document, String str, NodeList nodeList, Object[] objArr, Duration duration, String str2, String str3, NonceManager nonceManager, boolean z, boolean z2, String str4, String str5) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "postprocess(Document doc[" + DOMUtil.getDisplayName(document) + "],String type[" + str + "],NodeList list[" + nodeList + "],Object[] elements[" + objArr + "],Duration duration[" + duration + "],String nsWsse[" + str2 + "],String nsWsu[" + str3 + "],NoceManager nmanager[" + nonceManager + "]),boolean signature[" + z + "],boolean encryption[" + z2 + "],String dialect[" + str4 + "]),String keyword[" + str5 + "])");
        }
        if (nodeList.getLength() == 0) {
            throw SoapSecurityException.format("security.wssecurity.SignatureGenerator.s14", str4, str5);
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        String str6 = z2 ? Constants.WAS_EXTENTION_ENC : Constants.WAS_EXTENTION_DSIG;
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            if ("timestamp".equals(str)) {
                if (NonceUtil.getTimestamp(element, str3) == null) {
                    Element createTimestamp = NonceUtil.createTimestamp(document, element, str3, str6);
                    NonceUtil.addCreated(document, createTimestamp, str3);
                    if (duration != null) {
                        NonceUtil.addExpires(document, createTimestamp, duration, str3);
                    }
                }
            } else if (ElementSelector.PROCESS_NONCE.equals(str) && NonceUtil.getNonce(element, str2) == null) {
                NonceUtil.createNonce(document, element, str2, nonceManager, str6);
            }
            if (objArr != null) {
                boolean z3 = false;
                int i2 = 0;
                while (true) {
                    if (i2 >= objArr.length) {
                        break;
                    }
                    if (DOMUtil.equals((Node) objArr[i2], element)) {
                        z3 = true;
                        break;
                    }
                    i2++;
                }
                if (!z3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Added the element [" + DOMUtil.getDisplayName(element) + "]");
                    }
                    nodeListImpl.add(element);
                }
            }
        }
        if (z2) {
            nodeListImpl = new PartList("http://www.w3.org/2001/04/xmlenc#Element", nodeListImpl);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "postprocess(Document doc,String type,NodeList list,Object[] elements,Duration duration,String nsWsse,String nsWsu,NoceManager nmanager,boolean signature,boolean encryption,String dialect,String keyword) returns NodeList[" + nodeListImpl + "]");
        }
        return nodeListImpl;
    }

    private static NodeList getTimestampForSignature(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTimestmapForSignature(Map context)");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        Request[] requestArr = RequestPool.get(map, TimestampRequest.class);
        if (requestArr != null && requestArr.length > 0) {
            for (Request request : requestArr) {
                TimestampRequest timestampRequest = (TimestampRequest) request;
                if (timestampRequest.isSigned()) {
                    Element element = timestampRequest.getElement();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Added the element [" + DOMUtil.getDisplayName(element) + "].");
                    }
                    RequestMessagePool.EncryptedObject convertElement = RequestMessagePool.convertElement(map, element, -1);
                    if (convertElement == null) {
                        nodeListImpl.add(element);
                    } else {
                        if (convertElement.getEncryptedData() != null) {
                            nodeListImpl.add(convertElement.getEncryptedData());
                        }
                        if (convertElement.getHeaderInfo() != null) {
                            nodeListImpl.add(convertElement.getHeaderInfo());
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTimestmapForSignature(Map context)");
        }
        return nodeListImpl;
    }

    private static NodeList getTimestampForVerification(Element element, String str, Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTimestmapForVerification(Element root[" + DOMUtil.getDisplayName(element) + "],String nsWsu[" + str + "],Map context)");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(str, "Timestamp");
        if (elementsByTagNameNS != null && elementsByTagNameNS.getLength() > 0) {
            for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                Element element2 = (Element) elementsByTagNameNS.item(i);
                if (!element2.hasAttribute(Constants.WAS_EXTENTION)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Added the timestamp element without WAS extention [" + element2 + "]");
                    }
                    nodeListImpl.add(element2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTimestmapForVerification(Element root,String nsWsu,Map context) returns NodeList[" + nodeListImpl + "]");
        }
        return nodeListImpl;
    }

    private static NodeList getTokensForSignature(Set set, Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokensForSignature(Set configs[" + set + "],Map context)");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        Set<Token> tokens = TokenManager.getTokens(map);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) it.next();
            if (tokenGeneratorConfig.isStandAlone()) {
                for (Token token : tokens) {
                    if (tokenGeneratorConfig.equals(token.getUsedTokenGenerator()) && !token.isReferenced()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added the token element [" + token.getElement() + "]");
                        }
                        Element element = token.getElement();
                        RequestMessagePool.EncryptedObject convertElement = RequestMessagePool.convertElement(map, element, -1);
                        if (convertElement == null) {
                            nodeListImpl.add(element);
                        } else {
                            if (convertElement.getEncryptedData() != null) {
                                nodeListImpl.add(convertElement.getEncryptedData());
                            }
                            if (convertElement.getHeaderInfo() != null) {
                                nodeListImpl.add(convertElement.getHeaderInfo());
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTokensForSignature(Set configs,Map context) returns NodeList[" + nodeListImpl + "]");
        }
        return nodeListImpl;
    }

    private static NodeList getTokensForVerification(Set set, Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokensForVerification(Set configs[" + set + "],Map context)");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        if (set != null) {
            Set<Token> tokens = TokenManager.getTokens(map);
            Iterator it = set.iterator();
            while (it.hasNext()) {
                TokenConsumerConfig tokenConsumerConfig = (TokenConsumerConfig) it.next();
                if (!tokenConsumerConfig.isUsedForVerification() && !tokenConsumerConfig.isUsedForDecryption()) {
                    for (Token token : tokens) {
                        if (tokenConsumerConfig.equals(token.getUsedTokenConsumer()) && !token.isReferenced()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Added the token element [" + token.getElement() + "]");
                            }
                            nodeListImpl.add(token.getElement());
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTokensForVerification(Set configs,Map context) returns NodeList[" + nodeListImpl + "]");
        }
        return nodeListImpl;
    }

    public static NodeList getHeaderElement(Document document, String str, String str2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHeaderElement(Document doc[" + DOMUtil.getDisplayName(document) + "],String ns[" + str + "],String ln[" + str2 + "])");
        }
        NodeList nodeList = null;
        Element header = WSSGenerator.getHeader(document, false);
        if (header != null) {
            nodeList = header.getElementsByTagNameNS(str, str2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getHeaderElement(Document doc,String ns,String ln) returns NodeList[" + nodeList + "]");
        }
        return nodeList;
    }

    private static NodeList getDsigKeyObjects(Document document, Map map, String str, boolean z, IDResolver iDResolver, String str2) throws SoapSecurityException {
        NodeList childElements;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDsigKeyObjects(Document doc[" + DOMUtil.getDisplayName(document) + "],Map context,String keyInfoType[" + str + "],boolean existSTRTransform[" + z + "],IDResolver idResolver[" + iDResolver + "],String nsWsse[" + str2 + "])");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        Element securityHeader = getSecurityHeader(map, document);
        if (securityHeader != null && (childElements = DOMUtil.getChildElements(securityHeader, Constants.NS_DSIG, SOAPSignature.ELEM_SIGNATURE)) != null && childElements.getLength() > 0) {
            for (int i = 0; i < childElements.getLength(); i++) {
                NodeList keyObjects = getKeyObjects(document, (Element) childElements.item(i), str, z, iDResolver, str2);
                if (keyObjects.getLength() > 0) {
                    for (int i2 = 0; i2 < keyObjects.getLength(); i2++) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added the key objects in the Signature element [" + DOMUtil.getDisplayName(keyObjects.item(i2)) + "]");
                        }
                        nodeListImpl.add((Element) keyObjects.item(i2));
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDsigKeyObjects(Document doc,Map context,String keyInfoType,boolean existSTRTransform,IDResolver idResolver,String nsWsse) returns NodeList[" + nodeListImpl + "]");
        }
        return nodeListImpl;
    }

    private static NodeList getEncKeyObjects(Document document, Map map, String str, boolean z, IDResolver iDResolver, String str2) throws SoapSecurityException {
        NodeList childElements;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getEncKeyObjects(Document doc[" + DOMUtil.getDisplayName(document) + "],Map context,String keyInfoType[" + str + "],boolean existSTRTransform[" + z + "],IDResolver idResolver[" + iDResolver + "],String nsWsse[" + str2 + "])");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        Element securityHeader = getSecurityHeader(map, document);
        if (securityHeader != null && (childElements = DOMUtil.getChildElements(securityHeader, Constants.NS_ENC, "EncryptedKey")) != null && childElements.getLength() > 0) {
            for (int i = 0; i < childElements.getLength(); i++) {
                NodeList keyObjects = getKeyObjects(document, (Element) childElements.item(i), str, z, iDResolver, str2);
                if (keyObjects.getLength() > 0) {
                    for (int i2 = 0; i2 < keyObjects.getLength(); i2++) {
                        nodeListImpl.add((Element) keyObjects.item(i2));
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added the key objects in the EncryptedKey element [" + DOMUtil.getDisplayName(keyObjects.item(i2)) + "]");
                        }
                    }
                }
            }
        }
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(Constants.NS_ENC, "EncryptedData");
        if (elementsByTagNameNS != null && elementsByTagNameNS.getLength() > 0) {
            for (int i3 = 0; i3 < elementsByTagNameNS.getLength(); i3++) {
                NodeList keyObjects2 = getKeyObjects(document, (Element) elementsByTagNameNS.item(i3), str, z, iDResolver, str2);
                if (keyObjects2.getLength() > 0) {
                    for (int i4 = 0; i4 < keyObjects2.getLength(); i4++) {
                        nodeListImpl.add((Element) keyObjects2.item(i4));
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Added the key objects in the EncryptedData element [" + DOMUtil.getDisplayName(keyObjects2.item(i4)) + "]");
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getEncKeyObjects(Document doc,Map context,String keyInfoType,boolean existSTRTransform,IDResolver idResolver,String nsWsse) returns NodeList[" + nodeListImpl + "]");
        }
        return nodeListImpl;
    }

    private static NodeList getKeyObjects(Document document, Element element, String str, boolean z, IDResolver iDResolver, String str2) throws SoapSecurityException {
        Element firstElement;
        Element firstElement2;
        String attribute;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyObjects(Document doc[" + DOMUtil.getDisplayName(document) + "],Element parent[" + DOMUtil.getDisplayName(element) + "],String keyInfoType[" + str + "],boolean existSTRTransform[" + z + "],IDResolver idResolver[" + iDResolver + "],String nsWsse[" + str2 + "])");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        Element zeroOrOneElement = DOMUtil.getZeroOrOneElement(element, Constants.NS_DSIG, "KeyInfo");
        if (zeroOrOneElement != null) {
            if (KEYSIGNMETHOD[1].equals(str)) {
                Element firstElement3 = DOMUtil.getFirstElement(zeroOrOneElement);
                while (true) {
                    Element element2 = firstElement3;
                    if (element2 == null) {
                        break;
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Added the element in the KeyInfo element [" + DOMUtil.getDisplayName(element2) + "]");
                    }
                    nodeListImpl.add(element2);
                    firstElement3 = DOMUtil.getNextElement(element2);
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Added the element in the KeyInfo element [" + DOMUtil.getDisplayName(zeroOrOneElement) + "]");
                }
                nodeListImpl.add(zeroOrOneElement);
            }
            if (!z && (firstElement = DOMUtil.getFirstElement(zeroOrOneElement, str2, "SecurityTokenReference")) != null && (firstElement2 = DOMUtil.getFirstElement(firstElement, str2, "Reference")) != null && (attribute = firstElement2.getAttribute(PmiReqMetrics.URI_FILTER_TYPE)) != null) {
                if (attribute.length() < 2 || attribute.charAt(0) != '#') {
                    throw new RuntimeException("Unsupported type of URI: " + attribute);
                }
                Element resolveID = iDResolver.resolveID(document, attribute.substring(1));
                if (resolveID != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Added the referenced element [" + DOMUtil.getDisplayName(resolveID) + "]");
                    }
                    nodeListImpl.add(resolveID);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyObjects(Document doc,Element parent,String keyInfoType,boolean existSTRTransform,IDResolver idResolver,String nsWsse) returns NodeList[" + nodeListImpl + "]");
        }
        return nodeListImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static NodeList getWSContextHeaderElement(Document document) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSContextHeaderElement(Document doc[" + DOMUtil.getDisplayName(document) + "])");
        }
        NodeList nodeList = null;
        Element header = WSSGenerator.getHeader(document, false);
        if (header != null) {
            nodeList = DOMUtil.getChildElements(header, Constants.NS_WSCTX_V1, "Context");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getWSContextHeaderElement(Document doc) returns NodeList[" + nodeList + "]");
        }
        return nodeList;
    }

    private final NodeList getWSAElement(Map map, Document document, String str) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSAElement(Map context, Node node[" + DOMUtil.getDisplayName(document) + "], String [" + str + "])");
        }
        NodeList nodeList = null;
        boolean isGenerator = isGenerator(map);
        SOAPMessageContext sOAPMessageContext = (SOAPMessageContext) map.get(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_MESSAGE_CONTEXT);
        if (sOAPMessageContext == null) {
            throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s01");
        }
        Element header = WSSGenerator.getHeader(document, false);
        if (header != null) {
            if (isGenerator) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getting the element for [" + str + "] for generator");
                }
                String str2 = (String) sOAPMessageContext.getProperty(Constants.WSADDR_OUTBOUND);
                if (str2 == null || str2.length() == 0) {
                    str2 = Constants.NS_WSADDRS[0];
                    Tr.info(tc, "security.wssecurity.WSEC6732I", new String[]{str2});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No outbound namespace defined for WS-Address, default [" + str2 + "] is used.");
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Namespace for WS-Addressing outbound request [" + str2 + "].");
                }
                nodeList = DOMUtil.getChildElements(header, str2, str);
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getting the element for [" + str + "] for consumer");
                }
                boolean z = false;
                String str3 = null;
                int i = 0;
                while (true) {
                    if (i >= Constants.NS_WSADDRS.length) {
                        break;
                    }
                    nodeList = DOMUtil.getChildElements(header, Constants.NS_WSADDRS[i], str);
                    if (nodeList != null && nodeList.getLength() != 0) {
                        str3 = Constants.NS_WSADDRS[i];
                        z = true;
                        break;
                    }
                    i++;
                }
                if (z) {
                    String str4 = (String) sOAPMessageContext.getProperty(Constants.WSADDR_INBOUND);
                    if (str4 == null || str4.length() == 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No inbound WS-Addressing namespace is set, setting it to [" + str3 + "].");
                        }
                        sOAPMessageContext.setProperty(Constants.WSADDR_INBOUND, str3);
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Inbound WS-Addressing namespace was set to [" + str4 + "] and namespace found [" + str3 + "].");
                        }
                        if (!str4.equals(str3)) {
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "getWSAElement(Map context, Document doc, String elementName)");
                            }
                            throw SoapSecurityException.format("security.wssecurity.WSEC6733E");
                        }
                    }
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No SOAP header");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getWSAElement(Map context, Document doc, String elementName) returns " + toString(nodeList));
        }
        return nodeList;
    }

    private final NodeList getWSAAllElements(Map map, Document document) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSAAllElements(Map context, Node node[" + DOMUtil.getDisplayName(document) + "])");
        }
        boolean isGenerator = isGenerator(map);
        NodeList nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        SOAPMessageContext sOAPMessageContext = (SOAPMessageContext) map.get(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_MESSAGE_CONTEXT);
        if (sOAPMessageContext == null) {
            throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s01");
        }
        Element header = WSSGenerator.getHeader(document, false);
        if (header != null) {
            if (isGenerator) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getting all WSA elements for generator");
                }
                String str = (String) sOAPMessageContext.getProperty(Constants.WSADDR_OUTBOUND);
                if (str == null || str.length() == 0) {
                    str = Constants.NS_WSADDRS[0];
                    Tr.info(tc, "security.wssecurity.WSEC6732I", new String[]{str});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No outbound namespace defined for WS-Address, default [" + str + "] is used.");
                    }
                }
                nodeListImpl = getWSAAllElements(header, str, WSAELEMENTS);
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getting all WSA elements for consumer");
                }
                boolean z = false;
                String str2 = null;
                int i = 0;
                while (true) {
                    if (i >= Constants.NS_WSADDRS.length) {
                        break;
                    }
                    nodeListImpl = getWSAAllElements(header, Constants.NS_WSADDRS[i], WSAELEMENTS);
                    if (nodeListImpl != null && nodeListImpl.getLength() != 0) {
                        str2 = Constants.NS_WSADDRS[i];
                        z = true;
                        break;
                    }
                    i++;
                }
                if (z) {
                    String str3 = (String) sOAPMessageContext.getProperty(Constants.WSADDR_INBOUND);
                    if (str3 == null || str3.length() == 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No inbound WS-Addressing namespace is set, setting it to [" + str2 + "].");
                        }
                        sOAPMessageContext.setProperty(Constants.WSADDR_INBOUND, str2);
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Inbound WS-Addressing namespace was set to [" + str3 + "] and namespace found [" + str2 + "].");
                        }
                        if (!str3.equals(str2)) {
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "getWSAElement(Map context, Document doc, String elementName)");
                            }
                            throw SoapSecurityException.format("security.wssecurity.WSEC6733E");
                        }
                    }
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No SOAP header");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getWSAAllElements(Map context, Document doc) returns " + toString(nodeListImpl));
        }
        return nodeListImpl;
    }

    private final NodeList getWSAAllElements(Node node, String str, String[] strArr) {
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "getWSAAllElements(Node parent, String [" + str + "], String[] [" + toString(strArr) + "])");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return nodeListImpl;
            }
            for (String str2 : strArr) {
                if (node2.getNodeType() == 1 && DOMUtil.equals(node2, str, str2)) {
                    nodeListImpl.add(node2);
                }
            }
            firstChild = node2.getNextSibling();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final Element getSecurityHeader(Map map, Document document) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityHeader(Map context, Document doc[" + DOMUtil.getDisplayName(document) + "])");
        }
        String str = null;
        if (isGenerator(map)) {
            WSSGeneratorConfig wSSGeneratorConfig = (WSSGeneratorConfig) map.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey");
            if (wSSGeneratorConfig != null) {
                str = wSSGeneratorConfig.getTargetActor();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Got generator actor " + str);
            }
        } else {
            WSSConsumerConfig wSSConsumerConfig = (WSSConsumerConfig) map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey");
            if (wSSConsumerConfig != null) {
                str = wSSConsumerConfig.getMyActor();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Got consumer actor " + str);
            }
        }
        Object obj = map.get(Constants.SOAP_VERSION);
        int i = 0;
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        Object obj2 = map.get(Constants.WSS_VERSION);
        int i2 = 0;
        if (obj2 != null && (obj2 instanceof Integer)) {
            i2 = ((Integer) obj2).intValue();
        }
        Element securityHeader = WSSGenerator.getSecurityHeader(WSSGenerator.getHeader(document, false), i, i2, str, false);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityHeader(Map context, Document doc) returns " + securityHeader);
        }
        return securityHeader;
    }

    private final String toString(Object[] objArr) {
        if (objArr == null || objArr.length == 0) {
            return "{}";
        }
        StringBuffer stringBuffer = new StringBuffer("{");
        for (Object obj : objArr) {
            stringBuffer.append(obj).append(", ");
        }
        stringBuffer.append("}");
        return stringBuffer.toString();
    }

    private static final boolean isGenerator(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isGenerator(Map context)");
        }
        boolean z = false;
        boolean z2 = false;
        if (map.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey") != null) {
            z = true;
        }
        if (map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey") != null) {
            z2 = true;
        }
        if (!(z && z2) && (z || z2)) {
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "isGenerator(Map context) returns " + z);
            }
            return z;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Could not determine generator or consumer");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isGenerator(Map context)");
        }
        throw SoapSecurityException.format("security.wssecurity.WSEC6734E");
    }

    private final String toString(NodeList nodeList) {
        if (nodeList == null || nodeList.getLength() == 0) {
            return "<empty>";
        }
        StringBuffer stringBuffer = new StringBuffer("[ ");
        for (int i = 0; i < nodeList.getLength(); i++) {
            stringBuffer.append(DOMUtil.toString(nodeList.item(i))).append(", ");
        }
        stringBuffer.append(" ]");
        return stringBuffer.toString();
    }
}
