package com.ibm.ws.webservices.wssecurity.enc;

import com.ibm.crypto.pkcs11impl.provider.PKCS11Key;
import com.ibm.ws.webservices.wssecurity.Constants;
import com.ibm.ws.webservices.wssecurity.WSSConsumerComponent;
import com.ibm.ws.webservices.wssecurity.audit.WSSAuditEventGenerator;
import com.ibm.ws.webservices.wssecurity.config.AlgorithmConfig;
import com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.webservices.wssecurity.core.ElementSelector;
import com.ibm.ws.webservices.wssecurity.core.ResultMessagePool;
import com.ibm.ws.webservices.wssecurity.dsig.SignatureConsumer;
import com.ibm.ws.webservices.wssecurity.enc.DecryptionResult;
import com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoResult;
import com.ibm.ws.webservices.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.webservices.wssecurity.token.TokenManager;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.ws.webservices.wssecurity.util.IdUtil;
import com.ibm.ws.webservices.wssecurity.util.NonceUtil;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.ws.wssecurity.xss4j.dsig.util.Base64;
import com.ibm.ws.wssecurity.xss4j.enc.DecryptionContext;
import com.ibm.ws.wssecurity.xss4j.enc.ResourceShower;
import com.ibm.ws.wssecurity.xss4j.enc.type.DataReference;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedData;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedKey;
import com.ibm.ws.wssecurity.xss4j.enc.type.KeyReference;
import com.ibm.ws.wssecurity.xss4j.enc.type.ReferenceList;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.Token;
import com.ibm.wsspi.wssecurity.config.TokenConsumerConfig;
import com.ibm.xml.soapsec.Result;
import com.ibm.xml.soapsec.ResultPool;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.Key;
import java.security.Provider;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/webservices/wssecurity/enc/EncryptionConsumer.class */
public class EncryptionConsumer implements WSSConsumerComponent {
    private static final String comp = "security.wssecurity";
    private IdUtil _idResolver = null;
    private Map _selectors = null;
    private boolean _initialized = false;
    private static final TraceComponent tc = Tr.register(EncryptionConsumer.class, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
    private static final String clsName = EncryptionConsumer.class.getName();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/webservices/wssecurity/enc/EncryptionConsumer$ShowerImpl.class */
    public static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        public void showEncryptedResource(byte[] bArr, Object obj, Element element) {
            String str = null;
            try {
                str = EncryptedData.isOfType(element) ? new String(bArr, "UTF-8") : Base64.encode(bArr);
            } catch (Exception e) {
                Tr.debug(EncryptionConsumer.tc, "WARNING: An exception occured while the content is encoded with [UTF-8].");
            }
            if (EncryptedData.isOfType(element)) {
                Tr.debug(EncryptionConsumer.tc, "ResourceShower logs decrypt-" + element.getAttribute("Id") + ": " + str);
            } else {
                Tr.debug(EncryptionConsumer.tc, "ResourceShower logs decrypt-EncryptedKey: " + str);
            }
        }

        static /* synthetic */ ShowerImpl access$000() {
            return getInstance();
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSComponent, com.ibm.wsspi.wssecurity.Initializable
    public void init(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._selectors = map;
            this._idResolver = (IdUtil) map.get(ElementSelector.IDRESOLVER);
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSConsumerComponent
    public void invoke(Node node, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(Node target[" + DOMUtil.getDisplayName(node) + "],Map context)");
        }
        if (node == null) {
            throw SoapSecurityException.format("security.wssecurity.EncryptionConsumer.s13");
        }
        String namespaceURI = node.getNamespaceURI();
        String localName = node.getLocalName();
        int hashCode = (namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode());
        if (node.getNodeType() != 1 || (hashCode != Constants.HASH_ENC_ENCRYPTEDKEY && hashCode != Constants.HASH_ENC_REFERENCELIST)) {
            throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s03", DOMUtil.getQualifiedName(node));
        }
        Element element = (Element) node;
        Object obj = map.get(Constants.WSS_VERSION);
        int i = 0;
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = Constants.NAMESPACES[0][i];
        String str2 = Constants.NAMESPACES[1][i];
        WSSConsumerConfig wSSConsumerConfig = (WSSConsumerConfig) map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey");
        EncryptionConsumerConfig encryptionConsumerConfig = (EncryptionConsumerConfig) map.remove(EncryptionConsumerConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "EncryptionConsumerConfig [" + encryptionConsumerConfig + "].");
        }
        if (EncryptedKey.isOfType(element)) {
            checkEncryptedKey(element, encryptionConsumerConfig);
        } else {
            checkReferenceList(element, encryptionConsumerConfig);
        }
        setDecryptionResult(decrypt(element, encryptionConsumerConfig, this._idResolver, element.getOwnerDocument(), wSSConsumerConfig, new HashMap(), this._selectors, str, str2, map), map);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Node target,Map context)");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:27:0x00aa, code lost:
    
        throw com.ibm.wsspi.wssecurity.SoapSecurityException.format(com.ibm.ws.webservices.wssecurity.Constants.UNSUPPORTED_ALGORITHM, "security.wssecurity.PrivateConsumerConfig.s15", r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkEncryptedKey(org.w3c.dom.Element r4, com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig r5) throws com.ibm.wsspi.wssecurity.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 475
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.webservices.wssecurity.enc.EncryptionConsumer.checkEncryptedKey(org.w3c.dom.Element, com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig):void");
    }

    private static void checkReferenceList(Element element, EncryptionConsumerConfig encryptionConsumerConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkReferenceList(Element reflist[" + DOMUtil.getDisplayName(element) + "],EncryptionConsumerConfig config)");
        }
        if (encryptionConsumerConfig != null && encryptionConsumerConfig.getKeyEncryptionMethod() != null && encryptionConsumerConfig.getKeyEncryptionMethod().getAlgorithm().length() > 0) {
            throw SoapSecurityException.format(Constants.UNSUPPORTED_ALGORITHM, "security.wssecurity.EncryptionConsumer.s12", encryptionConsumerConfig.getKeyEncryptionMethod().getAlgorithm());
        }
        Element firstElement = DOMUtil.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                break;
            }
            String namespaceURI = element2.getNamespaceURI();
            String localName = element2.getLocalName();
            int hashCode = (namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode());
            if (hashCode == Constants.HASH_ENC_DATAREFERENCE || hashCode == Constants.HASH_ENC_KEYREFERENCE) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: There is unknown element " + DOMUtil.getQualifiedName(element2) + " in the " + DOMUtil.getQualifiedName(element) + " element.");
            }
            firstElement = DOMUtil.getNextElement(element2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkReferenceList(Element reflist,EncryptionConsumerConfig config)");
        }
    }

    private static void checkEncryptedData(Element element, EncryptionConsumerConfig encryptionConsumerConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkEncryptedKey(Element encdata[" + DOMUtil.getDisplayName(element) + "],EncryptionConsumerConfig config)");
        }
        Element firstElement = DOMUtil.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkEncryptedData(Element encdata,EncryptionConsumerConfig config)");
                    return;
                }
                return;
            }
            String namespaceURI = element2.getNamespaceURI();
            String localName = element2.getLocalName();
            int hashCode = (namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode());
            if (hashCode == Constants.HASH_ENC_ENCRYPTIONMETHOD) {
                String attribute = element2.getAttribute(WSSAuditEventGenerator.ALGORITHM);
                if (!encryptionConsumerConfig.getDataEncryptionMethod().getAlgorithm().equals(attribute)) {
                    throw SoapSecurityException.format(Constants.UNSUPPORTED_ALGORITHM, "security.wssecurity.PrivateConsumerConfig.s14", attribute);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " [" + attribute + "] is OK.");
                }
            } else if (hashCode == Constants.HASH_ENC_CIPHERDATA) {
                checkCipherData(element2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK.");
                }
            } else if (hashCode == Constants.HASH_DS_KEYINFO) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK.");
                }
            } else if (hashCode == Constants.HASH_ENC_ENCRYPTIONPROPS) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK. But this consumer igonores it.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: There is unknown element " + DOMUtil.getQualifiedName(element2) + " in the " + DOMUtil.getQualifiedName(element) + " element.");
            }
            firstElement = DOMUtil.getNextElement(element2);
        }
    }

    private static void checkCipherData(Element element) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCipherData(Element cipdata[" + DOMUtil.getDisplayName(element) + "])");
        }
        Element firstElement = DOMUtil.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                break;
            }
            String namespaceURI = element2.getNamespaceURI();
            String localName = element2.getLocalName();
            int hashCode = (namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode());
            if (hashCode == Constants.HASH_ENC_CIPHERVALUE || hashCode == Constants.HASH_ENC_CIPHERREFERENCE) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: There is unknown element " + DOMUtil.getQualifiedName(element2) + " in the " + DOMUtil.getQualifiedName(element) + " element.");
            }
            firstElement = DOMUtil.getNextElement(element2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCipherData(Element cipdata)");
        }
    }

    private static DecryptionResult decrypt(Element element, EncryptionConsumerConfig encryptionConsumerConfig, IdUtil idUtil, Document document, WSSConsumerConfig wSSConsumerConfig, Map map, Map map2, String str, String str2, Map map3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decrypt(Element target[" + DOMUtil.getDisplayName(element) + "],EncryptionConsumerConfig config,IdUtil idResolver[" + idUtil + "],Document document[" + DOMUtil.getDisplayName(document) + "],WSSConsumerConfig gconfig,Map type,Map properties,String nsWsse[" + str + "],String nsWsu[" + str2 + "],Map context)");
        }
        ArrayList arrayList = new ArrayList();
        DecryptionContext decryptionContext = new DecryptionContext();
        decryptionContext.setIdResolver(idUtil);
        decryptionContext.setAlgorithmFactory(wSSConsumerConfig.getAlgorithmFactory());
        if (tc.isDebugEnabled()) {
            decryptionContext.setResourceShower(ShowerImpl.access$000());
        }
        Map properties = wSSConsumerConfig.getProperties();
        decryptionContext.setHWConfigName((String) properties.get(Constants.HARDWARE_CONFIG_NAME));
        String str3 = (String) properties.get("com.ibm.ws.wssecurity.handler.OffloadAllCryptography");
        decryptionContext.setHWKeyStoreName((String) map3.remove(Constants.KEY_STORE_NAME));
        String str4 = null;
        AlgorithmConfig keyEncryptionMethod = encryptionConsumerConfig.getKeyEncryptionMethod();
        if (keyEncryptionMethod != null) {
            str4 = keyEncryptionMethod.getAlgorithm();
        }
        decryptionContext.setEncAlgorithm(str4);
        decryptionContext.setOffload(Boolean.TRUE);
        if (decryptionContext.shouldChangeProvider()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HARDWARE Acceleration enabled, Key Store Name is: ", decryptionContext.getHWConfigName());
            }
            Provider hWCryptoProviderInstance = ConfigUtil.getHWCryptoProviderInstance(decryptionContext.getHWConfigName());
            if (hWCryptoProviderInstance == null) {
                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware acceleration, continue processing.");
            } else {
                decryptionContext.setHWAccelerationProvider(hWCryptoProviderInstance, (Integer) properties.get(ConfigConstants.HARDWARE_CACHE_SIZE));
                decryptionContext.setCryptoOffloadProperty(str3);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HW crypto provider instance for HW Acceleration" + hWCryptoProviderInstance.getName());
                }
            }
        }
        Key key = null;
        Key key2 = null;
        Iterator it = getIds(element).iterator();
        while (it.hasNext()) {
            Element resolveID = idUtil.resolveID(document, (String) it.next());
            if (resolveID != null) {
                if (!EncryptedData.isOfType(resolveID)) {
                    throw SoapSecurityException.format("security.wssecurity.EncryptionReceiver.enc13", resolveID.getTagName());
                }
                checkEncryptedData(resolveID, encryptionConsumerConfig);
                if (EncryptedKey.isOfType(element)) {
                    if (key == null) {
                        key = SignatureConsumer.callKeyInfoConsumer(encryptionConsumerConfig.getEncryptionKeyInfo(), WSSKeyInfoComponent.KEY_DECRYPTING, map, map2, KeyInfo.searchForKeyInfo(element), map3);
                        if (decryptionContext.useHWKeyStore()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "HARDWARE Key Store Name is: ", decryptionContext.getHWKeyStoreName());
                            }
                            Provider hWCryptoProviderInstance2 = ConfigUtil.getHWCryptoProviderInstance(decryptionContext.getHWKeyStoreName());
                            if (hWCryptoProviderInstance2 == null) {
                                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
                            } else {
                                decryptionContext.setHWKeyStoreProvider(hWCryptoProviderInstance2);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "HW crypto provider instance for the HW KeyStore" + hWCryptoProviderInstance2.getName());
                                }
                            }
                        } else if ((key instanceof PKCS11Key) && !decryptionContext.shouldChangeProvider()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "PKCS11 Key is in use, but did not find hardware keystore/acceleration in the config");
                            }
                            String str5 = (String) properties.get(Constants.DEFAULT_BND_HW_KEYSTORE);
                            if (str5 != null) {
                                decryptionContext.setHWKeyStoreName(str5);
                                if (!decryptionContext.useHWKeyStore()) {
                                    Tr.error(tc, "Missing Hardware KeyStore Configuration, cannot use the PKCS11 type for encrypt/decrypt");
                                    throw SoapSecurityException.format("Missing Hardware KeyStore Configuration");
                                }
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "HARDWARE Key Store Name is: ", decryptionContext.getHWKeyStoreName());
                                }
                                Provider hWCryptoProviderInstance3 = ConfigUtil.getHWCryptoProviderInstance(decryptionContext.getHWKeyStoreName());
                                if (hWCryptoProviderInstance3 == null) {
                                    Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
                                } else {
                                    decryptionContext.setHWKeyStoreProvider(hWCryptoProviderInstance3);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "HW crypto provider instance for the HW KeyStore" + hWCryptoProviderInstance3.getName());
                                    }
                                }
                            }
                        }
                    }
                    if (key2 == null) {
                        key2 = decryptEncryptedKey(element, decryptionContext, key, resolveID);
                    }
                } else {
                    key2 = SignatureConsumer.callKeyInfoConsumer(encryptionConsumerConfig.getEncryptionKeyInfo(), WSSKeyInfoComponent.KEY_DECRYPTING, map, map2, KeyInfo.searchForKeyInfo(resolveID), map3);
                    if (decryptionContext.useHWKeyStore()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "HARDWARE Key Store Name is: ", decryptionContext.getHWKeyStoreName());
                        }
                        Provider hWCryptoProviderInstance4 = ConfigUtil.getHWCryptoProviderInstance(decryptionContext.getHWKeyStoreName());
                        if (hWCryptoProviderInstance4 == null) {
                            Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
                        } else {
                            decryptionContext.setHWKeyStoreProvider(hWCryptoProviderInstance4);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "HW crypto provider instance for the HW KeyStore" + hWCryptoProviderInstance4.getName());
                            }
                        }
                    } else if ((key instanceof PKCS11Key) && !decryptionContext.shouldChangeProvider()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "PKCS11 Key is in use, but did not find hardware keystore/acceleration in the config");
                        }
                        String str6 = (String) properties.get(Constants.DEFAULT_BND_HW_KEYSTORE);
                        if (str6 != null) {
                            decryptionContext.setHWKeyStoreName(str6);
                            if (!decryptionContext.useHWKeyStore()) {
                                Tr.error(tc, "Missing Hardware KeyStore Configuration, cannot use the PKCS11 type for encrypt/decrypt");
                                throw SoapSecurityException.format("Missing Hardware KeyStore Configuration");
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "HARDWARE Key Store Name is: ", decryptionContext.getHWKeyStoreName());
                            }
                            Provider hWCryptoProviderInstance5 = ConfigUtil.getHWCryptoProviderInstance(decryptionContext.getHWKeyStoreName());
                            if (hWCryptoProviderInstance5 == null) {
                                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
                            } else {
                                decryptionContext.setHWKeyStoreProvider(hWCryptoProviderInstance5);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "HW crypto provider instance for the HW KeyStore" + hWCryptoProviderInstance5.getName());
                                }
                            }
                        }
                    }
                }
                arrayList.add(decryptEncryptedData(resolveID, decryptionContext, key2, str, str2, map3));
            }
            if (decryptionContext.useHWKeyStore()) {
                ConfigUtil.returnHWCryptoProviderInstance(decryptionContext.getHWKeyStoreName(), decryptionContext.getHWKeyStoreProvider());
                decryptionContext.setHWKeyStoreProvider((Provider) null);
                decryptionContext.setHWKeyStoreName((String) null);
            }
        }
        if (decryptionContext.isHWAccelerationProvider()) {
            ConfigUtil.returnHWCryptoProviderInstance(decryptionContext.getHWConfigName(), decryptionContext.getHWAccelerationProvider());
        }
        if (decryptionContext.useHWKeyStore()) {
            ConfigUtil.returnHWCryptoProviderInstance(decryptionContext.getHWKeyStoreName(), decryptionContext.getHWKeyStoreProvider());
        }
        decryptionContext.clearLocalProviderMap();
        DecryptionResult decryptionResult = new DecryptionResult(encryptionConsumerConfig, arrayList);
        decryptionResult._token = getToken(decryptionResult, encryptionConsumerConfig, map3);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decrypt(Element target,EncryptionConsumerConfig config,IdUtil idResolver,Document document,WSSConsumerConfig gconfig,Map type,Map properties,String nsWsse,String nsWsu,Map context) returns DecryptionResult[" + decryptionResult + "]");
        }
        return decryptionResult;
    }

    private static List getIds(Element element) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getIds(Element target[" + DOMUtil.getDisplayName(element) + "])");
        }
        Element element2 = null;
        if (EncryptedKey.isOfType(element)) {
            element2 = DOMUtil.getChildElement(element, Constants.NS_ENC, "ReferenceList");
        } else if (ReferenceList.isOfType(element)) {
            element2 = element;
        }
        ArrayList arrayList = new ArrayList();
        if (element2 != null) {
            for (DataReference dataReference : new ReferenceList(element2).getReferences()) {
                if (dataReference instanceof DataReference) {
                    String uri = dataReference.getURI();
                    if (uri == null) {
                        throw SoapSecurityException.format("security.wssecurity.EncryptionConsumer.s01");
                    }
                    if (uri.length() > 1 && uri.charAt(0) == '#') {
                        arrayList.add(uri.substring(1));
                    }
                } else if (dataReference instanceof KeyReference) {
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getIds(Element target) returns List[" + arrayList + "]");
        }
        return arrayList;
    }

    private static Key decryptEncryptedKey(Element element, DecryptionContext decryptionContext, Key key, Element element2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decryptEncryptedKey(Element enckey[" + DOMUtil.getDisplayName(element) + "],DecryptionContext dcontext[" + decryptionContext + "],Key kek[" + key + "],Element encData[" + DOMUtil.getDisplayName(element2) + "])");
        }
        try {
            decryptionContext.setEncryptedType(element, (String) null, (Element) null, (Element) null);
            decryptionContext.setEncryptionMethod(DOMUtil.getChildElement(element2, Constants.NS_ENC, "EncryptionMethod"));
            if (decryptionContext.isHWAccelerationProvider()) {
                decryptionContext.setHWKey(key);
            } else {
                decryptionContext.setKey(key);
            }
            decryptionContext.decrypt();
            Key key2 = (Key) decryptionContext.getData();
            decryptionContext.setEncryptionMethod((Element) null);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "decryptEncryptedKey(Element enckey,DecryptionContext dcontext,Key kek,Element encdata) returns Key[" + key2 + "]");
            }
            return key2;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception from decrypting the key: ", e);
            }
            Tr.processException(e, clsName + ".decryptEncryptedKey", "586");
            Tr.error(tc, "security.wssecurity.EncryptionConsumer.s11", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.EncryptionConsumer.s11", e);
        }
    }

    private static DecryptionResult.DecryptedPart decryptEncryptedData(Element element, DecryptionContext decryptionContext, Key key, String str, String str2, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decryptEncryptedData(Element encdata[" + DOMUtil.getDisplayName(element) + "],DecryptionContext dcontext[" + decryptionContext + "],Key kek[" + key + "],String nsWsse[" + str + "],String nsWsu[" + str2 + "],Map context)");
        }
        try {
            Node node = null;
            if (com.ibm.ws.wssecurity.xss4j.enc.util.DOMUtil.hasParentNode(element)) {
                node = element.getParentNode();
            }
            decryptionContext.setEncryptedType(element, (String) null, (Element) null, (Element) null);
            decryptionContext.setKey(key);
            decryptionContext.decrypt();
            decryptionContext.replace();
            DecryptionResult.DecryptedPart createDecryptedPart = createDecryptedPart(element, decryptionContext, str, str2, map, node);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "decryptEncryptedData(Element encdata,DecryptionContext dcontext,Key dek,String nsWsse,String nsWsu,Map context) returns DecryptedPart[" + createDecryptedPart + "]");
            }
            return createDecryptedPart;
        } catch (Exception e) {
            Tr.processException(e, clsName + ".decryptEncryptedData", "628");
            Tr.error(tc, "security.wssecurity.EncryptionConsumer.s11", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.EncryptionConsumer.s11", e);
        }
    }

    private static DecryptionResult.DecryptedPart createDecryptedPart(Element element, DecryptionContext decryptionContext, String str, String str2, Map map, Node node) throws Exception {
        Node parentNode;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createDecryptedPart(Element encdata[" + DOMUtil.getDisplayName(element) + "],DecryptionContext dcontext[" + decryptionContext + "],String nsWsse[" + str + "],String nsWsu[" + str2 + "],Map context,Node parent)");
        }
        String type = decryptionContext.getType();
        DecryptionResult.DecryptedPart decryptedPart = null;
        NodeList dataAsNodeList = decryptionContext.getDataAsNodeList();
        if (dataAsNodeList.getLength() > 0) {
            Node item = dataAsNodeList.item(0);
            if (type.equals("http://www.w3.org/2001/04/xmlenc#Element")) {
                Element element2 = (Element) item;
                String id = IdUtil.getInstance().getId(element2);
                Element timestamp = NonceUtil.getTimestamp(element2, str2);
                Element nonce = NonceUtil.getNonce(element2, str);
                decryptedPart = new DecryptionResult.DecryptedPart(type, id, element2, nonce, timestamp, NonceUtil.isNonceFirst(element2, nonce, timestamp));
                ResultMessagePool.addElement(map, element, element2);
            } else if (type.equals("http://www.w3.org/2001/04/xmlenc#Content") && (parentNode = item.getParentNode()) != null && parentNode.getNodeType() == 1) {
                Element element3 = (Element) parentNode;
                String id2 = IdUtil.getInstance().getId(element3);
                Element timestamp2 = NonceUtil.getTimestamp(element3, str2);
                Element nonce2 = NonceUtil.getNonce(element3, str);
                decryptedPart = new DecryptionResult.DecryptedPart(type, id2, element3, nonce2, timestamp2, NonceUtil.isNonceFirst(element3, nonce2, timestamp2));
            }
        } else if (type.equals("http://www.w3.org/2001/04/xmlenc#Content") && node != null && node.getNodeType() == 1) {
            Element element4 = (Element) node;
            String id3 = IdUtil.getInstance().getId(element4);
            Element timestamp3 = NonceUtil.getTimestamp(element4, str2);
            Element nonce3 = NonceUtil.getNonce(element4, str);
            decryptedPart = new DecryptionResult.DecryptedPart(type, id3, element4, nonce3, timestamp3, NonceUtil.isNonceFirst(element4, nonce3, timestamp3));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createDecryptedPart(Element encdata,DecryptionContext dcontext,String nsWsse,String nsWsu,Map context,Node parent) returns DecryptedPart[" + decryptedPart + "]");
        }
        return decryptedPart;
    }

    private static void setDecryptionResult(DecryptionResult decryptionResult, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setDecryptionResult(DecryptionResult dresult[" + decryptionResult + "],Map context)");
        }
        for (DecryptionResult.DecryptedPart decryptedPart : decryptionResult._decryptedParts) {
            SignatureConsumer.removeNode(decryptedPart._timestamp, Constants.WAS_EXTENTION_ENC);
            SignatureConsumer.removeNode(decryptedPart._nonce, Constants.WAS_EXTENTION_ENC);
        }
        ResultPool.add(map, decryptionResult);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setDecryptionResult(DecryptionResult dresult,Map context)");
        }
    }

    private static KeyInfoResult[] getKeyInfoResults(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyInfoResults(Map context)");
        }
        KeyInfoResult[] keyInfoResultArr = null;
        Result[] resultArr = ResultPool.get(map, KeyInfoResult.class);
        if (resultArr != null) {
            keyInfoResultArr = new KeyInfoResult[resultArr.length];
            for (int i = 0; i < resultArr.length; i++) {
                keyInfoResultArr[i] = (KeyInfoResult) resultArr[i];
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInfoResults(Map context) returns KeyInfoResult[][" + keyInfoResultArr + "]");
        }
        return keyInfoResultArr;
    }

    private static KeyInfoResult getProcessedResult(DecryptionResult decryptionResult, KeyInfoResult[] keyInfoResultArr, List list) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProcessedResult(DecryptionResult dresult,KeyInfoResult[] results,List kclist");
        }
        KeyInfoResult keyInfoResult = null;
        if (keyInfoResultArr != null) {
            for (KeyInfoResult keyInfoResult2 : keyInfoResultArr) {
                if (keyInfoResult == null && list.contains(keyInfoResult2.getKeyInfoContentConsumer()) && keyInfoResult2.getError() == null) {
                    keyInfoResult = keyInfoResult2;
                } else {
                    decryptionResult._kresults.put(keyInfoResult2.getKeyInfoContentConsumer(), keyInfoResult2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getProcessedResult(DecryptionResult vresult,KeyInfoResult[] results,List kclist) returns KeyInfoResult[" + keyInfoResult + "]");
        }
        return keyInfoResult;
    }

    private static Token getToken(DecryptionResult decryptionResult, EncryptionConsumerConfig encryptionConsumerConfig, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getToken(DecryptionResult dresult[" + decryptionResult + "],EncryptionConsumerConfig econfig,Map context)");
        }
        Token token = null;
        Set set = null;
        KeyInfoResult[] keyInfoResults = getKeyInfoResults(map);
        KeyInfoResult processedResult = getProcessedResult(decryptionResult, keyInfoResults, encryptionConsumerConfig.getEncryptionKeyInfo().getContentConsumers());
        if (processedResult != null) {
            String idInSubject = processedResult.getIdInSubject();
            token = TokenManager.getToken(map, processedResult.getKeyInfoContentConsumer().getTokenConsumer(), idInSubject);
            if (token != null) {
                if (token.getError() != null) {
                    throw token.getError();
                }
                token.setReferenced(true);
            }
            set = TokenManager.getTokens(map, idInSubject);
        }
        List<EncryptionConsumerConfig> identityList = encryptionConsumerConfig.getIdentityList();
        if (identityList != null && identityList.size() > 0) {
            for (EncryptionConsumerConfig encryptionConsumerConfig2 : identityList) {
                for (KeyInfoContentConsumerConfig keyInfoContentConsumerConfig : encryptionConsumerConfig2.getEncryptionKeyInfo().getContentConsumers()) {
                    int i = 0;
                    while (true) {
                        if (i >= keyInfoResults.length) {
                            break;
                        }
                        if (keyInfoContentConsumerConfig.equals(keyInfoResults[i].getKeyInfoContentConsumer())) {
                            decryptionResult._identities.put(encryptionConsumerConfig2, keyInfoResults[i]);
                            break;
                        }
                        i++;
                    }
                }
            }
        }
        if (set != null && set.size() > 0) {
            for (KeyInfoResult keyInfoResult : keyInfoResults) {
                TokenConsumerConfig tokenConsumer = keyInfoResult.getKeyInfoContentConsumer().getTokenConsumer();
                if (tokenConsumer != null) {
                    Iterator it = set.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            Token token2 = (Token) it.next();
                            if (tokenConsumer.equals(token2.getUsedTokenConsumer())) {
                                decryptionResult._kresults.put(keyInfoResult, token2);
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getToken(DecryptionResult dresult,EncryptionConsumerConfig econfig,Map context) returns Token[" + token + "]");
        }
        return token;
    }
}
