package com.ibm.ws.webservices.wssecurity.enc;

import com.ibm.crypto.pkcs11impl.provider.PKCS11Key;
import com.ibm.websphere.wssecurity.admin.PolicyAttributesConstants;
import com.ibm.ws.webservices.wssecurity.Constants;
import com.ibm.ws.webservices.wssecurity.KRBConstants;
import com.ibm.ws.webservices.wssecurity.WSSAlgorithmFactory;
import com.ibm.ws.webservices.wssecurity.WSSGeneratorComponent;
import com.ibm.ws.webservices.wssecurity.config.AlgorithmConfig;
import com.ibm.ws.webservices.wssecurity.config.EncryptionGeneratorConfig;
import com.ibm.ws.webservices.wssecurity.config.KeyInfoGeneratorConfig;
import com.ibm.ws.webservices.wssecurity.config.ReferencePartConfig;
import com.ibm.ws.webservices.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.webservices.wssecurity.core.ElementSelector;
import com.ibm.ws.webservices.wssecurity.core.RequestMessagePool;
import com.ibm.ws.webservices.wssecurity.dsig.SignatureGenerator;
import com.ibm.ws.webservices.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.webservices.wssecurity.util.ConfidentialDialectElementSelector;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.ws.webservices.wssecurity.util.IdUtil;
import com.ibm.ws.webservices.wssecurity.util.NamespaceUtil;
import com.ibm.ws.wssecurity.xss4j.dsig.util.Base64;
import com.ibm.ws.wssecurity.xss4j.enc.EncryptionContext;
import com.ibm.ws.wssecurity.xss4j.enc.ResourceShower;
import com.ibm.ws.wssecurity.xss4j.enc.StructureException;
import com.ibm.ws.wssecurity.xss4j.enc.type.CipherData;
import com.ibm.ws.wssecurity.xss4j.enc.type.CipherValue;
import com.ibm.ws.wssecurity.xss4j.enc.type.DataReference;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedData;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedKey;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptionMethod;
import com.ibm.ws.wssecurity.xss4j.enc.type.KeyInfo;
import com.ibm.ws.wssecurity.xss4j.enc.type.ReferenceList;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.xml.soapsec.token.NonceManager;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/enc/EncryptionGenerator.class */
public class EncryptionGenerator implements WSSGeneratorComponent {
    private static final String comp = "security.wssecurity";
    private IdUtil _idResolver = null;
    private Map _selectors = null;
    private boolean _initialized = false;
    private static final TraceComponent tc = Tr.register(EncryptionGenerator.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = EncryptionGenerator.class.getName();

    /* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/enc/EncryptionGenerator$ShowerImpl.class */
    private static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        @Override // com.ibm.ws.wssecurity.xss4j.enc.ResourceShower
        public void showEncryptedResource(byte[] bArr, Object obj, Element element) {
            String str = null;
            try {
                str = EncryptedData.isOfType(element) ? new String(bArr, "UTF-8") : Base64.encode(bArr);
            } catch (Exception e) {
                Tr.debug(EncryptionGenerator.tc, "WARNING: An exception occured while the content is encoded with [UTF-8].");
            }
            if (EncryptedData.isOfType(element)) {
                Tr.debug(EncryptionGenerator.tc, "ResourceShower logs encrypt-" + element.getAttribute(PolicyAttributesConstants.ID) + ": " + str);
            } else {
                Tr.debug(EncryptionGenerator.tc, "ResourceShower logs encrypt-EncryptedKey: " + str);
            }
        }

        static /* synthetic */ ShowerImpl access$000() {
            return getInstance();
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSComponent, com.ibm.wsspi.wssecurity.Initializable
    public void init(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._selectors = map;
            this._idResolver = (IdUtil) map.get(ElementSelector.IDRESOLVER);
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSGeneratorComponent
    public void invoke(Document document, Element element, Map map) throws SoapSecurityException {
        Element insertElement;
        Key key;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(Document doc[" + DOMUtil.getDisplayName(document) + "],Element parent[" + DOMUtil.getDisplayName(element) + "],Map context)");
        }
        Object obj = map.get(Constants.SOAP_VERSION);
        int i = 0;
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = Constants.NAMESPACES[2][i];
        Object obj2 = map.get(Constants.WSS_VERSION);
        int i2 = 0;
        if (obj2 != null && (obj2 instanceof Integer)) {
            i2 = ((Integer) obj2).intValue();
        }
        String str2 = Constants.NAMESPACES[0][i2];
        String str3 = Constants.NAMESPACES[1][i2];
        if (element == null) {
            throw SoapSecurityException.format("security.wssecurity.SignatureGenerator.s11", "Null", "the parent element");
        }
        String localName = element.getLocalName();
        if (NamespaceUtil.isWsse(element.getNamespaceURI()) != i2 || !KRBConstants.ELM_SECURITY.equals(localName)) {
            throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s03", DOMUtil.getQualifiedName(element));
        }
        WSSGeneratorConfig wSSGeneratorConfig = (WSSGeneratorConfig) map.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey");
        EncryptionGeneratorConfig encryptionGeneratorConfig = (EncryptionGeneratorConfig) map.remove(EncryptionGeneratorConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "EncryptionGeneratorConfig [" + encryptionGeneratorConfig + "].");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Examining encrypting parts.");
        }
        boolean z = false;
        boolean z2 = false;
        HashSet hashSet = new HashSet();
        HashMap hashMap = new HashMap(map);
        hashMap.put(NonceManager.class, wSSGeneratorConfig.getNonceManager());
        hashMap.put(ElementSelector.IDRESOLVER, this._idResolver);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ReferencePartConfig reference = encryptionGeneratorConfig.getReference();
        if (reference != null && reference.getParts() != null && reference.getParts().iterator() != null) {
            for (ReferencePartConfig.PartConfig partConfig : reference.getParts()) {
                if (partConfig.isTimestamp() || partConfig.isNonce()) {
                    z2 = true;
                    hashSet.add(partConfig);
                } else {
                    String dialect = partConfig.getDialect();
                    String keyword = partConfig.getKeyword();
                    PartList partList = (PartList) SignatureGenerator.getMessagePart(document, dialect, keyword, ElementSelector.ENCRYPTION_MODE, this._selectors, ConfidentialDialectElementSelector.class, hashMap);
                    if (partList == null || partList.getLength() <= 0) {
                        throw SoapSecurityException.format("security.wssecurity.SignatureGenerator.s14", dialect, keyword);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, partList.getLength() + " parts found.");
                    }
                    arrayList2.add(partList);
                    for (int i3 = 0; i3 < partList.getLength(); i3++) {
                        arrayList3.add(partList.item(i3));
                        boolean z3 = false;
                        while (!z3) {
                            String makeUniqueId = IdUtil.getInstance().makeUniqueId(document, "wssecurity_encryption_id_");
                            if (!arrayList.contains(makeUniqueId)) {
                                arrayList.add(makeUniqueId);
                                z3 = true;
                            }
                        }
                        z = true;
                    }
                }
            }
        }
        if (!z) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke(Document doc,Element parent,Map context)");
                return;
            }
            return;
        }
        HashMap hashMap2 = new HashMap();
        EncryptionContext encryptionContext = new EncryptionContext();
        AlgorithmConfig keyEncryptionMethod = encryptionGeneratorConfig.getKeyEncryptionMethod();
        encryptionContext.setEncAlgorithm(keyEncryptionMethod != null ? keyEncryptionMethod.getAlgorithm() : null);
        map.put(Constants.KEY_ALGORITHM, encryptionGeneratorConfig.getDataEncryptionMethod().getAlgorithm());
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Data encryption algorithm is : " + encryptionGeneratorConfig.getDataEncryptionMethod().getAlgorithm());
        }
        WSSAlgorithmFactory algorithmFactory = wSSGeneratorConfig.getAlgorithmFactory();
        encryptionContext.setAlgorithmFactory(algorithmFactory);
        Map properties = encryptionGeneratorConfig.getProperties();
        Map properties2 = wSSGeneratorConfig.getProperties();
        encryptionContext.setHWConfigName((String) properties2.get("HWCONFIG"));
        String str4 = (String) properties2.get("com.ibm.ws.wssecurity.handler.OffloadAllCryptography");
        encryptionContext.setOffload((Boolean) properties2.get(ConfigConstants.OFFLOAD_RSA_PUBKEY_CRYPTO));
        if (encryptionContext.shouldChangeProvider()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HARDWARE Acceleration enabled, Key Store Name is: ", encryptionContext.getHWConfigName());
            }
            Provider hWCryptoProviderInstance = ConfigUtil.getHWCryptoProviderInstance(encryptionContext.getHWConfigName());
            if (hWCryptoProviderInstance == null) {
                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware acceleration, continue processing.");
            } else {
                encryptionContext.setHWAccelerationProvider(hWCryptoProviderInstance, (Integer) properties2.get(ConfigConstants.HARDWARE_CACHE_SIZE));
                encryptionContext.setCryptoOffloadProperty(str4);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HW crypto provider instance for HW Acceleration" + hWCryptoProviderInstance.getName());
                }
            }
        }
        encryptionContext.setHWKeyStoreName((String) properties.get("com.ibm.ws.wssecurity.config.keystore.keyStoreRef"));
        if (encryptionContext.useHWKeyStore()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HARDWARE Key Store Name is: ", encryptionContext.getHWKeyStoreName());
            }
            Provider hWCryptoProviderInstance2 = ConfigUtil.getHWCryptoProviderInstance(encryptionContext.getHWKeyStoreName());
            if (hWCryptoProviderInstance2 == null) {
                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
            } else {
                encryptionContext.setHWKeyStoreProvider(hWCryptoProviderInstance2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HW crypto provider instance for the HW KeyStore" + hWCryptoProviderInstance2.getName());
                }
            }
        }
        hashMap2.put(Constants.DEFAULT_BND_HW_KEYSTORE, (String) properties2.get(Constants.DEFAULT_BND_HW_KEYSTORE));
        if (tc.isDebugEnabled()) {
            encryptionContext.setResourceShower(ShowerImpl.access$000());
        }
        String algorithm = encryptionGeneratorConfig.getKeyEncryptionMethod() != null ? encryptionGeneratorConfig.getKeyEncryptionMethod().getAlgorithm() : null;
        boolean z4 = algorithm != null && algorithm.length() > 0;
        EncryptedData createEncryptedData = createEncryptedData(encryptionGeneratorConfig, document, !z4 && wSSGeneratorConfig.isUserDefinedComponentsUsed(), algorithmFactory);
        if (z4) {
            try {
                insertElement = SignatureGenerator.insertElement(element, createEncryptedKey(encryptionGeneratorConfig, arrayList, algorithmFactory, document, str, str2, str3, wSSGeneratorConfig.isUserDefinedComponentsUsed()).createElement(document, true), str3, map);
                Key callKeyInfoGenerator = SignatureGenerator.callKeyInfoGenerator(encryptionGeneratorConfig.getEncryptionKeyInfo(), WSSKeyInfoComponent.KEY_ENCRYPTING, hashMap2, this._selectors, document, insertElement, map);
                if ((callKeyInfoGenerator instanceof PKCS11Key) && !encryptionContext.shouldChangeProvider() && !encryptionContext.useHWKeyStore()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "PKCS11 Key is in use, but did not find hardware keystore/acceleration in the config");
                    }
                    String str5 = (String) properties2.get(Constants.DEFAULT_BND_HW_KEYSTORE);
                    if (str5 != null) {
                        encryptionContext.setHWKeyStoreName(str5);
                        if (!encryptionContext.useHWKeyStore()) {
                            Tr.error(tc, "Missing Hardware KeyStore Configuration, cannot use the PKCS11 type for encrypt/decrypt");
                            throw SoapSecurityException.format("Missing Hardware KeyStore Configuration");
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "HARDWARE Key Store Name is: ", encryptionContext.getHWKeyStoreName());
                        }
                        Provider hWCryptoProviderInstance3 = ConfigUtil.getHWCryptoProviderInstance(encryptionContext.getHWKeyStoreName());
                        if (hWCryptoProviderInstance3 == null) {
                            Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
                        } else {
                            encryptionContext.setHWKeyStoreProvider(hWCryptoProviderInstance3);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "HW crypto provider instance for the HW KeyStore" + hWCryptoProviderInstance3.getName());
                            }
                        }
                    }
                }
                key = generateKey(encryptionContext, createEncryptedData, document, callKeyInfoGenerator);
                encryptKey(map, encryptionContext, insertElement, document, key, callKeyInfoGenerator);
                DOMUtil.getOneChildElement(insertElement, Constants.NS_ENC, "ReferenceList");
            } catch (StructureException e) {
                Tr.processException(e, clsName + ".invoke", "322");
                throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s01", "EncryptedKey", e);
            }
        } else {
            try {
                insertElement = SignatureGenerator.insertElement(element, createReferenceList(arrayList, document, str, str2, str3).createElement(document, true), str3, map);
                key = null;
            } catch (StructureException e2) {
                Tr.processException(e2, clsName + ".invoke", "355");
                throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s01", "ReferenceLost", e2);
            }
        }
        if (z2) {
            Object[] array = arrayList3.toArray();
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
            }
        }
        encrypt(encryptionGeneratorConfig.getEncryptionKeyInfo(), hashMap2, this._selectors, document, map, encryptionGeneratorConfig.remainSignatureAfterEncryption(), arrayList2, arrayList, encryptionContext, insertElement, createEncryptedData, key, wSSGeneratorConfig.isUserDefinedComponentsUsed());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Document doc,Element parent,Map context)");
        }
    }

    private static EncryptedKey createEncryptedKey(EncryptionGeneratorConfig encryptionGeneratorConfig, List list, WSSAlgorithmFactory wSSAlgorithmFactory, Document document, String str, String str2, String str3, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createEncryptedKey(EncryptionGeneratorConfig config,List ids[" + list + "],WSSAlgorithmFactory factory[" + wSSAlgorithmFactory + "],Document doc[" + DOMUtil.getDisplayName(document) + "],String nsSoap[" + str + "],String nsWsse[" + str2 + "],String nsWsu[" + str3 + "],boolean userDefinedComponentsUsed[" + z + "])");
        }
        EncryptedKey encryptedKey = new EncryptedKey();
        encryptedKey.setEncryptionMethod(createEncryptionMethod(encryptionGeneratorConfig.getKeyEncryptionMethod(), wSSAlgorithmFactory));
        if (z) {
            encryptedKey.setKeyInfo(createKeyInfo(document));
        }
        encryptedKey.setCipherData(createCipherData());
        encryptedKey.setReferenceList(createReferenceList(list, document, str, str2, str3));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createEncryptedKey(EncryptionGeneratorConfig config,List ids,WSSAlgorithmFactory factory,Document doc,String nsSoap,String nsWsse,String nsWsu,boolean userDefinedComponentsUsed) returns EncryptedKey[" + encryptedKey + "]");
        }
        return encryptedKey;
    }

    private static EncryptionMethod createEncryptionMethod(AlgorithmConfig algorithmConfig, WSSAlgorithmFactory wSSAlgorithmFactory) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setEncryptionMethod(AlgorithmConfig aconfig[" + algorithmConfig + "],WSSAlgorithmFactory factory[" + wSSAlgorithmFactory + "])");
        }
        EncryptionMethod encryptionMethod = new EncryptionMethod();
        encryptionMethod.setAlgorithm(algorithmConfig.getAlgorithm());
        try {
            AlgorithmParameterSpec convertParameter = wSSAlgorithmFactory.convertParameter(algorithmConfig.getAlgorithm(), algorithmConfig.getProperties());
            if (convertParameter != null) {
                encryptionMethod.setParameterSpec(wSSAlgorithmFactory, convertParameter);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "setEncryptionMethod(AlgorithmConfig aconfig,WSSAlgorithmFactory factory) returns EncryptionMethod[" + encryptionMethod + "]");
            }
            return encryptionMethod;
        } catch (InvalidAlgorithmParameterException e) {
            Tr.processException(e, clsName + ".createEncryptionMethod", "493");
            Tr.error(tc, "security.wssecurity.EncryptionGenerator.s14", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s14", e);
        } catch (NoSuchAlgorithmException e2) {
            Tr.processException(e2, clsName + ".createEncryptionMethod", "497");
            Tr.error(tc, "security.wssecurity.EncryptionGenerator.s14", new Object[]{e2});
            throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s14", e2);
        }
    }

    private static KeyInfo createKeyInfo(Document document) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createKeyInfo(Document doc[" + DOMUtil.getDisplayName(document) + "])");
        }
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.addElement(document.createElement("dummy"));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createKeyInfo(Document doc) returns KeyInfo[" + keyInfo + "]");
        }
        return keyInfo;
    }

    private static CipherData createCipherData() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createCipherData()");
        }
        CipherValue cipherValue = new CipherValue();
        CipherData cipherData = new CipherData();
        cipherData.setCipherValue(cipherValue);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createCipherData() returns CipherData[" + cipherData + "]");
        }
        return cipherData;
    }

    private static ReferenceList createReferenceList(List list, Document document, String str, String str2, String str3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createReferenceList(List ids[" + list + "],Document doc[" + DOMUtil.getDisplayName(document) + "],String nsSoap[" + str + "],String nsWsse[" + str2 + "],String nsWsu[" + str3 + "])");
        }
        ReferenceList referenceList = new ReferenceList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str4 = (String) it.next();
            DataReference dataReference = new DataReference();
            dataReference.setURI("#" + str4);
            referenceList.addDataReference(dataReference);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createReferenceList(List ids,Document doc,String nsSoap,String nsWsse,String nsWsu) returns ReferenceList[" + referenceList + "]");
        }
        return referenceList;
    }

    private static EncryptedData createEncryptedData(EncryptionGeneratorConfig encryptionGeneratorConfig, Document document, boolean z, WSSAlgorithmFactory wSSAlgorithmFactory) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createEncryptedData(EncryptionGeneratorConfig config,Document doc[" + DOMUtil.getDisplayName(document) + "],boolean createKeyInfo[" + z + "],WSSAlgorithmFactory factory[" + wSSAlgorithmFactory + "])");
        }
        EncryptedData encryptedData = new EncryptedData();
        encryptedData.setEncryptionMethod(createEncryptionMethod(encryptionGeneratorConfig.getDataEncryptionMethod(), wSSAlgorithmFactory));
        if (z) {
            encryptedData.setKeyInfo(createKeyInfo(document));
        }
        encryptedData.setCipherData(createCipherData());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createEncryptedData(EncryptionGeneratorConfig config,Document doc,boolean createKeyInfo,WSSAlgorithmFactory factory) returns EncryptedData[" + encryptedData + "]");
        }
        return encryptedData;
    }

    private static Key generateKey(EncryptionContext encryptionContext, EncryptedData encryptedData, Document document, Key key) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateKey(EncryptionContext econtext[" + encryptionContext + "],EncryptedData ed[" + encryptedData + "],Document doc[" + DOMUtil.getDisplayName(document) + "],Key kek[" + key + "])");
        }
        try {
            encryptionContext.setEncryptedType(encryptedData.createElement(document, true), (String) null, (Element) null, (Element) null);
            Key generateKey = encryptionContext.generateKey();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "generateKey(EncryptionContext econtext,EncryptedData ed,Document doc,Key kek) returns Key[" + generateKey + "]");
            }
            return generateKey;
        } catch (Exception e) {
            Tr.processException(e, clsName + ".generateKey", "638");
            Tr.error(tc, "security.wssecurity.EncryptionGenerator.s11", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s11", e);
        }
    }

    private static void encrypt(KeyInfoGeneratorConfig keyInfoGeneratorConfig, Map map, Map map2, Document document, Map map3, boolean z, List list, List list2, EncryptionContext encryptionContext, Element element, EncryptedData encryptedData, Key key, boolean z2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encrypt(KeyInfoGeneratorConfig config,Map type,Map properties,Document doc[" + DOMUtil.getDisplayName(document) + "],Map context,boolean sigAfterEnc,List pList[" + list + "],List idList[" + list2 + "],EncryptionContext econtext[" + encryptionContext + "],Element einfo[" + DOMUtil.getDisplayName(element) + "],EncryptedData ed[" + encryptedData + "],Key dek[" + key + "], boolean userDefinedComponentsUsed[" + z2 + "])");
        }
        if (key == null && z2) {
            encryptedData.setKeyInfo(createKeyInfo(document));
        }
        RequestMessagePool.addDocument(map3, document, list, z);
        try {
            try {
                int size = list2.size() - 1;
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    PartList partList = (PartList) it.next();
                    for (int i = 0; i < partList.getLength(); i++) {
                        String type = partList.getType();
                        Element element2 = (Element) partList.item(i);
                        int i2 = size;
                        size--;
                        encryptedData.setId((String) list2.get(i2));
                        encryptedData.setType(type);
                        encryptionContext.setData(element2);
                        Element createElement = encryptedData.createElement(document, true);
                        if (key == null) {
                            Key callKeyInfoGenerator = SignatureGenerator.callKeyInfoGenerator(keyInfoGeneratorConfig, WSSKeyInfoComponent.KEY_ENCRYPTING, map, map2, document, createElement, map3);
                            if ((callKeyInfoGenerator instanceof PKCS11Key) && !encryptionContext.shouldChangeProvider() && !encryptionContext.useHWKeyStore()) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "PKCS11 Key is in use, but did not find hardware keystore/acceleration in the config");
                                }
                                String str = (String) map.get(Constants.DEFAULT_BND_HW_KEYSTORE);
                                if (str != null) {
                                    encryptionContext.setHWKeyStoreName(str);
                                    if (!encryptionContext.useHWKeyStore()) {
                                        Tr.error(tc, "Missing Hardware KeyStore Configuration, cannot use the PKCS11 type for encrypt/decrypt");
                                        throw SoapSecurityException.format("Missing Hardware KeyStore Configuration");
                                    }
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "HARDWARE Key Store Name is: ", encryptionContext.getHWKeyStoreName());
                                    }
                                    Provider hWCryptoProviderInstance = ConfigUtil.getHWCryptoProviderInstance(encryptionContext.getHWKeyStoreName());
                                    if (hWCryptoProviderInstance == null) {
                                        Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
                                    } else {
                                        encryptionContext.setHWKeyStoreProvider(hWCryptoProviderInstance);
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "HW crypto provider instance for the HW KeyStore" + hWCryptoProviderInstance.getName());
                                        }
                                    }
                                }
                            }
                            encryptionContext.setKey(callKeyInfoGenerator);
                        } else {
                            encryptionContext.setKey(key);
                        }
                        encryptionContext.setEncryptedType(createElement, (String) null, (Element) null, (Element) null);
                        encryptionContext.encrypt();
                        encryptionContext.replace();
                        RequestMessagePool.addElement(map3, element2, encryptionContext.getEncryptedTypeAsElement(), element);
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "encrypt(KeyInfoGeneratorConfig config,Map type,Map properties,Document doc,Map context,boolean sigAfterEnc,List pList,List idList,EncryptionContext econtext,Element einfo,EncryptedData ed,Document doc,Key dek, boolean userDefinedComponentsUsed)");
                }
            } catch (Exception e) {
                Tr.processException(e, clsName + ".encrypt", "730");
                Tr.error(tc, "security.wssecurity.EncryptionGenerator.s12", new Object[]{e});
                throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s12", e);
            }
        } finally {
            encryptionContext.clearLocalProviderMap();
            if (encryptionContext.isHWAccelerationProvider()) {
                ConfigUtil.returnHWCryptoProviderInstance(encryptionContext.getHWConfigName(), encryptionContext.getHWAccelerationProvider());
            }
            if (encryptionContext.isHWKeyStoreProvider()) {
                ConfigUtil.returnHWCryptoProviderInstance(encryptionContext.getHWKeyStoreName(), encryptionContext.getHWKeyStoreProvider());
            }
        }
    }

    private static void encryptKey(Map map, EncryptionContext encryptionContext, Element element, Document document, Key key, Key key2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encryptKey(EncryptionContext econtext[" + encryptionContext + "],EncryptedData ed[" + element + "],Document doc[" + DOMUtil.getDisplayName(document) + "],Key dek[" + key + "],Key kek[" + key2 + "])");
        }
        try {
            encryptionContext.setData(key);
            encryptionContext.setEncryptedType(element, (String) null, (Element) null, (Element) null);
            if (encryptionContext.isHWAccelerationProvider()) {
                encryptionContext.setHWKeyFromCache((PublicKey) key2);
            } else {
                encryptionContext.setKey(key2);
            }
            encryptionContext.encrypt();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "encryptKey(EncryptionContext econtext,EncryptedData ed,Document doc,Key dek,Key kek)");
            }
        } catch (Exception e) {
            Tr.processException(e, clsName + ".encryptKey", "776");
            Tr.error(tc, "security.wssecurity.EncryptionGenerator.s13", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s13", e);
        }
    }
}
