package com.ibm.ws.wssecurity.enc;

import com.ibm.pkcs11.PKCS11Exception;
import com.ibm.security.trust10.types.IRSTTemplate;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.Constants0;
import com.ibm.ws.wssecurity.common.WSSAlgorithmFactory;
import com.ibm.ws.wssecurity.config.AlgorithmConfig;
import com.ibm.ws.wssecurity.config.EncryptionGeneratorConfig;
import com.ibm.ws.wssecurity.config.KeyInfoGeneratorConfig;
import com.ibm.ws.wssecurity.config.ReferencePartConfig;
import com.ibm.ws.wssecurity.config.WSSGeneratorConfig;
import com.ibm.ws.wssecurity.core.ElementSelector;
import com.ibm.ws.wssecurity.core.WSSGeneratorComponent;
import com.ibm.ws.wssecurity.core.XMLElement;
import com.ibm.ws.wssecurity.dsig.WSSObjectSignatureGenerator;
import com.ibm.ws.wssecurity.filter.BodyC14NFilter;
import com.ibm.ws.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.wssecurity.token.NonceManager;
import com.ibm.ws.wssecurity.util.ConfidentialDialectElementSelector;
import com.ibm.ws.wssecurity.util.ConfigConstants;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.NamespaceUtil;
import com.ibm.ws.wssecurity.util.QNameHeaderSelector;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.util.WSSObjectUtils;
import com.ibm.ws.wssecurity.util.io.ByteArrayHolder;
import com.ibm.ws.wssecurity.wssobject.impl.WSSObjectDocumentImpl;
import com.ibm.ws.wssecurity.wssobject.impl.wsse10.Security;
import com.ibm.ws.wssecurity.wssobject.interfaces.BelongsToNamespace;
import com.ibm.ws.wssecurity.wssobject.interfaces.WSSObjectElement;
import com.ibm.ws.wssecurity.wssobject.util.NamespacePrefixPair;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartAttributeValue;
import com.ibm.ws.wssecurity.wssobject.util.VariablePartFactory;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.ws.wssecurity.xml.xss4j.enc.EncryptionContext;
import com.ibm.ws.wssecurity.xml.xss4j.enc.ResourceShower;
import com.ibm.ws.wssecurity.xml.xss4j.enc.StructureException;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.CipherData;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.CipherValue;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.DataReference;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.EncryptedData;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.EncryptedHeader;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.EncryptedKey;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.EncryptedType;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.EncryptionMethod;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.KeyInfo;
import com.ibm.ws.wssecurity.xml.xss4j.enc.type.ReferenceList;
import com.ibm.ws.wssecurity.xml.xss4j.enc.util.Util;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMDocument;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.om.impl.llom.OMSourcedElementImpl;
import org.apache.axiom.soap.impl.llom.soap11.SOAP11BodyImpl;
import org.apache.axiom.soap.impl.llom.soap12.SOAP12BodyImpl;
import org.apache.axis2.context.MessageContext;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/enc/WSSObjectEncryptionGenerator.class */
public class WSSObjectEncryptionGenerator implements WSSGeneratorComponent {
    private static final String comp = "security.wssecurity";
    private IdUtils _idResolver = null;
    private Map<Object, Object> _selectors = null;
    private boolean _initialized = false;
    private static final TraceComponent tc = Tr.register(WSSObjectEncryptionGenerator.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = WSSObjectEncryptionGenerator.class.getName();

    /* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/enc/WSSObjectEncryptionGenerator$ShowerImpl.class */
    private static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        @Override // com.ibm.ws.wssecurity.xml.xss4j.enc.ResourceShower
        public void showEncryptedResource(byte[] bArr, Object obj, OMElement oMElement) {
            String str = null;
            try {
                str = (EncryptedData.isOfType(oMElement) || EncryptedHeader.isOfType(oMElement)) ? new String(bArr, "UTF-8") : Base64.encode(bArr);
            } catch (Exception e) {
                Tr.debug(WSSObjectEncryptionGenerator.tc, "WARNING: An exception occured while the content is encoded with [UTF-8].");
            }
            if (EncryptedData.isOfType(oMElement) || EncryptedHeader.isOfType(oMElement)) {
                Tr.debug(WSSObjectEncryptionGenerator.tc, "ResourceShower logs encrypt-" + oMElement.getAttributeValue(new QName("", "Id")) + ": " + str);
            } else {
                Tr.debug(WSSObjectEncryptionGenerator.tc, "ResourceShower logs encrypt-EncryptedKey: " + str);
            }
        }

        @Override // com.ibm.ws.wssecurity.xml.xss4j.enc.ResourceShower
        public void showEncryptedResource(byte[] bArr, Object obj, WSSObjectElement wSSObjectElement) {
            String str = null;
            try {
                str = ((wSSObjectElement instanceof com.ibm.ws.wssecurity.wssobject.impl.xenc.EncryptedData) || (wSSObjectElement instanceof com.ibm.ws.wssecurity.wssobject.impl.wsse11.EncryptedHeader)) ? new String(bArr, "UTF-8") : Base64.encode(bArr);
            } catch (Exception e) {
                Tr.debug(WSSObjectEncryptionGenerator.tc, "WARNING: An exception occured while the content is encoded with [UTF-8].");
            }
            if ((wSSObjectElement instanceof com.ibm.ws.wssecurity.wssobject.impl.xenc.EncryptedData) || (wSSObjectElement instanceof com.ibm.ws.wssecurity.wssobject.impl.wsse11.EncryptedHeader)) {
                Tr.debug(WSSObjectEncryptionGenerator.tc, "ResourceShower logs encrypt-" + WSSObjectUtils.getIdAttributeValue(wSSObjectElement) + ": " + str);
            } else {
                Tr.debug(WSSObjectEncryptionGenerator.tc, "ResourceShower logs encrypt-EncryptedKey: " + str);
            }
        }

        static /* synthetic */ ShowerImpl access$000() {
            return getInstance();
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSComponent, com.ibm.ws.wssecurity.core.Initializable
    public void init(Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._selectors = map;
            this._idResolver = (IdUtils) map.get(ElementSelector.IDRESOLVER);
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSGeneratorComponent
    public void invoke(OMDocument oMDocument, OMElement oMElement, Map<Object, Object> map) throws SoapSecurityException {
        WSSObjectElement insertElement;
        Key key;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(OMDocument doc[" + DOMUtils.getDisplayName(oMDocument) + "],OMElement parent[" + DOMUtils.getDisplayName((OMNode) oMElement) + "],Map context)");
        }
        OMFactory oMFactory = oMDocument.getOMDocumentElement().getOMFactory();
        Object obj = map.get(Constants.SOAP_VERSION);
        int i = 0;
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = Constants.NAMESPACES[2][i];
        Object obj2 = map.get(Constants.WSS_VERSION);
        int i2 = 0;
        if (obj2 != null && (obj2 instanceof Integer)) {
            i2 = ((Integer) obj2).intValue();
        }
        String str2 = Constants.NAMESPACES[0][i2];
        String str3 = Constants.NAMESPACES[1][i2];
        Security wSSObjectSecurityHeader = WSSObjectUtils.getWSSObjectSecurityHeader(map);
        WSSObjectDocumentImpl wSSObjectDocument = wSSObjectSecurityHeader.getWSSObjectDocument();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Security header at start of encryption generation = " + wSSObjectSecurityHeader);
        }
        if (wSSObjectSecurityHeader == null) {
            throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s15");
        }
        NamespacePrefixPair namespace = wSSObjectSecurityHeader.getNamespace();
        String uri = namespace.getUri();
        String prefix = namespace.getPrefix();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Security namespace prefix = " + prefix);
            Tr.debug(tc, "Security namespace = " + uri);
        }
        if (NamespaceUtil.isWsse(uri) != i2) {
            throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s03", "{" + uri + "}Security", "{" + str2 + "}Security");
        }
        Object obj3 = null;
        if (i == 1) {
            VariablePartAttributeValue soap12Role = wSSObjectSecurityHeader.getSoap12Role();
            r31 = soap12Role != null ? soap12Role.toString() : null;
            VariablePartAttributeValue soap12MustUnderstand = wSSObjectSecurityHeader.getSoap12MustUnderstand();
            r32 = soap12MustUnderstand != null ? soap12MustUnderstand.toString() : null;
            VariablePartAttributeValue soap12Relay = wSSObjectSecurityHeader.getSoap12Relay();
            if (soap12Relay != null) {
                obj3 = soap12Relay.toString();
            }
        } else if (i == 0) {
            VariablePartAttributeValue soapActor = wSSObjectSecurityHeader.getSoapActor();
            r30 = soapActor != null ? soapActor.toString() : null;
            VariablePartAttributeValue soapMustUnderstand = wSSObjectSecurityHeader.getSoapMustUnderstand();
            if (soapMustUnderstand != null) {
                r32 = soapMustUnderstand.toString();
            }
        }
        map.put(Constants.MUST_UNDERSTAND_ATTR, r32);
        map.put(Constants.ACTOR_ATTR, r30);
        map.put(Constants.ROLE_ATTR, r31);
        map.put(Constants.RELAY_ATTR, obj3);
        WSSGeneratorConfig wSSGeneratorConfig = (WSSGeneratorConfig) map.get("com.ibm.wsspi.wssecurity.config.wssGenerator.configKey");
        EncryptionGeneratorConfig encryptionGeneratorConfig = (EncryptionGeneratorConfig) map.remove(EncryptionGeneratorConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "EncryptionGeneratorConfig [" + encryptionGeneratorConfig + "].");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Examining encrypting parts.");
        }
        boolean z = false;
        HashSet hashSet = new HashSet();
        HashMap hashMap = new HashMap(map);
        hashMap.put(NonceManager.class, wSSGeneratorConfig.getNonceManager());
        hashMap.put(ElementSelector.IDRESOLVER, this._idResolver);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        ReferencePartConfig reference = encryptionGeneratorConfig.getReference();
        Map<Object, Object> properties = encryptionGeneratorConfig.getProperties();
        boolean z2 = false;
        String str4 = (String) properties.get(com.ibm.wsspi.wssecurity.core.Constants.ENCRYPTED_HEADER_GENERATE_WSS10);
        if (str4 != null && str4.length() != 0 && str4.equalsIgnoreCase("true")) {
            z2 = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Property com.ibm.wsspi.wssecurity.encryptedHeader.generate.WSS1.0 specified as true.");
            }
        }
        boolean z3 = false;
        if (reference != null && reference.getParts() != null && reference.getParts().iterator() != null) {
            for (ReferencePartConfig.PartConfig partConfig : reference.getParts()) {
                if (partConfig.isTimestamp() || partConfig.isNonce()) {
                    hashSet.add(partConfig);
                } else {
                    String dialect = partConfig.getDialect();
                    String keyword = partConfig.getKeyword();
                    Class cls = ConfidentialDialectElementSelector.class;
                    boolean z4 = false;
                    if (dialect.equals(Constants.DIALECT_HEADER)) {
                        z3 = true;
                        z4 = true;
                        hashMap.put(ElementSelector.HEADERNAME, partConfig.getHeaderName());
                        hashMap.put(ElementSelector.HEADERNAMESPACE, partConfig.getHeaderNamespace());
                        if (r30 != null) {
                            hashMap.put(ElementSelector.ACTOR_OR_ROLE, r30);
                        } else {
                            hashMap.put(ElementSelector.ACTOR_OR_ROLE, r31);
                        }
                        cls = QNameHeaderSelector.class;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Looking for header to encrypt with header name [" + partConfig.getHeaderName() + " and header namspace [" + partConfig.getHeaderNamespace() + "]");
                        }
                    }
                    XMLPartList xMLPartList = (XMLPartList) WSSObjectSignatureGenerator.getMessagePart(oMDocument, dialect, keyword, ElementSelector.ENCRYPTION_MODE, this._selectors, cls, hashMap);
                    if (xMLPartList != null && xMLPartList.size() > 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, xMLPartList.size() + " parts found.");
                        }
                        if (!z4 || z2) {
                            arrayList2.add(xMLPartList);
                        } else {
                            arrayList3.add(xMLPartList);
                        }
                        for (int i3 = 0; i3 < xMLPartList.size(); i3++) {
                            arrayList4.add(xMLPartList.get(i3));
                            boolean z5 = false;
                            while (!z5) {
                                String makeUniqueId = IdUtils.getInstance().makeUniqueId("e_");
                                if (!arrayList.contains(makeUniqueId)) {
                                    arrayList.add(makeUniqueId);
                                    z5 = true;
                                }
                            }
                            z = true;
                        }
                    }
                }
            }
        }
        if (!z) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke(Document doc, Element parent, Map context)");
                return;
            }
            return;
        }
        if (z3 && !z2) {
            map.put(Constants.SOAP_NS_FOR_ATTR, str);
        }
        HashMap hashMap2 = new HashMap();
        EncryptionContext encryptionContext = new EncryptionContext();
        AlgorithmConfig keyEncryptionMethod = encryptionGeneratorConfig.getKeyEncryptionMethod();
        String algorithm = keyEncryptionMethod != null ? keyEncryptionMethod.getAlgorithm() : null;
        encryptionContext.setEncAlgorithm(algorithm);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Encryption Algorithm : " + algorithm);
        }
        WSSAlgorithmFactory algorithmFactory = wSSGeneratorConfig.getAlgorithmFactory();
        encryptionContext.setAlgorithmFactory(algorithmFactory);
        Map<Object, Object> properties2 = wSSGeneratorConfig.getProperties();
        encryptionContext.setHWConfigName((String) properties2.get("HWCONFIG"));
        String str5 = (String) properties2.get("com.ibm.ws.wssecurity.handler.OffloadAllCryptography");
        encryptionContext.setOffload((Boolean) properties2.get(ConfigConstants.OFFLOAD_RSA_PUBKEY_CRYPTO));
        if (encryptionContext.shouldChangeProvider()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HARDWARE Acceleration enabled, Key Store Name is: " + encryptionContext.getHWConfigName());
            }
            Provider hWCryptoProviderInstance = ConfigUtil.getHWCryptoProviderInstance(encryptionContext.getHWConfigName());
            if (hWCryptoProviderInstance == null) {
                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware acceleration, continue processing.");
            } else {
                encryptionContext.setHWAccelerationProvider(hWCryptoProviderInstance, (Integer) properties2.get(ConfigConstants.HARDWARE_CACHE_SIZE));
                encryptionContext.setCryptoOffloadProperty(str5);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HW crypto provider instance for HW Acceleration" + hWCryptoProviderInstance.getName());
                }
            }
        }
        encryptionContext.setHWKeyStoreName((String) properties.get("com.ibm.ws.wssecurity.config.keystore.keyStoreRef"));
        if (encryptionContext.useHWKeyStore()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HARDWARE Key Store Name is: " + encryptionContext.getHWKeyStoreName());
            }
            Provider hWCryptoProviderInstance2 = ConfigUtil.getHWCryptoProviderInstance(encryptionContext.getHWKeyStoreName());
            if (hWCryptoProviderInstance2 == null) {
                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
            } else {
                encryptionContext.setHWKeyStoreProvider(hWCryptoProviderInstance2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HW crypto provider instance for the HW KeyStore" + hWCryptoProviderInstance2.getName());
                }
            }
        }
        boolean z6 = false;
        String str6 = (String) properties.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MTOM_OPTIMIZE_ENCRYPTED_DATA);
        if (str6 != null && str6.length() != 0 && str6.equalsIgnoreCase("true")) {
            z6 = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "MTOM optimize property was specified for EncryptionInfo");
            }
        }
        encryptionContext.setMTOMOptimize(z6);
        if (tc.isDebugEnabled()) {
            encryptionContext.setResourceShower(ShowerImpl.access$000());
        }
        String algorithm2 = encryptionGeneratorConfig.getKeyEncryptionMethod() != null ? encryptionGeneratorConfig.getKeyEncryptionMethod().getAlgorithm() : null;
        map.put(Constants.KEY_ALGORITHM, encryptionGeneratorConfig.getDataEncryptionMethod().getAlgorithm());
        boolean z7 = algorithm2 != null && algorithm2.length() > 0;
        EncryptedData createEncryptedData = createEncryptedData(encryptionGeneratorConfig, oMFactory, !z7 && wSSGeneratorConfig.isUserDefinedComponentsUsed(), algorithmFactory);
        if (z7) {
            EncryptedKey createEncryptedKey = createEncryptedKey(encryptionGeneratorConfig, arrayList, algorithmFactory, oMFactory, str, str2, str3, wSSGeneratorConfig.isUserDefinedComponentsUsed());
            try {
                insertElement = WSSObjectSignatureGenerator.insertElement(wSSObjectSecurityHeader, createEncryptedKey.createElement(wSSObjectDocument), str3, map);
                createEncryptedKey.setWSSObjectBase(insertElement);
                Key callKeyInfoGenerator = WSSObjectSignatureGenerator.callKeyInfoGenerator(encryptionGeneratorConfig.getEncryptionKeyInfo(), WSSKeyInfoComponent.KEY_ENCRYPTING, hashMap2, this._selectors, oMDocument, insertElement, map);
                if (map.get(Constants0.TARGET_ENDPOINT) != null) {
                    String obj4 = map.get(Constants0.TARGET_ENDPOINT).toString();
                    if (encryptionGeneratorConfig != null) {
                        obj4 = obj4 + encryptionGeneratorConfig.hashCode();
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The target End point address = " + map.get(Constants0.TARGET_ENDPOINT).toString());
                    }
                    encryptionContext.setEndpointReference(obj4);
                }
                key = generateKey(encryptionContext, createEncryptedData, wSSObjectDocument, callKeyInfoGenerator);
                encryptKey(encryptionContext, createEncryptedKey, key, callKeyInfoGenerator);
            } catch (StructureException e) {
                Tr.processException(e, clsName + ".invoke", "464");
                throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s01", new String[]{IRSTTemplate.ENCRYPTED_KEY, e.getMessage()}, e);
            }
        } else {
            try {
                insertElement = WSSObjectSignatureGenerator.insertElement(wSSObjectSecurityHeader, createReferenceList(arrayList, str, str2, str3).createElement(wSSObjectDocument), str3, map);
                key = null;
            } catch (StructureException e2) {
                Tr.processException(e2, clsName + ".invoke", "504");
                throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s01", new String[]{"ReferenceList", e2.getMessage()}, e2);
            }
        }
        encrypt(encryptionGeneratorConfig.getEncryptionKeyInfo(), hashMap2, this._selectors, oMDocument, map, encryptionGeneratorConfig.remainSignatureAfterEncryption(), arrayList2, arrayList, arrayList3, encryptionContext, insertElement, createEncryptedData, key, wSSGeneratorConfig.isUserDefinedComponentsUsed());
        map.remove(Constants.MUST_UNDERSTAND_ATTR);
        map.remove(Constants.ACTOR_ATTR);
        map.remove(Constants.ROLE_ATTR);
        map.remove(Constants.RELAY_ATTR);
        if (z3 && !z2) {
            map.remove(Constants.SOAP_NS_FOR_ATTR);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(OMDocument doc, OMElement parent, Map context)");
        }
    }

    private static EncryptedKey createEncryptedKey(EncryptionGeneratorConfig encryptionGeneratorConfig, List<String> list, WSSAlgorithmFactory wSSAlgorithmFactory, OMFactory oMFactory, String str, String str2, String str3, boolean z) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createEncryptedKey(EncryptionGeneratorConfig config,List ids[" + list + "],WSSAlgorithmFactory factory[" + wSSAlgorithmFactory + "],OMFactory doc[" + oMFactory + "],String nsSoap[" + str + "],String nsWsse[" + str2 + "],String nsWsu[" + str3 + "],boolean userDefinedComponentsUsed[" + z + "])");
        }
        EncryptedKey encryptedKey = new EncryptedKey();
        encryptedKey.setEncryptionMethod(createEncryptionMethod(encryptionGeneratorConfig.getKeyEncryptionMethod(), wSSAlgorithmFactory));
        encryptedKey.setCipherData(createCipherData());
        encryptedKey.setReferenceList(createReferenceList(list, str, str2, str3));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createEncryptedKey(EncryptionGeneratorConfig config,List ids,WSSAlgorithmFactory factory,OMFactory doc,String nsSoap,String nsWsse,String nsWsu,boolean userDefinedComponentsUsed) returns EncryptedKey[" + encryptedKey + "]");
        }
        return encryptedKey;
    }

    private static EncryptionMethod createEncryptionMethod(AlgorithmConfig algorithmConfig, WSSAlgorithmFactory wSSAlgorithmFactory) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setEncryptionMethod(AlgorithmConfig aconfig[" + algorithmConfig + "],WSSAlgorithmFactory factory[" + wSSAlgorithmFactory + "])");
        }
        EncryptionMethod encryptionMethod = new EncryptionMethod();
        encryptionMethod.setAlgorithm(algorithmConfig.getAlgorithm());
        try {
            AlgorithmParameterSpec convertParameter = wSSAlgorithmFactory.convertParameter(algorithmConfig.getAlgorithm(), algorithmConfig.getProperties());
            if (convertParameter != null) {
                encryptionMethod.setParameterSpec(wSSAlgorithmFactory, convertParameter);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "setEncryptionMethod(AlgorithmConfig aconfig,WSSAlgorithmFactory factory) returns EncryptionMethod[" + encryptionMethod + "]");
            }
            return encryptionMethod;
        } catch (InvalidAlgorithmParameterException e) {
            Tr.processException(e, clsName + ".createEncryptionMethod", "616");
            Tr.error(tc, "security.wssecurity.EncryptionGenerator.s14", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s14", new String[]{e.getMessage()}, e);
        } catch (NoSuchAlgorithmException e2) {
            Tr.processException(e2, clsName + ".createEncryptionMethod", "620");
            Tr.error(tc, "security.wssecurity.EncryptionGenerator.s14", new Object[]{e2});
            throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s14", new String[]{e2.getMessage()}, e2);
        }
    }

    private static KeyInfo createKeyInfo(OMFactory oMFactory) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createKeyInfo(OMFactory factory[" + oMFactory + "])");
        }
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.addElement(oMFactory.createOMElement("dummy", "", ""));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createKeyInfo(Document doc) returns KeyInfo[" + keyInfo + "]");
        }
        return keyInfo;
    }

    private static CipherData createCipherData() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createCipherData()");
        }
        CipherValue cipherValue = new CipherValue();
        CipherData cipherData = new CipherData();
        cipherData.setCipherValue(cipherValue);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createCipherData() returns CipherData[" + cipherData + "]");
        }
        return cipherData;
    }

    private static ReferenceList createReferenceList(List<String> list, String str, String str2, String str3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createReferenceList(List ids[" + list + "],String nsSoap[" + str + "],String nsWsse[" + str2 + "],String nsWsu[" + str3 + "])");
        }
        ReferenceList referenceList = new ReferenceList();
        for (String str4 : list) {
            DataReference dataReference = new DataReference();
            dataReference.setURI("#" + str4);
            referenceList.addDataReference(dataReference);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createReferenceList(List ids,Document doc,String nsSoap,String nsWsse,String nsWsu) returns ReferenceList[" + referenceList + "]");
        }
        return referenceList;
    }

    public static EncryptedData createEncryptedData(EncryptionGeneratorConfig encryptionGeneratorConfig, OMFactory oMFactory, boolean z, WSSAlgorithmFactory wSSAlgorithmFactory) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createEncryptedData(EncryptionGeneratorConfig config,OMFactory doc[" + oMFactory + "],boolean createKeyInfo[" + z + "],WSSAlgorithmFactory factory[" + wSSAlgorithmFactory + "])");
        }
        EncryptedData encryptedData = new EncryptedData();
        encryptedData.setEncryptionMethod(createEncryptionMethod(encryptionGeneratorConfig.getDataEncryptionMethod(), wSSAlgorithmFactory));
        if (z) {
            encryptedData.setKeyInfo(createKeyInfo(oMFactory));
        }
        encryptedData.setCipherData(createCipherData());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createEncryptedData(EncryptionGeneratorConfig config,Document doc,boolean createKeyInfo,WSSAlgorithmFactory factory) returns EncryptedData[" + encryptedData + "]");
        }
        return encryptedData;
    }

    private static Key generateKey(EncryptionContext encryptionContext, EncryptedData encryptedData, WSSObjectDocumentImpl wSSObjectDocumentImpl, Key key) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateKey(EncryptionContext econtext[" + encryptionContext + "],EncryptedData ed[" + encryptedData + "],WSSObjectDocument doc,Key kek[" + key + "])");
        }
        try {
            encryptionContext.setEncryptedType(encryptedData, (String) null, (EncryptionMethod) null, (KeyInfo) null);
            Key generateKey = encryptionContext.generateKey();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "generateKey(EncryptionContext econtext,EncryptedData ed,WSSObjectDocument doc,Key kek) returns Key[" + generateKey + "]");
            }
            return generateKey;
        } catch (Exception e) {
            Tr.processException(e, clsName + ".generateKey", "754");
            Tr.error(tc, "security.wssecurity.EncryptionGenerator.s11", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s11", new String[]{e.getMessage()}, e);
        }
    }

    private static void encrypt(KeyInfoGeneratorConfig keyInfoGeneratorConfig, Map<Object, Object> map, Map<Object, Object> map2, OMDocument oMDocument, Map<Object, Object> map3, boolean z, List<ArrayList<XMLElement>> list, List<String> list2, List<ArrayList<XMLElement>> list3, EncryptionContext encryptionContext, WSSObjectElement wSSObjectElement, EncryptedData encryptedData, Key key, boolean z2) throws SoapSecurityException {
        OMNode firstOMChild;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encrypt(KeyInfoGeneratorConfig config,Map type,Map properties,OMDocument doc[" + DOMUtils.getDisplayName(oMDocument) + "],Map context,boolean sigAfterEnc,List pList[" + list + "],List idList[" + list2 + "],List hList[" + list3 + "],EncryptionContext econtext[" + encryptionContext + "],WSSObjectElement einfo[" + wSSObjectElement + "],EncryptedData ed[" + encryptedData + "],Key dek[" + key + "], boolean userDefinedComponentsUsed[" + z2 + "])");
        }
        OMFactory oMFactory = oMDocument.getOMDocumentElement().getOMFactory();
        if (key == null && z2) {
            encryptedData.setKeyInfo(createKeyInfo(oMFactory));
        }
        MessageContext messageContext = (MessageContext) map3.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
        try {
            try {
                int size = list2.size() - 1;
                Iterator<ArrayList<XMLElement>> it = list.iterator();
                while (it.hasNext()) {
                    XMLPartList xMLPartList = (XMLPartList) it.next();
                    for (int i = 0; i < xMLPartList.getLength(); i++) {
                        String type = xMLPartList.getType();
                        XMLElement item = xMLPartList.item(i);
                        OMElement oMElement = null;
                        WSSObjectElement wSSObjectElement2 = null;
                        if (item.getType() == 1) {
                            oMElement = item.getOMNode();
                        } else if (item.getType() == 2) {
                            wSSObjectElement2 = item.getWSSObject();
                        }
                        int i2 = size;
                        size--;
                        String str = list2.get(i2);
                        encryptedData.setId(str);
                        encryptedData.setType(type);
                        if (tc.isDebugEnabled()) {
                            if (item.getType() == 1) {
                                Tr.debug(tc, "plist: el is of type " + oMElement.getClass().getName());
                            } else if (item.getType() == 2) {
                                Tr.debug(tc, "plist: WSSObject element is " + wSSObjectElement2.getQName());
                            }
                        }
                        byte[] bArr = null;
                        ByteArrayHolder byteArrayHolder = null;
                        WSSObjectElement wSSObjectElement3 = null;
                        EncryptedType encryptedType = null;
                        if (oMElement != null && (((oMElement instanceof SOAP11BodyImpl) || (oMElement instanceof SOAP12BodyImpl)) && (firstOMChild = oMElement.getFirstOMChild()) != null)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "child: el is of type " + firstOMChild.getClass().getName());
                            }
                            if (firstOMChild instanceof OMSourcedElementImpl) {
                                if (messageContext != null) {
                                    bArr = (byte[]) messageContext.getProperty(BodyC14NFilter.BODY_CONTENT_C14N_RESULT);
                                    messageContext.setProperty(BodyC14NFilter.BODY_CONTENT_C14N_RESULT, (Object) null);
                                }
                                if (tc.isDebugEnabled()) {
                                    if (bArr == null || bArr.length == 0) {
                                        Tr.debug(tc, "Could not retrieve C14N body content byte[] from MessageContext");
                                    } else {
                                        Tr.debug(tc, "Retrieved C14N body content byte[] from MessageContext");
                                    }
                                }
                                if (messageContext != null) {
                                    byteArrayHolder = (ByteArrayHolder) messageContext.getProperty(Constants.ENCRYPTED_BODY_BAH);
                                    messageContext.setProperty(Constants.ENCRYPTED_BODY_BAH, (Object) null);
                                }
                                if (byteArrayHolder != null && byteArrayHolder.getLength() != 0) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Retrieved encrypted body content ByteArrayHolder from MessageContext");
                                    }
                                    encryptedType = (EncryptedData) map3.get(Constants.BODY_ENCRYPTED_DATA_ELEMENT);
                                    if (encryptedType != null && encryptedType.getWSSObjectBase() != null) {
                                        wSSObjectElement3 = encryptedType.getWSSObjectBase();
                                        ((com.ibm.ws.wssecurity.wssobject.impl.xenc.EncryptedData) wSSObjectElement3).setId(VariablePartFactory.getInstance().createAttrValueWithString(Util.normalize(encryptedData.getId())));
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Retrieved WSSObject EncryptedData element from context");
                                        }
                                    } else if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Did not retrieve WSSObject EncryptedData element from context");
                                    }
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Could not retrieve encrypted body content ByteArrayHolder from MessageContext; using OMSourcedElement");
                                }
                            }
                        }
                        if (bArr != null && bArr.length > 0) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Setting byte[] to EncryptionContext");
                            }
                            encryptionContext.setData(bArr);
                        } else if (byteArrayHolder != null && byteArrayHolder.getLength() > 0) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Setting ByteArrayHolder to EncryptionContext");
                            }
                            encryptionContext.setEncryptedData(byteArrayHolder);
                        } else if (item.getType() == 1) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Setting OMElement to EncryptionContext");
                            }
                            encryptionContext.setData(oMElement);
                        } else if (item.getType() == 2) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Setting WSSObjectElement to EncryptionContext");
                            }
                            encryptionContext.setData(wSSObjectElement2);
                        }
                        if (wSSObjectElement3 == null) {
                            if (item.getType() == 1) {
                                wSSObjectElement3 = createEncryptedData(encryptedData, oMElement);
                            } else if (item.getType() == 2) {
                                wSSObjectElement3 = createEncryptedData(encryptedData, wSSObjectElement2);
                            }
                            encryptedData.setWSSObjectBase(wSSObjectElement3);
                            if (key == null) {
                                encryptionContext.setKey(WSSObjectSignatureGenerator.callKeyInfoGenerator(keyInfoGeneratorConfig, WSSKeyInfoComponent.KEY_ENCRYPTING, map, map2, oMDocument, wSSObjectElement3, map3));
                            } else {
                                encryptionContext.setKey(key);
                            }
                            encryptionContext.setEncryptedType(encryptedData, (String) null, (EncryptionMethod) null, (KeyInfo) null);
                        } else {
                            if (key != null) {
                                encryptionContext.setKey(key);
                            }
                            encryptionContext.setEncryptedType(encryptedType, (String) null, (EncryptionMethod) null, (KeyInfo) null);
                        }
                        encryptionContext.encrypt();
                        if ((bArr == null || bArr.length <= 0) && (byteArrayHolder == null || byteArrayHolder.getLength() <= 0)) {
                            encryptionContext.replace();
                        } else {
                            encryptionContext.replace(oMElement);
                        }
                        encryptionContext.clearEncryptedType();
                        if (tc.isDebugEnabled()) {
                            if (item.getType() == 1) {
                                Tr.debug(tc, "Encrypted part with id[" + str + "] for part with name[" + oMElement.getLocalName() + "] and namespace[" + oMElement.getNamespace().getNamespaceURI() + "]");
                            } else if (item.getType() == 2) {
                                Tr.debug(tc, "Encrypted part with id[" + str + "] for part with QName[" + wSSObjectElement2.getQName() + "]");
                            }
                        }
                    }
                }
                String str2 = (String) map3.get(Constants.MUST_UNDERSTAND_ATTR);
                String str3 = (String) map3.get(Constants.ACTOR_ATTR);
                String str4 = (String) map3.get(Constants.ROLE_ATTR);
                String str5 = (String) map3.get(Constants.RELAY_ATTR);
                String str6 = (String) map3.get(Constants.SOAP_NS_FOR_ATTR);
                EncryptedHeader encryptedHeader = new EncryptedHeader();
                encryptedHeader.setMustUnderstand(str2);
                encryptedHeader.setActor(str3);
                encryptedHeader.setRole(str4);
                encryptedHeader.setRelay(str5);
                encryptedHeader.setSoapNs(str6);
                encryptedHeader.initFromEncryptedData(encryptedData);
                Iterator<ArrayList<XMLElement>> it2 = list3.iterator();
                while (it2.hasNext()) {
                    XMLPartList xMLPartList2 = (XMLPartList) it2.next();
                    for (int i3 = 0; i3 < xMLPartList2.getLength(); i3++) {
                        String type2 = xMLPartList2.getType();
                        XMLElement item2 = xMLPartList2.item(i3);
                        int i4 = size;
                        size--;
                        String str7 = list2.get(i4);
                        encryptedHeader.setId(str7);
                        encryptedHeader.setType(type2);
                        OMElement oMElement2 = null;
                        if (item2.getType() == 1) {
                            oMElement2 = item2.getOMNode();
                            encryptionContext.setData(oMElement2);
                        } else if (item2.getType() == 2) {
                            throw new RuntimeException("Internal error: SOAP header element to encrypt cannot be WSSObject");
                        }
                        WSSObjectElement createEncryptedData = createEncryptedData(encryptedHeader, oMElement2);
                        encryptedHeader.setWSSObjectBase(createEncryptedData);
                        if (key == null) {
                            encryptionContext.setKey(WSSObjectSignatureGenerator.callKeyInfoGenerator(keyInfoGeneratorConfig, WSSKeyInfoComponent.KEY_ENCRYPTING, map, map2, oMDocument, (WSSObjectElement) createEncryptedData.getChild(0), map3));
                        } else {
                            encryptionContext.setKey(key);
                        }
                        encryptionContext.setEncryptedType(encryptedHeader, (String) null, (EncryptionMethod) null, (KeyInfo) null);
                        encryptionContext.encrypt();
                        encryptionContext.replace();
                        encryptionContext.clearEncryptedType();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "EncryptedHeader with id[" + str7 + "] for header with name[" + oMElement2.getLocalName() + "] and namespace[" + oMElement2.getNamespace().getNamespaceURI() + "]");
                        }
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "encrypt(KeyInfoGeneratorConfig config,Map type,Map properties,OMDocument doc,Map context,boolean sigAfterEnc,List pList,List idList,List hList,EncryptionContext econtext,OMElement einfo,EncryptedData ed,Document doc,Key dek, boolean userDefinedComponentsUsed)");
                }
            } catch (Exception e) {
                Tr.processException(e, clsName + ".encrypt", "1042");
                Tr.error(tc, "security.wssecurity.EncryptionGenerator.s12", new Object[]{e});
                throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s12", new String[]{e.getMessage()}, e);
            }
        } finally {
            encryptionContext.clearLocalProviderMap();
            if (encryptionContext.isHWAccelerationProvider()) {
                ConfigUtil.returnHWCryptoProviderInstance(encryptionContext.getHWConfigName(), encryptionContext.getHWAccelerationProvider());
            }
            if (encryptionContext.isHWKeyStoreProvider()) {
                ConfigUtil.returnHWCryptoProviderInstance(encryptionContext.getHWKeyStoreName(), encryptionContext.getHWKeyStoreProvider());
            }
        }
    }

    private static void encryptKey(EncryptionContext encryptionContext, EncryptedType encryptedType, Key key, Key key2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encryptKey(EncryptionContext econtext[" + encryptionContext + "],EncryptedType et[" + encryptedType + "],Key dek[" + key + "],Key kek[" + key2 + "])");
        }
        try {
            encryptionContext.setData(key);
            encryptionContext.setEncryptedType(encryptedType, (String) null, (EncryptionMethod) null, (KeyInfo) null);
            if (encryptionContext.isHWAccelerationProvider()) {
                encryptionContext.setHWKeyFromCache((PublicKey) key2);
            } else {
                encryptionContext.setKey(key2);
            }
            encryptionContext.encrypt();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "encryptKey(EncryptionContext econtext,EncryptedType et,Key dek,Key kek)");
            }
        } catch (Exception e) {
            Tr.processException(e, clsName + ".encryptKey", "1108");
            Tr.error(tc, "security.wssecurity.EncryptionGenerator.s13", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.EncryptionGenerator.s13", new String[]{e.getMessage()}, e);
        } catch (PKCS11Exception e2) {
            String l = new Long(e2.getCode()).toString();
            Tr.error(tc, "Encrypting the key fails with PKCS11Exception and error code = " + e2.getCode());
            Tr.processException(e2, clsName + ".encryptKeyPKCS11", "1104");
            throw new SoapSecurityException("Encrypting the key for data encryption fails with exception " + e2.getMessage() + " and error code = " + l, (Throwable) e2);
        }
    }

    private static WSSObjectElement createEncryptedData(EncryptedData encryptedData, OMElement oMElement) throws StructureException {
        WSSObjectDocumentImpl wSSObjectDocumentImpl = new WSSObjectDocumentImpl(1);
        OMElement parent = oMElement.getParent();
        if (parent instanceof OMElement) {
            wSSObjectDocumentImpl.getNamespacesInAncestor().gatherDeclaredOMNamespacesInAncestor(parent);
        } else {
            wSSObjectDocumentImpl.getNamespacesInAncestor().gatherDeclaredOMNamespacesInAncestor(oMElement);
        }
        WSSObjectElement createElement = encryptedData.createElement(wSSObjectDocumentImpl);
        if (createElement instanceof BelongsToNamespace) {
            wSSObjectDocumentImpl.declareNamespace(createElement.getNamespace());
        }
        createElement.setParent(wSSObjectDocumentImpl);
        wSSObjectDocumentImpl.setRootWSSObject(createElement);
        return createElement;
    }

    private static WSSObjectElement createEncryptedData(EncryptedData encryptedData, WSSObjectElement wSSObjectElement) throws StructureException {
        return encryptedData.createElement(wSSObjectElement.getWSSObjectDocument());
    }
}
