package com.ibm.xml.soapsec.enc;

import com.ibm.ws.wssecurity.xss4j.AlgorithmFactory;
import com.ibm.ws.wssecurity.xss4j.dsig.IDResolver;
import com.ibm.ws.wssecurity.xss4j.dsig.XSignatureException;
import com.ibm.ws.wssecurity.xss4j.dsig.util.Base64;
import com.ibm.ws.wssecurity.xss4j.enc.DecryptionContext;
import com.ibm.ws.wssecurity.xss4j.enc.KeyInfoResolvingException;
import com.ibm.ws.wssecurity.xss4j.enc.ResourceShower;
import com.ibm.ws.wssecurity.xss4j.enc.StructureException;
import com.ibm.ws.wssecurity.xss4j.enc.type.DataReference;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedData;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedKey;
import com.ibm.ws.wssecurity.xss4j.enc.type.KeyReference;
import com.ibm.ws.wssecurity.xss4j.enc.type.ReferenceList;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.config.KeyLocator;
import com.ibm.wsspi.wssecurity.config.KeyLocatorException;
import com.ibm.xml.soapsec.Constants;
import com.ibm.xml.soapsec.ResultPool;
import com.ibm.xml.soapsec.SoapSecurityComponent;
import com.ibm.xml.soapsec.util.DOMUtil;
import com.ibm.xml.soapsec.util.IdUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.faces.validator.BeanValidator;
import javax.xml.parsers.ParserConfigurationException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:lib/ecc_v2r3m0f010/com.ibm.ws.webservices.thinclient_8.5.0.jar:com/ibm/xml/soapsec/enc/EncryptionReceiver.class */
public class EncryptionReceiver implements SoapSecurityComponent {
    private static final String comp = "security.wssecurity";
    private EncryptionReceiverConfig fConfig;
    private static final TraceComponent tc = Tr.register(EncryptionReceiver.class, Constants.TR_GROUP, "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = EncryptionReceiver.class.getName();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/ecc_v2r3m0f010/com.ibm.ws.webservices.thinclient_8.5.0.jar:com/ibm/xml/soapsec/enc/EncryptionReceiver$ShowerImpl.class */
    public static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        public void showEncryptedResource(byte[] bArr, Object obj, Element element) {
            String str = null;
            try {
                str = EncryptedData.isOfType(element) ? new String(bArr, "UTF-8") : Base64.encode(bArr);
            } catch (Exception e) {
                Tr.debug(EncryptionReceiver.tc, "WARNING: An exception occured while the content is encoded with [UTF-8].");
            }
            if (EncryptedData.isOfType(element)) {
                Tr.debug(EncryptionReceiver.tc, "ResourceShower logs decrypt-" + element.getAttribute(com.ibm.xml.crypto.dsig.Constants.AT_ID) + ": " + str);
            } else {
                Tr.debug(EncryptionReceiver.tc, "ResourceShower logs decrypt-EncryptedKey: " + str);
            }
        }

        static /* synthetic */ ShowerImpl access$000() {
            return getInstance();
        }
    }

    private List getIds(Element element) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getIds(" + element + ")");
        }
        Element element2 = null;
        if (EncryptedKey.isOfType(element)) {
            element2 = DOMUtil.getChildElement(element, "http://www.w3.org/2001/04/xmlenc#", "ReferenceList");
        } else if (ReferenceList.isOfType(element)) {
            element2 = element;
        }
        ArrayList arrayList = new ArrayList();
        if (element2 != null) {
            for (DataReference dataReference : new ReferenceList(element2).getReferences()) {
                if (dataReference instanceof DataReference) {
                    String uri = dataReference.getURI();
                    if (uri == null) {
                        throw SoapSecurityException.format("security.wssecurity.EncryptionReceiver.enc05");
                    }
                    if (uri.length() > 1 && uri.charAt(0) == '#') {
                        arrayList.add(uri.substring(1));
                    }
                } else if (dataReference instanceof KeyReference) {
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getIds(Element elem) returns " + arrayList);
        }
        return arrayList;
    }

    private DecryptionContext createDecryptionContext(KeyLocator keyLocator, IDResolver iDResolver, Map map) throws KeyLocatorException, KeyStoreException, NoSuchAlgorithmException, SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createDecryptionContext(" + keyLocator + ", " + iDResolver + ")");
        }
        DecryptionContext decryptionContext = new DecryptionContext();
        decryptionContext.setAlgorithmFactory(AlgorithmFactory.getInstance());
        decryptionContext.setIdResolver(iDResolver);
        decryptionContext.setKeyInfoResolver(new KeyIdentifierKeyResolver(keyLocator, 2, map, false));
        if (tc.isDebugEnabled()) {
            decryptionContext.setResourceShower(ShowerImpl.access$000());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createDecryptionContext(KeyLocator locator,  IDResolver reslvr) returns " + decryptionContext);
        }
        return decryptionContext;
    }

    private void checkEncryptionMethod(Element element, String str) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkEncryptionMethod(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + str + ")");
        }
        Element childElement = DOMUtil.getChildElement(element, "http://www.w3.org/2001/04/xmlenc#", "EncryptionMethod");
        if (childElement == null) {
            throw SoapSecurityException.format("security.wssecurity.EncryptionReceiver.enc10");
        }
        if (!childElement.hasAttribute(com.ibm.xml.crypto.dsig.Constants.AT_ALGORITHM)) {
            throw SoapSecurityException.format("security.wssecurity.EncryptionReceiver.enc06");
        }
        String attribute = childElement.getAttribute(com.ibm.xml.crypto.dsig.Constants.AT_ALGORITHM);
        if (!attribute.equals(str)) {
            throw SoapSecurityException.format("security.wssecurity.EncryptionReceiver.enc07", attribute);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkEncryptionMethod(Element encType, Set methods)");
        }
    }

    private void checkCipherData(Element element) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCipherData(" + element + ")");
        }
        Element childElement = DOMUtil.getChildElement(element, "http://www.w3.org/2001/04/xmlenc#", "CipherData");
        if (childElement == null) {
            Tr.error(tc, "security.wssecurity.WSEC5196E");
            throw SoapSecurityException.format("security.wssecurity.WSEC5196E");
        }
        Element childElement2 = DOMUtil.getChildElement(childElement, "http://www.w3.org/2001/04/xmlenc#", "CipherReference");
        if (childElement2 == null) {
            return;
        }
        if (!childElement2.hasAttribute(com.ibm.xml.crypto.dsig.Constants.AT_URI)) {
            Tr.error(tc, "security.wssecurity.WSEC5197E");
            throw SoapSecurityException.format("security.wssecurity.WSEC5197E");
        }
        String attribute = childElement2.getAttribute(com.ibm.xml.crypto.dsig.Constants.AT_URI);
        if (attribute.length() < 2 || attribute.charAt(0) != '#') {
            Tr.error(tc, "security.wssecurity.WSEC5198E", attribute);
            throw SoapSecurityException.format("security.wssecurity.WSEC5198E", attribute);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCipherData()");
        }
    }

    private Key decryptEncryptedKey(Element element, DecryptionContext decryptionContext, Element element2) throws BadPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, KeyInfoResolvingException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, StructureException, XSignatureException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decryptEncryptedKey(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + decryptionContext + BeanValidator.VALIDATION_GROUPS_DELIMITER + element2 + ")");
        }
        decryptionContext.setEncryptedType(element, (String) null, (Element) null, (Element) null);
        decryptionContext.setEncryptionMethod(DOMUtil.getChildElement(element2, "http://www.w3.org/2001/04/xmlenc#", "EncryptionMethod"));
        decryptionContext.decrypt();
        Key key = (Key) decryptionContext.getData();
        decryptionContext.setEncryptionMethod((Element) null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decryptEncryptedKey(Element encKey, DecryptionContext context, Element encData) returns " + key);
        }
        return key;
    }

    private DecryptionResult decryptEncryptedData(Element element, DecryptionContext decryptionContext) throws BadPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, KeyInfoResolvingException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, ParserConfigurationException, SAXException, StructureException, XSignatureException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decryptEncryptedData(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + decryptionContext + ")");
        }
        decryptionContext.setEncryptedType(element, (String) null, (Element) null, (Element) null);
        decryptionContext.decrypt();
        decryptionContext.replace();
        DecryptionResult createDecryptionResult = createDecryptionResult(decryptionContext.getDataAsNodeList(), decryptionContext.getType());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decryptEncryptedData(Element encData, DecryptionContext context) returns " + createDecryptionResult);
        }
        return createDecryptionResult;
    }

    private DecryptionResult createDecryptionResult(NodeList nodeList, String str) {
        Node parentNode;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createDecryptionResult(" + nodeList + BeanValidator.VALIDATION_GROUPS_DELIMITER + str + ")");
        }
        DecryptionResult decryptionResult = new DecryptionResult();
        if (nodeList.getLength() > 0) {
            Node item = nodeList.item(0);
            if (str.equals("http://www.w3.org/2001/04/xmlenc#Element")) {
                Element element = (Element) item;
                String id = getId(element);
                if (id != null) {
                    decryptionResult.setElement(id, false);
                } else {
                    decryptionResult.setElement(element, false);
                }
            } else if (str.equals("http://www.w3.org/2001/04/xmlenc#Content") && (parentNode = item.getParentNode()) != null && parentNode.getNodeType() == 1) {
                if ("http://schemas.xmlsoap.org/soap/envelope/".equals(parentNode.getNamespaceURI()) && com.ibm.ws.webservices.engine.Constants.ELEM_BODY.equals(parentNode.getLocalName())) {
                    decryptionResult.setBodyContent();
                } else {
                    Element element2 = (Element) parentNode;
                    String id2 = getId(element2);
                    if (id2 != null) {
                        decryptionResult.setElement(id2, true);
                    } else {
                        decryptionResult.setElement(element2, true);
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createDecryptionResult(NodeList nodes, String type) returns " + decryptionResult);
        }
        return decryptionResult;
    }

    private String getId(Element element) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getId(" + element + ")");
        }
        String idAttributeName = IdUtil.getInstance().getIdAttributeName(element);
        String str = null;
        if (idAttributeName != null) {
            str = element.getAttribute(idAttributeName);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getId(Element elem) returns" + str);
        }
        return str;
    }

    private Exception unwrapException(Exception exc) {
        Exception exception;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "unwrapException(" + exc + ")");
        }
        if (exc instanceof SAXException) {
            Exception exception2 = ((SAXException) exc).getException();
            if (exception2 != null) {
                exc = exception2;
            }
        } else if ((exc instanceof XSignatureException) && (exception = ((XSignatureException) exc).getException()) != null) {
            exc = exception;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "unwrapException(Exception exc) returns " + exc);
        }
        return exc;
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void init(Map map) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(" + map + ")");
        }
        this.fConfig = (EncryptionReceiverConfig) map.get(EncryptionReceiverConfig.class);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void invoke(Document document, Element element, Map map) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(" + document + BeanValidator.VALIDATION_GROUPS_DELIMITER + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + ")");
        }
        boolean z = false;
        Exception exc = null;
        Iterator it = this.fConfig.getEncryptionSettingsList().iterator();
        while (it.hasNext()) {
            try {
                invoke0(document, element, map, (EncryptionSettings) it.next());
                z = true;
                break;
            } catch (Exception e) {
                exc = e;
            }
        }
        if (!z) {
            Tr.error(tc, "security.wssecurity.EncryptionReceiver.exception", exc);
            throw SoapSecurityException.format("security.wssecurity.EncryptionReceiver.enc14", exc);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Document doc, Element target, Map context)");
        }
    }

    private void invoke0(Document document, Element element, Map map, EncryptionSettings encryptionSettings) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke0(" + document + BeanValidator.VALIDATION_GROUPS_DELIMITER + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + BeanValidator.VALIDATION_GROUPS_DELIMITER + encryptionSettings + ")");
        }
        try {
            List ids = getIds(element);
            IdUtil idUtil = IdUtil.getInstance();
            DecryptionContext createDecryptionContext = createDecryptionContext(encryptionSettings.getKeyLocator(), idUtil, map);
            Key key = null;
            Iterator it = ids.iterator();
            while (it.hasNext()) {
                Element resolveID = idUtil.resolveID(document, (String) it.next());
                if (resolveID != null) {
                    if (!EncryptedData.isOfType(resolveID)) {
                        throw SoapSecurityException.format("security.wssecurity.EncryptionReceiver.enc13", resolveID.getTagName());
                    }
                    checkEncryptionMethod(resolveID, encryptionSettings.getDataEncryptionMethod());
                    checkCipherData(resolveID);
                    createDecryptionContext.setKey((Key) null);
                    if (EncryptedKey.isOfType(element)) {
                        if (key == null) {
                            checkEncryptionMethod(element, encryptionSettings.getKeyEncryptionMethod());
                            checkCipherData(element);
                            key = decryptEncryptedKey(element, createDecryptionContext, resolveID);
                        }
                        createDecryptionContext.setKey(key);
                    }
                    ResultPool.add(map, decryptEncryptedData(resolveID, createDecryptionContext));
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke0(Document doc, Element target, Map context, EncryptionSettings settings)");
            }
        } catch (Exception e) {
            Tr.processException(e, clsName + ".invoke", "381", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "An exception while decrypting the message: {0}", e);
            }
            throw unwrapException(e);
        }
    }
}
