package com.ibm.xml.soapsec.enc;

import com.ibm.uddi.v3.client.apilayer.marshaler.UDDIV3Names;
import com.ibm.ws.wssecurity.xss4j.AlgorithmFactory;
import com.ibm.ws.wssecurity.xss4j.dsig.util.Base64;
import com.ibm.ws.wssecurity.xss4j.enc.EncryptionContext;
import com.ibm.ws.wssecurity.xss4j.enc.KeyInfoResolvingException;
import com.ibm.ws.wssecurity.xss4j.enc.ResourceShower;
import com.ibm.ws.wssecurity.xss4j.enc.StructureException;
import com.ibm.ws.wssecurity.xss4j.enc.type.CipherData;
import com.ibm.ws.wssecurity.xss4j.enc.type.CipherValue;
import com.ibm.ws.wssecurity.xss4j.enc.type.DataReference;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedData;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedKey;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedType;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptionMethod;
import com.ibm.ws.wssecurity.xss4j.enc.type.KeyInfo;
import com.ibm.ws.wssecurity.xss4j.enc.type.ReferenceList;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.config.KeyLocator;
import com.ibm.wsspi.wssecurity.config.KeyLocatorException;
import com.ibm.xml.soapsec.Constants;
import com.ibm.xml.soapsec.Request;
import com.ibm.xml.soapsec.RequestPool;
import com.ibm.xml.soapsec.SoapSecurityComponent;
import com.ibm.xml.soapsec.util.DOMUtil;
import com.ibm.xml.soapsec.util.IdUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.faces.validator.BeanValidator;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:lib/com.ibm.ws.webservices.thinclient_8.5.0.jar:com/ibm/xml/soapsec/enc/EncryptionSender.class */
public class EncryptionSender implements SoapSecurityComponent {
    private static final TraceComponent tc = Tr.register(EncryptionSender.class, Constants.TR_GROUP, "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String comp = "security.wssecurity";
    private EncryptionSenderConfig fConfig;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.ws.webservices.thinclient_8.5.0.jar:com/ibm/xml/soapsec/enc/EncryptionSender$ShowerImpl.class */
    public static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        public void showEncryptedResource(byte[] bArr, Object obj, Element element) {
            String str = null;
            try {
                str = EncryptedData.isOfType(element) ? new String(bArr, "UTF-8") : Base64.encode(bArr);
            } catch (Exception e) {
                Tr.debug(EncryptionSender.tc, "WARNING: An exception occured while the content is encoded with [UTF-8].");
            }
            if (EncryptedData.isOfType(element)) {
                Tr.debug(EncryptionSender.tc, "ResourceShower logs encrypt-" + element.getAttribute(UDDIV3Names.kATTRNAME_ID) + ": " + str);
            } else {
                Tr.debug(EncryptionSender.tc, "ResourceShower logs encrypt-EncryptedKey: " + str);
            }
        }

        static /* synthetic */ ShowerImpl access$000() {
            return getInstance();
        }
    }

    private Map createEncryptionSettingsToRequestsMap(Set set, EncryptionSettings encryptionSettings, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createEncryptionSettingsToRequestsMap(" + set + BeanValidator.VALIDATION_GROUPS_DELIMITER + encryptionSettings + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + ")");
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str.equals("bodycontent")) {
                RequestPool.add(map, new EncryptionRequest(encryptionSettings));
            } else if (!str.equals("usernametoken")) {
                throw SoapSecurityException.format("security.wssecurity.EncryptionSender.enc03", str);
            }
        }
        Request[] requestArr = RequestPool.get(map, EncryptionRequest.class);
        HashMap hashMap = new HashMap();
        for (Request request : requestArr) {
            EncryptionRequest encryptionRequest = (EncryptionRequest) request;
            EncryptionSettings encryptionSettings2 = encryptionRequest.getEncryptionSettings();
            if (!hashMap.containsKey(encryptionSettings2)) {
                hashMap.put(encryptionSettings2, new ArrayList());
            }
            ((List) hashMap.get(encryptionSettings2)).add(encryptionRequest);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createEncryptionSettingsToRequestsMap(Set parts, EncryptionSettings settings, Map context) returns " + hashMap);
        }
        return hashMap;
    }

    private EncryptionContext createEncryptionContext(KeyLocator keyLocator, Map map) throws KeyLocatorException, NoSuchAlgorithmException, SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createEncryptionContext(" + keyLocator + ")");
        }
        EncryptionContext encryptionContext = new EncryptionContext();
        encryptionContext.setAlgorithmFactory(AlgorithmFactory.getInstance());
        encryptionContext.setKeyInfoResolver(new KeyIdentifierKeyResolver(keyLocator, 1, map, true));
        if (tc.isDebugEnabled()) {
            encryptionContext.setResourceShower(ShowerImpl.access$000());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createEncryptionContext(KeyLocator locator) returns " + encryptionContext);
        }
        return encryptionContext;
    }

    private boolean isKeyGenerated(EncryptionSettings encryptionSettings) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isKeyGenerated(" + encryptionSettings + ")");
        }
        boolean z = encryptionSettings.getKeyEncryptionMethod() != null;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isKeyGenerated(EncryptionSettings settings) returns " + z);
        }
        return z;
    }

    private EncryptedData createEncryptedData(EncryptionSettings encryptionSettings, boolean z, KeyLocator keyLocator, Document document, Object obj) throws KeyLocatorException, NoSuchAlgorithmException, SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createEncryptedData(" + encryptionSettings + BeanValidator.VALIDATION_GROUPS_DELIMITER + z + BeanValidator.VALIDATION_GROUPS_DELIMITER + keyLocator + BeanValidator.VALIDATION_GROUPS_DELIMITER + document + BeanValidator.VALIDATION_GROUPS_DELIMITER + obj + ")");
        }
        EncryptedData encryptedData = new EncryptedData();
        setEncryptionMethod(encryptedData, encryptionSettings.getDataEncryptionMethod());
        if (!z) {
            setKeyInfo(encryptedData, encryptionSettings.getKeyName(), keyLocator, document, obj);
        }
        setCipherData(encryptedData);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createEncryptedData(EncryptionSettings settings, boolean keyGen, KeyLocator locator,  Document factory, Object context) returns " + encryptedData);
        }
        return encryptedData;
    }

    private void setEncryptionMethod(EncryptedType encryptedType, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setEncryptionMethod(" + encryptedType + BeanValidator.VALIDATION_GROUPS_DELIMITER + str + ")");
        }
        EncryptionMethod encryptionMethod = new EncryptionMethod();
        encryptionMethod.setAlgorithm(str);
        encryptedType.setEncryptionMethod(encryptionMethod);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setEncryptionMethod(EncryptedType encType, String algorithm)");
        }
    }

    private void setKeyInfo(EncryptedType encryptedType, String str, KeyLocator keyLocator, Document document, Object obj) throws KeyLocatorException, NoSuchAlgorithmException, SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setKeyInfo(" + encryptedType + BeanValidator.VALIDATION_GROUPS_DELIMITER + str + BeanValidator.VALIDATION_GROUPS_DELIMITER + keyLocator + BeanValidator.VALIDATION_GROUPS_DELIMITER + document + BeanValidator.VALIDATION_GROUPS_DELIMITER + obj + ")");
        }
        KeyInfo keyInfo = new KeyInfo();
        KeyIdentifierKeyResolver.addKeyId(keyInfo, keyLocator, str, document, null, null, obj);
        encryptedType.setKeyInfo(keyInfo);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setKeyInfo(EncryptedType encType, String name, KeyLocator locator, Document factory, Object context)");
        }
    }

    private void setCipherData(EncryptedType encryptedType) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setCipherData(" + encryptedType + ")");
        }
        CipherValue cipherValue = new CipherValue();
        CipherData cipherData = new CipherData();
        cipherData.setCipherValue(cipherValue);
        encryptedType.setCipherData(cipherData);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setCipherData(EncryptedType encType)");
        }
    }

    private Key generateKey(EncryptionContext encryptionContext, EncryptedData encryptedData, Document document) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, StructureException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateKey(" + encryptionContext + BeanValidator.VALIDATION_GROUPS_DELIMITER + encryptedData + BeanValidator.VALIDATION_GROUPS_DELIMITER + document + ")");
        }
        encryptionContext.setEncryptedType(encryptedData.createElement(document, true), (String) null, (Element) null, (Element) null);
        Key generateKey = encryptionContext.generateKey();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "generateKey(EncryptionContext context, EncryptedData encData, Document factory) returns " + generateKey);
        }
        return generateKey;
    }

    private List encryptData(List list, EncryptionContext encryptionContext, EncryptedData encryptedData, Document document) throws BadPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, KeyInfoResolvingException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, SoapSecurityException, StructureException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encryptData(" + list + BeanValidator.VALIDATION_GROUPS_DELIMITER + encryptionContext + BeanValidator.VALIDATION_GROUPS_DELIMITER + encryptedData + BeanValidator.VALIDATION_GROUPS_DELIMITER + document + ")");
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(0, encryptData((EncryptionRequest) it.next(), encryptionContext, encryptedData, document));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "encryptData(List requests, EncryptionContext context, EncryptedData encData, Document doc) returns " + arrayList);
        }
        return arrayList;
    }

    private String encryptData(EncryptionRequest encryptionRequest, EncryptionContext encryptionContext, EncryptedData encryptedData, Document document) throws BadPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, KeyInfoResolvingException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, SoapSecurityException, StructureException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encryptData(" + encryptionRequest + BeanValidator.VALIDATION_GROUPS_DELIMITER + encryptionContext + BeanValidator.VALIDATION_GROUPS_DELIMITER + encryptedData + BeanValidator.VALIDATION_GROUPS_DELIMITER + document + ")");
        }
        Element element = null;
        String str = "http://www.w3.org/2001/04/xmlenc#Element";
        if (encryptionRequest.isBodyContent()) {
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://schemas.xmlsoap.org/soap/envelope/", "Body");
            if (elementsByTagNameNS.getLength() <= 0) {
                throw SoapSecurityException.format("security.wssecurity.EncryptionSender.enc02");
            }
            element = (Element) elementsByTagNameNS.item(0);
            str = "http://www.w3.org/2001/04/xmlenc#Content";
        } else {
            String id = encryptionRequest.getId();
            if (id != null) {
                element = IdUtil.getInstance().resolveID(document, id);
                if (element == null) {
                    throw SoapSecurityException.format("security.wssecurity.EncryptionSender.enc08", id);
                }
                if (encryptionRequest.isContentOnly()) {
                    str = "http://www.w3.org/2001/04/xmlenc#Content";
                }
            }
        }
        String makeUniqueId = IdUtil.getInstance().makeUniqueId(document, "wssecurity_encryption_id_");
        encryptedData.setId(makeUniqueId);
        encryptedData.setType(str);
        encryptData(element, encryptionContext, encryptedData.createElement(document, true));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "encryptData(EncryptionRequest request, EncryptionContext context, EncryptedData encData, Document doc) returns " + makeUniqueId);
        }
        return makeUniqueId;
    }

    private void encryptData(Element element, EncryptionContext encryptionContext, Element element2) throws BadPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, KeyInfoResolvingException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, StructureException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encryptData(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + encryptionContext + BeanValidator.VALIDATION_GROUPS_DELIMITER + element2 + ")");
        }
        encryptionContext.setData(element);
        encryptionContext.setEncryptedType(element2, (String) null, (Element) null, (Element) null);
        encryptionContext.encrypt();
        encryptionContext.replace();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "encryptData(Element elem, EncryptionContext context, Element encData)");
        }
    }

    private EncryptedKey createEncryptedKey(EncryptionSettings encryptionSettings, KeyLocator keyLocator, Document document, List list, Object obj) throws KeyLocatorException, NoSuchAlgorithmException, SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createEncryptedKey(" + encryptionSettings + BeanValidator.VALIDATION_GROUPS_DELIMITER + keyLocator + BeanValidator.VALIDATION_GROUPS_DELIMITER + document + BeanValidator.VALIDATION_GROUPS_DELIMITER + list + BeanValidator.VALIDATION_GROUPS_DELIMITER + obj + ")");
        }
        EncryptedKey encryptedKey = new EncryptedKey();
        setEncryptionMethod(encryptedKey, encryptionSettings.getKeyEncryptionMethod());
        setKeyInfo(encryptedKey, encryptionSettings.getKeyName(), keyLocator, document, obj);
        setCipherData(encryptedKey);
        encryptedKey.setReferenceList(createReferenceList(list));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createEncryptedKey(EncryptionSettings settings, KeyLocator locator, Document factory, List ids, Object context) returns " + encryptedKey);
        }
        return encryptedKey;
    }

    private void encryptKey(Key key, EncryptionContext encryptionContext, Element element) throws BadPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, KeyInfoResolvingException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, StructureException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encryptKey(" + key + BeanValidator.VALIDATION_GROUPS_DELIMITER + encryptionContext + BeanValidator.VALIDATION_GROUPS_DELIMITER + element + ")");
        }
        encryptionContext.setData(key);
        encryptionContext.setEncryptedType(element, (String) null, (Element) null, (Element) null);
        encryptionContext.encrypt();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "encryptKey(Key key, EncryptionContext context, Element encKey)");
        }
    }

    private ReferenceList createReferenceList(List list) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createReferenceList(" + list + ")");
        }
        ReferenceList referenceList = new ReferenceList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            DataReference dataReference = new DataReference();
            dataReference.setURI("#" + str);
            referenceList.addDataReference(dataReference);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createReferenceList(List ids) returns " + referenceList);
        }
        return referenceList;
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void init(Map map) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(" + map + ")");
        }
        this.fConfig = (EncryptionSenderConfig) map.get(EncryptionSenderConfig.class);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void invoke(Document document, Element element, Map map) throws Exception {
        Element createElement;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(" + document + BeanValidator.VALIDATION_GROUPS_DELIMITER + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + ")");
        }
        Set confidentialParts = this.fConfig.getConfidentialParts();
        EncryptionSettings encryptionSettings = this.fConfig.getEncryptionSettings();
        Map createEncryptionSettingsToRequestsMap = createEncryptionSettingsToRequestsMap(confidentialParts, encryptionSettings, map);
        KeyLocator keyLocator = encryptionSettings.getKeyLocator();
        EncryptionContext createEncryptionContext = createEncryptionContext(keyLocator, map);
        if (createEncryptionSettingsToRequestsMap.containsKey(encryptionSettings)) {
            boolean isKeyGenerated = isKeyGenerated(encryptionSettings);
            EncryptedData createEncryptedData = createEncryptedData(encryptionSettings, isKeyGenerated, keyLocator, document, map);
            createEncryptionContext.setKey((Key) null);
            Key key = null;
            if (isKeyGenerated) {
                key = generateKey(createEncryptionContext, createEncryptedData, document);
            }
            List encryptData = encryptData((List) createEncryptionSettingsToRequestsMap.get(encryptionSettings), createEncryptionContext, createEncryptedData, document);
            if (isKeyGenerated) {
                createElement = createEncryptedKey(encryptionSettings, keyLocator, document, encryptData, map).createElement(document, true);
                createEncryptionContext.setKey((Key) null);
                encryptKey(key, createEncryptionContext, createElement);
            } else {
                createElement = createReferenceList(encryptData).createElement(document, true);
            }
            element.insertBefore(createElement, element.getFirstChild());
            element.insertBefore(document.createTextNode("\n      "), createElement);
            DOMUtil.indent(createElement, 6, 2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Document doc, Element target, Map context)");
        }
    }
}
