package com.sun.xml.wss.impl.apachecrypto;

import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey;
import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
import com.sun.org.apache.xml.internal.security.encryption.XMLEncryptionException;
import com.sun.xml.messaging.saaj.soap.AttachmentPartImpl;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.EncryptedDataHeaderBlock;
import com.sun.xml.wss.core.EncryptedKeyHeaderBlock;
import com.sun.xml.wss.core.KeyInfoHeaderBlock;
import com.sun.xml.wss.core.ReferenceListHeaderBlock;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.PolicyViolationException;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.misc.KeyResolver;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionTarget;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.impl.policy.verifier.EncryptionPolicyVerifier;
import com.sun.xml.wss.logging.LogDomainConstants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.activation.DataHandler;
import javax.activation.DataSource;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.mail.Header;
import javax.mail.MessagingException;
import javax.mail.internet.MimeBodyPart;
import javax.xml.namespace.QName;
import javax.xml.soap.AttachmentPart;
import javax.xml.soap.MimeHeader;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:spg-ui-war-2.1.35rel-2.1.24.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/apachecrypto/DecryptionProcessor.class */
public class DecryptionProcessor {
    protected static final Logger log = Logger.getLogger(LogDomainConstants.IMPL_CRYPTO_DOMAIN, LogDomainConstants.IMPL_CRYPTO_DOMAIN_BUNDLE);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:spg-ui-war-2.1.35rel-2.1.24.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/apachecrypto/DecryptionProcessor$AttachmentData.class */
    public static class AttachmentData implements EncryptedData {
        private String cid;
        private boolean contentOnly;

        public AttachmentData(String str, boolean z) {
            this.cid = null;
            this.contentOnly = false;
            this.cid = str;
            this.contentOnly = z;
        }

        public String getCID() {
            return this.cid;
        }

        public boolean isContentOnly() {
            return this.contentOnly;
        }

        public boolean equals(AttachmentData attachmentData) {
            return this.cid != null && this.cid.equals(attachmentData.getCID()) && this.contentOnly == attachmentData.isContentOnly();
        }

        @Override // com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.EncryptedData
        public boolean isElementData() {
            return false;
        }

        @Override // com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.EncryptedData
        public boolean isAttachmentData() {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:spg-ui-war-2.1.35rel-2.1.24.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/apachecrypto/DecryptionProcessor$EncryptedData.class */
    public interface EncryptedData {
        boolean isElementData();

        boolean isAttachmentData();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:spg-ui-war-2.1.35rel-2.1.24.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/apachecrypto/DecryptionProcessor$EncryptedElement.class */
    public static class EncryptedElement implements EncryptedData {
        private Element element;
        private boolean contentOnly;
        private EncryptionPolicy policy = null;

        public EncryptedElement(Element element, boolean z) {
            this.element = element;
            this.contentOnly = z;
        }

        public Element getElement() {
            return this.element;
        }

        public boolean getContentOnly() {
            return this.contentOnly;
        }

        public boolean equals(EncryptedElement encryptedElement) {
            return encryptedElement.getElement() == this.element && encryptedElement.getContentOnly() == this.contentOnly;
        }

        public void setpolicy(EncryptionPolicy encryptionPolicy) {
            this.policy = encryptionPolicy;
        }

        public EncryptionPolicy getPolicy() {
            return this.policy;
        }

        @Override // com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.EncryptedData
        public boolean isElementData() {
            return true;
        }

        @Override // com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.EncryptedData
        public boolean isAttachmentData() {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:spg-ui-war-2.1.35rel-2.1.24.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/apachecrypto/DecryptionProcessor$_DS.class */
    public static class _DS implements DataSource {
        byte[] _b;
        String _mt;

        _DS(byte[] bArr, String str) {
            this._b = null;
            this._mt = null;
            this._b = bArr;
            this._mt = str;
        }

        @Override // javax.activation.DataSource
        public InputStream getInputStream() throws IOException {
            return new ByteArrayInputStream(this._b);
        }

        @Override // javax.activation.DataSource
        public OutputStream getOutputStream() throws IOException {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(this._b, 0, this._b.length);
            return byteArrayOutputStream;
        }

        @Override // javax.activation.DataSource
        public String getName() {
            return "_DS";
        }

        @Override // javax.activation.DataSource
        public String getContentType() {
            return this._mt;
        }
    }

    public static void decrypt(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        SOAPElement currentHeaderElement = filterProcessingContext.getSecurableSoapMessage().findSecurityHeader().getCurrentHeaderElement();
        String localName = currentHeaderElement.getLocalName();
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "EncryptionProcessor:decrypt : LocalName is " + localName);
        }
        if (localName == null) {
            filterProcessingContext.setPVE(new PolicyViolationException("Expected one of EncryptedKey,EncryptedData,ReferenceList as per receiverrequirements, found none"));
            filterProcessingContext.isPrimaryPolicyViolation(true);
            return;
        }
        if (filterProcessingContext.getMode() == 0 || filterProcessingContext.getMode() == 1) {
            filterProcessingContext.setInferredPolicy(new EncryptionPolicy());
        }
        if (MessageConstants.ENCRYPTED_DATA_LNAME.equals(localName)) {
            processEncryptedData(currentHeaderElement, null, filterProcessingContext);
        } else if ("EncryptedKey".equals(localName)) {
            if (filterProcessingContext.getMode() == 3) {
                filterProcessingContext.getInferredSecurityPolicy().append(new EncryptionPolicy());
            }
            processEncryptedKey(filterProcessingContext, currentHeaderElement);
        } else if (!MessageConstants.XENC_REFERENCE_LIST_LNAME.equals(localName)) {
            filterProcessingContext.setPVE(new PolicyViolationException("Expected one of EncryptedKey,EncryptedData,ReferenceList as per receiverrequirements, found " + localName));
            filterProcessingContext.isPrimaryPolicyViolation(true);
            return;
        } else {
            if (filterProcessingContext.getMode() == 3) {
                filterProcessingContext.getInferredSecurityPolicy().append(new EncryptionPolicy());
            }
            decryptReferenceList(currentHeaderElement, null, null, filterProcessingContext);
        }
        if (filterProcessingContext.getMode() == 0) {
            new EncryptionPolicyVerifier(filterProcessingContext).verifyPolicy(filterProcessingContext.getSecurityPolicy(), filterProcessingContext.getInferredPolicy());
        }
    }

    public static void processEncryptedKey(FilterProcessingContext filterProcessingContext, SOAPElement sOAPElement) throws XWSSecurityException {
        boolean z = false;
        try {
            sOAPElement.normalize();
            filterProcessingContext.setExtraneousProperty(MessageConstants.EK_SHA1_VALUE, Base64.encode(MessageDigest.getInstance(MessageConstants.SHA_1).digest(Base64.decode(((Element) sOAPElement.getChildElements(new QName(MessageConstants.XENC_NS, MessageConstants.XENC_CIPHER_DATA_LNAME, MessageConstants.XENC_PREFIX)).next()).getElementsByTagNameNS(MessageConstants.XENC_NS, "CipherValue").item(0).getTextContent()))));
            String encryptionMethodURI = new EncryptedKeyHeaderBlock(sOAPElement).getEncryptionMethodURI();
            SecurityPolicy securityPolicy = filterProcessingContext.getSecurityPolicy();
            if (securityPolicy != null && PolicyTypeUtil.encryptionPolicy(securityPolicy)) {
                z = ((EncryptionPolicy) securityPolicy).isBSP();
            }
            EncryptionPolicy encryptionPolicy = null;
            if (filterProcessingContext.getMode() != 2) {
                encryptionPolicy = (EncryptionPolicy) filterProcessingContext.getInferredPolicy();
            }
            if (z && !MessageConstants.RSA_15_KEY_TRANSPORT.equals(encryptionMethodURI) && !"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(encryptionMethodURI) && !MessageConstants.TRIPLE_DES_KEY_WRAP.equals(encryptionMethodURI) && !MessageConstants.AES_KEY_WRAP_128.equals(encryptionMethodURI) && !MessageConstants.AES_KEY_WRAP_256.equals(encryptionMethodURI)) {
                log.log(Level.SEVERE, "WSS1227.keyEncryptionAlg.Violation");
                throw new XWSSecurityException("Violation of BSP5621.  KeyEncryption algorithmMUST be one of #rsa-1_5,#rsa-oaep-mgf1p,#kw-tripledes,#kw-aes256,#kw-aes128");
            }
            XMLCipher xMLCipher = XMLCipher.getInstance(encryptionMethodURI);
            EncryptedKey loadEncryptedKey = xMLCipher.loadEncryptedKey(sOAPElement);
            KeyInfoHeaderBlock keyInfoHeaderBlock = new KeyInfoHeaderBlock(loadEncryptedKey.getKeyInfo());
            SOAPElement sOAPElement2 = (SOAPElement) sOAPElement.getChildElements(SOAPFactory.newInstance().createName(MessageConstants.XENC_REFERENCE_LIST_LNAME, MessageConstants.XENC_PREFIX, MessageConstants.XENC_NS)).next();
            String dataEncryptionAlgorithm = getDataEncryptionAlgorithm(sOAPElement2, filterProcessingContext.getSecurableSoapMessage());
            if (z && !"http://www.w3.org/2001/04/xmlenc#tripledes-cbc".equalsIgnoreCase(dataEncryptionAlgorithm) && !MessageConstants.AES_BLOCK_ENCRYPTION_128.equalsIgnoreCase(dataEncryptionAlgorithm) && !MessageConstants.AES_BLOCK_ENCRYPTION_256.equalsIgnoreCase(dataEncryptionAlgorithm)) {
                log.log(Level.SEVERE, "WSS1228.DataEncryptionAlg.Violation");
                throw new XWSSecurityException("Violation of BSP5620 for DataEncryption Algo permitted values");
            }
            xMLCipher.init(4, KeyResolver.getKey(keyInfoHeaderBlock, false, filterProcessingContext));
            if (encryptionPolicy != null) {
                WSSPolicy wSSPolicy = (WSSPolicy) encryptionPolicy.getKeyBinding();
                if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy)) {
                    ((AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy).setKeyAlgorithm(encryptionMethodURI);
                } else if (PolicyTypeUtil.samlTokenPolicy(wSSPolicy)) {
                    ((AuthenticationTokenPolicy.SAMLAssertionBinding) wSSPolicy).setKeyAlgorithm(encryptionMethodURI);
                }
            }
            try {
                SecretKey secretKey = (SecretKey) xMLCipher.decryptKey(loadEncryptedKey, dataEncryptionAlgorithm);
                XMLCipher initXMLCipher = initXMLCipher(secretKey, dataEncryptionAlgorithm);
                filterProcessingContext.setExtraneousProperty(MessageConstants.SECRET_KEY_VALUE, secretKey);
                if (sOAPElement2 != null) {
                    decryptReferenceList(sOAPElement2, secretKey, initXMLCipher, filterProcessingContext);
                }
            } catch (XMLEncryptionException e) {
                log.log(Level.SEVERE, "WSS1200.error.decrypting.key");
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_CHECK, "Decryption of key encryption key failed", e);
            }
        } catch (WssSoapFaultException e2) {
            log.log(Level.SEVERE, "WSS1229.Error.Processing.EncrpytedKey");
            throw e2;
        } catch (Exception e3) {
            log.log(Level.SEVERE, "WSS1229.Error.Processing.EncrpytedKey");
            throw new XWSSecurityException(e3);
        }
    }

    private static void decryptReferenceList(SOAPElement sOAPElement, SecretKey secretKey, XMLCipher xMLCipher, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        int countAttachments;
        SOAPElement sOAPElement2;
        EncryptedData processEncryptedData;
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        ReferenceListHeaderBlock referenceListHeaderBlock = new ReferenceListHeaderBlock(sOAPElement);
        NodeList dataRefElements = referenceListHeaderBlock.getDataRefElements();
        int size = referenceListHeaderBlock.size();
        EncryptionPolicy encryptionPolicy = null;
        ArrayList arrayList = null;
        ArrayList arrayList2 = null;
        ArrayList arrayList3 = null;
        boolean z = false;
        boolean z2 = false;
        if (filterProcessingContext.getMode() == 0) {
            encryptionPolicy = (EncryptionPolicy) filterProcessingContext.getSecurityPolicy();
            ArrayList targetBindings = ((EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding()).getTargetBindings();
            arrayList = new ArrayList();
            arrayList2 = new ArrayList();
            int i = 0;
            while (i < targetBindings.size()) {
                int i2 = i;
                i++;
                EncryptionTarget encryptionTarget = (EncryptionTarget) targetBindings.get(i2);
                if (!encryptionTarget.getEnforce()) {
                    arrayList.add(encryptionTarget);
                } else if (encryptionTarget.getValue() == MessageConstants.PROCESS_ALL_ATTACHMENTS) {
                    if (arrayList3 == null) {
                        arrayList3 = new ArrayList();
                    }
                    z = true;
                } else {
                    arrayList2.add(encryptionTarget);
                }
            }
            if (arrayList2.size() > 0 || z) {
                z2 = true;
            }
        } else if (filterProcessingContext.getMode() == 1) {
            encryptionPolicy = new EncryptionPolicy();
            ((MessagePolicy) filterProcessingContext.getSecurityPolicy()).append(encryptionPolicy);
        }
        for (int i3 = 0; i3 < size; i3++) {
            String attribute = dataRefElements.item(i3).getAttribute("URI");
            SOAPElement elementById = securableSoapMessage.getElementById(attribute.substring(1));
            if (elementById.getLocalName() == MessageConstants.ENCRYPTED_HEADER_LNAME || elementById.getLocalName().equals(MessageConstants.ENCRYPTED_HEADER_LNAME)) {
                Iterator childElements = elementById.getChildElements();
                SOAPElement sOAPElement3 = null;
                while (true) {
                    sOAPElement2 = sOAPElement3;
                    if (!childElements.hasNext()) {
                        break;
                    } else {
                        sOAPElement3 = (SOAPElement) childElements.next();
                    }
                }
                if (sOAPElement2 == null) {
                    throw new XWSSecurityException("No EncryptedData child element found in EncryptedHeader");
                }
                processEncryptedData = processEncryptedData(sOAPElement2, secretKey, xMLCipher, filterProcessingContext, arrayList2, arrayList, encryptionPolicy, false);
            } else {
                processEncryptedData = processEncryptedData(elementById, secretKey, xMLCipher, filterProcessingContext, arrayList2, arrayList, encryptionPolicy, false);
            }
            if (filterProcessingContext.getMode() == 0 && z2) {
                if (processEncryptedData.isAttachmentData() && z) {
                    arrayList3.add(processEncryptedData);
                } else if (verifyTargets(securableSoapMessage, arrayList2, processEncryptedData, true)) {
                    continue;
                } else {
                    if (arrayList.size() == 0) {
                        log.log(Level.SEVERE, "WSS1230.failed.receiverReq");
                        throw new XWSSecurityException("Receiver requirement for URI" + attribute + " is not met");
                    }
                    if (!verifyTargets(securableSoapMessage, arrayList, processEncryptedData, false)) {
                        log.log(Level.SEVERE, "WSS1230.failed.receiverReq");
                        throw new XWSSecurityException("Receiver requirement for URI" + attribute + " is not met");
                    }
                }
            }
        }
        if (z && (countAttachments = securableSoapMessage.countAttachments()) > arrayList3.size()) {
            log.log(Level.SEVERE, "WSS1238.failed.receiverReq.attachments");
            throw new XWSSecurityException("Receiver requirement cid:* is not met,only " + arrayList3.size() + " attachments out of " + countAttachments + " were encrypted");
        }
        if (filterProcessingContext.getMode() != 0 || arrayList2.size() <= 0) {
            return;
        }
        log.log(Level.SEVERE, "WSS1239.failed.receiverReq.more");
        throw new XWSSecurityException("More receiver requirements specified than present in the message");
    }

    public static void processEncryptedData(SOAPElement sOAPElement, SecretKey secretKey, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        boolean z = false;
        if (filterProcessingContext.getMode() == 1) {
            EncryptionPolicy encryptionPolicy = new EncryptionPolicy();
            MessagePolicy messagePolicy = (MessagePolicy) filterProcessingContext.getSecurityPolicy();
            encryptionPolicy.isBSP(messagePolicy.isBSP());
            messagePolicy.append(encryptionPolicy);
            return;
        }
        if (filterProcessingContext.getMode() != 0) {
            if (filterProcessingContext.getMode() == 2) {
                return;
            } else {
                if (filterProcessingContext.getMode() == 3) {
                    filterProcessingContext.getInferredSecurityPolicy().append(new EncryptionPolicy());
                    return;
                }
                return;
            }
        }
        EncryptionPolicy encryptionPolicy2 = (EncryptionPolicy) filterProcessingContext.getSecurityPolicy();
        ArrayList targetBindings = ((EncryptionPolicy.FeatureBinding) encryptionPolicy2.getFeatureBinding()).getTargetBindings();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i = 0;
        while (i < targetBindings.size()) {
            int i2 = i;
            i++;
            EncryptionTarget encryptionTarget = (EncryptionTarget) targetBindings.get(i2);
            if (!encryptionTarget.getEnforce()) {
                arrayList.add(encryptionTarget);
            } else if (encryptionTarget.getValue() == MessageConstants.PROCESS_ALL_ATTACHMENTS) {
                log.log(Level.SEVERE, "WSS1201.cid_encrypt_all_notsupported");
            } else {
                arrayList2.add(encryptionTarget);
            }
        }
        if (arrayList2.size() > 0) {
            z = true;
        }
        String attribute = sOAPElement.getAttribute("Id");
        EncryptedElement encryptedElement = (EncryptedElement) processEncryptedData(sOAPElement, secretKey, null, filterProcessingContext, arrayList2, arrayList, encryptionPolicy2, true);
        if (arrayList2.size() > 1) {
            log.log(Level.SEVERE, "WSS1240.failed.receiverReq.moretargets");
            throw new XWSSecurityException("Receiver requirement has more targets specified");
        }
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        if (!z || verifyTargets(securableSoapMessage, arrayList2, encryptedElement, true)) {
            return;
        }
        if (arrayList.size() == 0) {
            log.log(Level.SEVERE, "WSS1241.failed.receiverReq.encryptedData");
            throw new XWSSecurityException("Receiver requirement for EncryptedData with ID " + attribute + " is not met");
        }
        if (verifyTargets(securableSoapMessage, arrayList, encryptedElement, false)) {
            return;
        }
        log.log(Level.SEVERE, "WSS1241.failed.receiverReq.encryptedData");
        throw new XWSSecurityException("Receiver requirement for EncryptedData ID " + attribute + " is not met");
    }

    public static EncryptedData processEncryptedData(SOAPElement sOAPElement, SecretKey secretKey, XMLCipher xMLCipher, FilterProcessingContext filterProcessingContext, ArrayList arrayList, ArrayList arrayList2, EncryptionPolicy encryptionPolicy, boolean z) throws XWSSecurityException {
        SecretKey secretKey2;
        EncryptedDataHeaderBlock encryptedDataHeaderBlock = new EncryptedDataHeaderBlock(sOAPElement);
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        KeyInfoHeaderBlock keyInfo = encryptedDataHeaderBlock.getKeyInfo();
        String encryptionMethodURI = encryptedDataHeaderBlock.getEncryptionMethodURI();
        EncryptionPolicy encryptionPolicy2 = (EncryptionPolicy) filterProcessingContext.getInferredPolicy();
        EncryptionPolicy encryptionPolicy3 = null;
        if (filterProcessingContext.getMode() == 3) {
            try {
                encryptionPolicy3 = (EncryptionPolicy) filterProcessingContext.getInferredSecurityPolicy().get(filterProcessingContext.getInferredSecurityPolicy().size() - 1);
            } catch (Exception e) {
                log.log(Level.SEVERE, "WSS1237.Error.Processing.EncrpytedData", (Throwable) e);
                throw new XWSSecurityException(e);
            }
        }
        if (encryptionPolicy2 != null) {
            ((EncryptionPolicy.FeatureBinding) encryptionPolicy2.getFeatureBinding()).setDataEncryptionAlgorithm(encryptionMethodURI);
        }
        if (keyInfo != null) {
            filterProcessingContext.setDataEncryptionAlgorithm(encryptionMethodURI);
            secretKey2 = (SecretKey) KeyResolver.getKey(keyInfo, false, filterProcessingContext);
            filterProcessingContext.setDataEncryptionAlgorithm(null);
        } else {
            if (secretKey == null) {
                log.log(Level.SEVERE, "WSS1231.null.SymmetricKey");
                throw new XWSSecurityException("Symmetric Key is null");
            }
            secretKey2 = secretKey;
        }
        if (secretKey2 == null) {
            log.log(Level.SEVERE, "WSS1202.couldnot.locate.symmetrickey");
            throw new XWSSecurityException("Couldn't locate symmetricKey for decryption");
        }
        boolean z2 = false;
        String type = encryptedDataHeaderBlock.getType();
        if (type.equals(MessageConstants.ATTACHMENT_CONTENT_ONLY_URI) || type.equals(MessageConstants.ATTACHMENT_COMPLETE_URI)) {
            z2 = true;
        }
        boolean z3 = false;
        Element element = null;
        AttachmentPart attachmentPart = null;
        AttachmentPartImpl attachmentPartImpl = new AttachmentPartImpl();
        if (z2) {
            String attribute = encryptedDataHeaderBlock.getCipherReference(false, null).getAttribute("URI");
            z3 = type.equals(MessageConstants.ATTACHMENT_CONTENT_ONLY_URI);
            try {
                AttachmentPart attachmentPart2 = securableSoapMessage.getAttachmentPart(attribute);
                Iterator allMimeHeaders = attachmentPart2.getAllMimeHeaders();
                while (allMimeHeaders.hasNext()) {
                    MimeHeader mimeHeader = (MimeHeader) allMimeHeaders.next();
                    attachmentPartImpl.setMimeHeader(mimeHeader.getName(), mimeHeader.getValue());
                }
                attachmentPartImpl.setDataHandler(attachmentPart2.getDataHandler());
                attachmentPart = decryptAttachment(securableSoapMessage, encryptedDataHeaderBlock, secretKey2);
                sOAPElement.detachNode();
            } catch (SOAPException e2) {
                log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", e2);
                throw new XWSSecurityException(e2);
            } catch (IOException e3) {
                log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", (Throwable) e3);
                throw new XWSSecurityException(e3);
            } catch (MessagingException e4) {
                log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", (Throwable) e4);
                throw new XWSSecurityException(e4);
            }
        } else {
            Node parentNode = sOAPElement.getParentNode();
            Node previousSibling = sOAPElement.getPreviousSibling();
            if (xMLCipher == null) {
                xMLCipher = initXMLCipher(secretKey2, encryptionMethodURI);
            }
            if (parentNode.getLocalName() == MessageConstants.ENCRYPTED_HEADER_LNAME || parentNode.getLocalName().equals(MessageConstants.ENCRYPTED_HEADER_LNAME)) {
                try {
                    sOAPElement.getParentNode().getParentNode().replaceChild(sOAPElement, parentNode);
                    parentNode = sOAPElement.getParentNode();
                    previousSibling = sOAPElement.getPreviousSibling();
                } catch (DOMException e5) {
                    log.log(Level.SEVERE, "WSS1242.exception.dom", (Throwable) e5);
                    throw new XWSSecurityException(e5);
                }
            }
            decryptElementWithCipher(xMLCipher, sOAPElement, securableSoapMessage);
            if (z && securableSoapMessage.findSecurityHeader().getCurrentHeaderBlockElement() == sOAPElement) {
                securableSoapMessage.findSecurityHeader().setCurrentHeaderElement(previousSibling == null ? (SOAPElement) parentNode.getFirstChild() : (SOAPElement) previousSibling.getNextSibling());
            }
            if (encryptedDataHeaderBlock.getType().equals(MessageConstants.ENCRYPT_ELEMENT_CONTENT)) {
                element = (Element) resolveEncryptedNode(parentNode, previousSibling, true);
                z3 = true;
            } else if (encryptedDataHeaderBlock.getType().equals(MessageConstants.ENCRYPT_ELEMENT)) {
                element = (Element) resolveEncryptedNode(parentNode, previousSibling, false);
                z3 = false;
            }
        }
        if (filterProcessingContext.getMode() == 1) {
            if (encryptionPolicy == null) {
                encryptionPolicy = new EncryptionPolicy();
            }
            EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding();
            EncryptionTarget encryptionTarget = new EncryptionTarget();
            encryptionTarget.setDataEncryptionAlgorithm(encryptionMethodURI);
            encryptionTarget.setContentOnly(z3);
            if (z2) {
                encryptionTarget.addCipherReferenceTransform(type);
            }
            if (attachmentPart != null) {
                encryptionTarget.setValue(attachmentPart.getContentId());
            } else {
                String attribute2 = element.getAttribute("Id");
                if ("".equals(attribute2)) {
                    attribute2 = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                }
                encryptionTarget.setValue(attribute2);
            }
            encryptionTarget.setType("uri");
            encryptionTarget.setElementData(element);
            Iterator transforms = encryptedDataHeaderBlock.getTransforms();
            if (transforms != null) {
                while (transforms.hasNext()) {
                    encryptionTarget.addCipherReferenceTransform((String) transforms.next());
                }
            }
            featureBinding.addTargetBinding(encryptionTarget);
            return null;
        }
        if (filterProcessingContext.getMode() == 0 || filterProcessingContext.getMode() == 2) {
            return z2 ? new AttachmentData(attachmentPart.getContentId(), z3) : new EncryptedElement(element, z3);
        }
        if (filterProcessingContext.getMode() != 3) {
            return null;
        }
        QName qName = new QName(element.getNamespaceURI(), element.getLocalName());
        EncryptionPolicy.FeatureBinding featureBinding2 = (EncryptionPolicy.FeatureBinding) encryptionPolicy3.getFeatureBinding();
        EncryptionTarget encryptionTarget2 = new EncryptionTarget();
        if (element.getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") || element.getNamespaceURI().equals(MessageConstants.WSSE11_NS) || element.getNamespaceURI().equals("http://schemas.xmlsoap.org/ws/2005/02/sc") || element.getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")) {
            String attribute3 = element.getAttribute("Id");
            if ("".equals(attribute3)) {
                attribute3 = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
            }
            encryptionTarget2.setValue(attribute3);
            encryptionTarget2.setType("uri");
        } else {
            encryptionTarget2.setQName(qName);
            encryptionTarget2.setType("qname");
        }
        encryptionTarget2.setDataEncryptionAlgorithm(encryptionMethodURI);
        encryptionTarget2.setContentOnly(z3);
        featureBinding2.addTargetBinding(encryptionTarget2);
        if (!qName.getLocalPart().equals(MessageConstants.SAML_ASSERTION_LNAME)) {
            return null;
        }
        featureBinding2.encryptsIssuedToken(true);
        return null;
    }

    private static String getDataEncryptionAlgorithm(SOAPElement sOAPElement, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        Element element;
        try {
            NodeList elementsByTagNameNS = securableSoapMessage.getElementById(((Element) new ReferenceListHeaderBlock(sOAPElement).getDataRefElements().item(0)).getAttribute("URI").substring(1)).getElementsByTagNameNS(MessageConstants.XENC_NS, "EncryptionMethod");
            if (elementsByTagNameNS.getLength() <= 0 || (element = (Element) elementsByTagNameNS.item(0)) == null) {
                return "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
            }
            String attribute = element.getAttribute("Algorithm");
            return "".equals(attribute) ? "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" : attribute;
        } catch (XWSSecurityException e) {
            log.log(Level.SEVERE, "WSS1233.failed.get.DataEncryptionAlgorithm", (Throwable) e);
            throw e;
        } catch (Exception e2) {
            log.log(Level.SEVERE, "WSS1233.failed.get.DataEncryptionAlgorithm", (Throwable) e2);
            throw new XWSSecurityException(e2);
        }
    }

    private static AttachmentPart decryptAttachment(SecurableSoapMessage securableSoapMessage, EncryptedDataHeaderBlock encryptedDataHeaderBlock, SecretKey secretKey) throws IOException, SOAPException, MessagingException, XWSSecurityException {
        String attribute = encryptedDataHeaderBlock.getCipherReference(false, null).getAttribute("URI");
        boolean equals = encryptedDataHeaderBlock.getType().equals(MessageConstants.ATTACHMENT_CONTENT_ONLY_URI);
        String mimeType = encryptedDataHeaderBlock.getMimeType();
        Element element = (Element) encryptedDataHeaderBlock.getTransforms().next();
        if (!element.getAttribute("Algorithm").equals(MessageConstants.ATTACHMENT_CONTENT_ONLY_TRANSFORM_URI)) {
            log.log(Level.SEVERE, "WSS1234.invalid.transform=");
            throw new XWSSecurityException("Unexpected ds:Transform, " + element.getAttribute("Algorithm"));
        }
        AttachmentPart attachmentPart = securableSoapMessage.getAttachmentPart(attribute);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        attachmentPart.getDataHandler().writeTo(byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        try {
            Cipher cipher = Cipher.getInstance(JCEMapper.translateURItoJCEID(encryptedDataHeaderBlock.getEncryptionMethodURI()));
            int blockSize = cipher.getBlockSize();
            byte[] bArr = new byte[blockSize];
            System.arraycopy(byteArray, 0, bArr, 0, blockSize);
            cipher.init(2, secretKey, new IvParameterSpec(bArr));
            byte[] doFinal = cipher.doFinal(byteArray, blockSize, byteArray.length - blockSize);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(doFinal);
            if (equals) {
                attachmentPart.setContentType(mimeType);
                String[] mimeHeader = attachmentPart.getMimeHeader("Content-Length");
                if (mimeHeader != null && !mimeHeader[0].equals("")) {
                    attachmentPart.setMimeHeader("Content-Length", Integer.toString(doFinal.length));
                }
                attachmentPart.clearContent();
                attachmentPart.setDataHandler(new DataHandler(new _DS(doFinal, mimeType)));
            } else {
                MimeBodyPart mimeBodyPart = new MimeBodyPart(byteArrayInputStream);
                String contentID = mimeBodyPart.getContentID();
                if (contentID == null || !attribute.substring(4).equals(contentID.substring(1, contentID.length() - 1))) {
                    log.log(Level.SEVERE, "WSS1234.unmatched.content-id");
                    throw new XWSSecurityException("Content-Ids in encrypted and decrypted attachments donot match");
                }
                attachmentPart.removeAllMimeHeaders();
                Enumeration allHeaders = mimeBodyPart.getAllHeaders();
                while (allHeaders.hasMoreElements()) {
                    Header header = (Header) allHeaders.nextElement();
                    attachmentPart.setMimeHeader(header.getName(), header.getValue());
                }
                attachmentPart.clearContent();
                attachmentPart.setDataHandler(mimeBodyPart.getDataHandler());
            }
            return attachmentPart;
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x0162, code lost:
    
        r6.remove(r10);
        r9 = true;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean verifyTargets(com.sun.xml.wss.impl.SecurableSoapMessage r5, java.util.ArrayList r6, com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.EncryptedData r7, boolean r8) throws com.sun.xml.wss.XWSSecurityException {
        /*
            Method dump skipped, instructions count: 376
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.verifyTargets(com.sun.xml.wss.impl.SecurableSoapMessage, java.util.ArrayList, com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor$EncryptedData, boolean):boolean");
    }

    private static boolean contains(List list, EncryptedElement encryptedElement) {
        for (int i = 0; i < list.size(); i++) {
            if (((EncryptedElement) list.get(i)).equals(encryptedElement)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isEquals(EncryptedData encryptedData, EncryptedData encryptedData2) {
        if (encryptedData.isElementData() && encryptedData2.isElementData()) {
            ((EncryptedElement) encryptedData).equals((EncryptedElement) encryptedData2);
            return false;
        }
        if (!encryptedData.isAttachmentData() || !encryptedData2.isAttachmentData()) {
            return false;
        }
        ((AttachmentData) encryptedData).equals((AttachmentData) encryptedData2);
        return false;
    }

    private static ArrayList getAllTargetElements(SecurableSoapMessage securableSoapMessage, EncryptionTarget encryptionTarget, boolean z) throws XWSSecurityException {
        ArrayList arrayList = new ArrayList();
        boolean contentOnly = encryptionTarget.getContentOnly();
        try {
            Object messageParts = securableSoapMessage.getMessageParts(encryptionTarget);
            if (messageParts instanceof SOAPElement) {
                contribute((Node) messageParts, arrayList, contentOnly);
            } else if (messageParts instanceof NodeList) {
                contribute((NodeList) messageParts, arrayList, contentOnly);
            } else if (messageParts instanceof Node) {
                contribute((Node) messageParts, arrayList, contentOnly);
            }
        } catch (XWSSecurityException e) {
            if (z) {
                log.log(Level.SEVERE, "WSS1235.failedto.get.targetElements", (Throwable) e);
                throw e;
            }
        }
        return arrayList;
    }

    private static void contribute(NodeList nodeList, ArrayList arrayList, boolean z) {
        for (int i = 0; i < nodeList.getLength(); i++) {
            contribute(nodeList.item(i), arrayList, z);
        }
    }

    private static void contribute(Node node, ArrayList arrayList, boolean z) {
        arrayList.add(new EncryptedElement((Element) node, z));
    }

    private static void contribute(AttachmentPart attachmentPart, ArrayList arrayList, boolean z) {
        arrayList.add(new AttachmentData(attachmentPart.getContentId(), z));
    }

    private static Node resolveEncryptedNode(Node node, Node node2, boolean z) {
        return !z ? node2 == null ? node.getFirstChild() : node2.getNextSibling() : node;
    }

    private static XMLCipher initXMLCipher(Key key, String str) throws XWSSecurityException {
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(str);
            xMLCipher.init(2, key);
            return xMLCipher;
        } catch (XMLEncryptionException e) {
            log.log(Level.SEVERE, "WSS1203.unableto.decrypt.message", new Object[]{e.getMessage()});
            throw new XWSSecurityException("Unable to decrypt message", e);
        }
    }

    private static Document decryptElementWithCipher(XMLCipher xMLCipher, SOAPElement sOAPElement, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        sOAPElement.normalize();
        try {
            return xMLCipher.doFinal(securableSoapMessage.getSOAPPart(), sOAPElement);
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1203.unableto.decrypt.message", new Object[]{e.getMessage()});
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_CHECK, "Unable to decrypt message", new XWSSecurityException("Unable to decrypt message", e));
        }
    }
}
