package com.sun.xml.wss.impl.apachecrypto;

import com.sun.xml.rpc.wsdl.parser.Constants;
import com.sun.xml.util.XMLCipherAdapter;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.SecurityContextToken;
import com.sun.xml.ws.security.impl.DerivedKeyTokenImpl;
import com.sun.xml.ws.security.trust.GenericToken;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.DerivedKeyTokenHeaderBlock;
import com.sun.xml.wss.core.EncryptedDataHeaderBlock;
import com.sun.xml.wss.core.EncryptedHeaderBlock;
import com.sun.xml.wss.core.KeyInfoHeaderBlock;
import com.sun.xml.wss.core.ReferenceListHeaderBlock;
import com.sun.xml.wss.core.SecurityContextTokenImpl;
import com.sun.xml.wss.core.SecurityHeader;
import com.sun.xml.wss.core.SecurityTokenReference;
import com.sun.xml.wss.core.X509SecurityToken;
import com.sun.xml.wss.core.reference.DirectReference;
import com.sun.xml.wss.core.reference.EncryptedKeySHA1Identifier;
import com.sun.xml.wss.impl.AlgorithmSuite;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.XMLUtil;
import com.sun.xml.wss.impl.keyinfo.KeyIdentifierStrategy;
import com.sun.xml.wss.impl.keyinfo.KeyInfoStrategy;
import com.sun.xml.wss.impl.keyinfo.KeyNameStrategy;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.misc.KeyResolver;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionTarget;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.impl.resolver.AttachmentSignatureInput;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.saml.Assertion;
import com.sun.xml.wss.saml.SAMLException;
import com.sun.xml.wss.swa.MimeConstants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.activation.DataHandler;
import javax.activation.DataSource;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
import javax.xml.soap.AttachmentPart;
import javax.xml.soap.MimeHeader;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPPart;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.EncryptionConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/sun/xml/wss/impl/apachecrypto/EncryptionProcessor.class */
public class EncryptionProcessor {
    private static byte[] crlf;
    protected static final Logger log = Logger.getLogger(LogDomainConstants.IMPL_CRYPTO_DOMAIN, LogDomainConstants.IMPL_CRYPTO_DOMAIN_BUNDLE);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/xml/wss/impl/apachecrypto/EncryptionProcessor$EncryptedAttachmentDataHandler.class */
    public static class EncryptedAttachmentDataHandler extends DataHandler {
        EncryptedAttachmentDataHandler(DataSource dataSource) {
            super(dataSource);
        }

        public void writeTo(OutputStream outputStream) throws IOException {
            ((ByteArrayOutputStream) getDataSource().getOutputStream()).writeTo(outputStream);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/xml/wss/impl/apachecrypto/EncryptionProcessor$EncryptedAttachmentDataSource.class */
    public static class EncryptedAttachmentDataSource implements DataSource {
        byte[] datasource;

        EncryptedAttachmentDataSource(byte[] bArr) {
            this.datasource = bArr;
        }

        public String getContentType() {
            return MimeConstants.APPLICATION_OCTET_STREAM_TYPE;
        }

        public InputStream getInputStream() throws IOException {
            return new ByteArrayInputStream(this.datasource);
        }

        public String getName() {
            return "Encrypted Attachment DataSource";
        }

        public OutputStream getOutputStream() throws IOException {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(this.datasource, 0, this.datasource.length);
            return byteArrayOutputStream;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1160, types: [javax.xml.soap.SOAPElement] */
    /* JADX WARN: Type inference failed for: r0v1167, types: [javax.xml.soap.SOAPElement] */
    /* JADX WARN: Type inference failed for: r0v1191, types: [com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding] */
    /* JADX WARN: Type inference failed for: r0v24, types: [com.sun.xml.wss.impl.policy.mls.WSSPolicy] */
    /* JADX WARN: Type inference failed for: r0v361, types: [javax.xml.soap.SOAPElement] */
    /* JADX WARN: Type inference failed for: r0v665, types: [javax.xml.soap.SOAPElement] */
    /* JADX WARN: Type inference failed for: r0v672, types: [javax.xml.soap.SOAPElement] */
    public static void encrypt(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        Element element;
        SymmetricKeyBinding symmetricKeyBinding;
        Element convertSTRToElement;
        SymmetricKeyBinding symmetricKeyBinding2;
        Element encryptElement;
        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding;
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        SecurityHeader findOrCreateSecurityHeader = securableSoapMessage.findOrCreateSecurityHeader();
        SecretKey secretKey = null;
        SecretKey secretKey2 = null;
        X509Certificate x509Certificate = null;
        Key key = null;
        KeyInfoStrategy keyInfoStrategy = null;
        String str = null;
        String str2 = null;
        String str3 = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
        String str4 = null;
        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2 = null;
        WSSPolicy wSSPolicy = (WSSPolicy) filterProcessingContext.getSecurityPolicy();
        EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) wSSPolicy.getFeatureBinding();
        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding3 = (WSSPolicy) wSSPolicy.getKeyBinding();
        AlgorithmSuite algorithmSuite = filterProcessingContext.getAlgorithmSuite();
        SecurityTokenReference securityTokenReference = null;
        SecurityTokenReference securityTokenReference2 = null;
        SecurityTokenReference securityTokenReference3 = null;
        SecurityTokenReference securityTokenReference4 = null;
        SecurityTokenReference securityTokenReference5 = null;
        DerivedKeyTokenHeaderBlock derivedKeyTokenHeaderBlock = null;
        SecurityContextTokenImpl securityContextTokenImpl = null;
        boolean z = false;
        SOAPElement sOAPElement = null;
        boolean z2 = false;
        boolean z3 = true;
        boolean z4 = false;
        SecurityTokenReference securityTokenReference6 = null;
        SOAPElement sOAPElement2 = null;
        Element element2 = null;
        boolean z5 = false;
        boolean z6 = true;
        boolean z7 = false;
        SecretKey secretKey3 = null;
        String generateId = filterProcessingContext.getSecurableSoapMessage().generateId();
        String str5 = null;
        boolean z8 = false;
        boolean z9 = false;
        HashMap encryptedKeyCache = filterProcessingContext.getEncryptedKeyCache();
        X509SecurityToken x509SecurityToken = null;
        SecurableSoapMessage securableSoapMessage2 = filterProcessingContext.getSecurableSoapMessage();
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "KeyBinding in Encryption is " + x509CertificateBinding3);
        }
        boolean equals = Constants.TRUE.equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicyReceiver"));
        boolean equals2 = Constants.TRUE.equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicySender"));
        boolean z10 = equals && equals2 && getEKSHA1Ref(filterProcessingContext) != null;
        boolean z11 = !equals2;
        String dataEncryptionAlgorithm = featureBinding.getDataEncryptionAlgorithm();
        if ((dataEncryptionAlgorithm == null || "".equals(dataEncryptionAlgorithm)) && filterProcessingContext.getAlgorithmSuite() != null) {
            dataEncryptionAlgorithm = filterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm();
        }
        if (dataEncryptionAlgorithm != null && !"".equals(dataEncryptionAlgorithm)) {
            str3 = dataEncryptionAlgorithm;
        }
        String asymmetricKeyAlgorithm = filterProcessingContext.getAlgorithmSuite() != null ? filterProcessingContext.getAlgorithmSuite().getAsymmetricKeyAlgorithm() : "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
        if (PolicyTypeUtil.derivedTokenKeyBinding(x509CertificateBinding3)) {
            ?? r0 = (DerivedTokenKeyBinding) x509CertificateBinding3.clone();
            WSSPolicy originalKeyBinding = r0.getOriginalKeyBinding();
            if (PolicyTypeUtil.x509CertificateBinding(originalKeyBinding)) {
                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding4 = (AuthenticationTokenPolicy.X509CertificateBinding) originalKeyBinding.clone();
                SymmetricKeyBinding symmetricKeyBinding3 = new SymmetricKeyBinding();
                symmetricKeyBinding3.setKeyBinding(x509CertificateBinding4);
                r0.setOriginalKeyBinding(symmetricKeyBinding3);
                x509CertificateBinding3 = r0;
            }
        }
        if (PolicyTypeUtil.usernameTokenPolicy(x509CertificateBinding3)) {
            log.log(Level.SEVERE, "WSS1210.unsupported.UsernameToken.AsKeyBinding.EncryptionPolicy");
            throw new XWSSecurityException("UsernameToken as KeyBinding for EncryptionPolicy is Not Yet Supported");
        }
        if (PolicyTypeUtil.x509CertificateBinding(x509CertificateBinding3)) {
            z9 = true;
            if (filterProcessingContext.getX509CertificateBinding() != null) {
                x509CertificateBinding = filterProcessingContext.getX509CertificateBinding();
                filterProcessingContext.setX509CertificateBinding(null);
            } else {
                x509CertificateBinding = x509CertificateBinding3;
            }
            str2 = x509CertificateBinding.getUUID();
            if (str2 == null || str2.equals("")) {
                str2 = securableSoapMessage.generateId();
            }
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "Certificate was " + ((Object) null));
                log.log(Level.FINEST, "BinaryToken ID " + str2);
            }
            HashMap tokenCache = filterProcessingContext.getTokenCache();
            HashMap insertedX509Cache = filterProcessingContext.getInsertedX509Cache();
            SecurityUtil.checkIncludeTokenPolicy(filterProcessingContext, x509CertificateBinding, str2);
            x509Certificate = x509CertificateBinding.getX509Certificate();
            String referenceType = x509CertificateBinding.getReferenceType();
            if (referenceType.equals("Identifier") && x509CertificateBinding.getValueType().equals(MessageConstants.X509v1_NS)) {
                log.log(Level.SEVERE, "WSS1211.unsupported.KeyIdentifierStrategy.X509v1");
                throw new XWSSecurityException("Key Identifier strategy with X509v1 certificate is not allowed");
            }
            keyInfoStrategy = KeyInfoStrategy.getInstance(referenceType);
            keyInfoStrategy.setCertificate(x509Certificate);
            if ("Direct".equals(referenceType)) {
                X509SecurityToken x509SecurityToken2 = (X509SecurityToken) tokenCache.get(str2);
                if (x509SecurityToken2 == null) {
                    String valueType = x509CertificateBinding.getValueType();
                    if (valueType == null || valueType.equals("")) {
                        valueType = MessageConstants.X509v3_NS;
                    }
                    x509SecurityToken2 = new X509SecurityToken(securableSoapMessage.getSOAPPart(), x509Certificate, str2, valueType);
                }
                if (insertedX509Cache.get(str2) == null) {
                    securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(x509SecurityToken2);
                    insertedX509Cache.put(str2, x509SecurityToken2);
                    x509SecurityToken = securableSoapMessage.findOrCreateSecurityHeader().getNextSiblingOfTimestamp();
                } else {
                    x509SecurityToken = securableSoapMessage.getElementByWsuId(str2);
                }
            }
            String keyAlgorithm = x509CertificateBinding.getKeyAlgorithm();
            if (keyAlgorithm != null && !keyAlgorithm.equals("")) {
                asymmetricKeyAlgorithm = keyAlgorithm;
            }
            secretKey = SecurityUtil.generateSymmetricKey(str3);
        } else if (PolicyTypeUtil.symmetricKeyBinding(x509CertificateBinding3)) {
            if (filterProcessingContext.getSymmetricKeyBinding() != null) {
                symmetricKeyBinding2 = filterProcessingContext.getSymmetricKeyBinding();
                filterProcessingContext.setSymmetricKeyBinding(null);
            } else {
                symmetricKeyBinding2 = x509CertificateBinding3;
            }
            if (!symmetricKeyBinding2.getKeyIdentifier().equals(MessageConstants._EMPTY)) {
                asymmetricKeyAlgorithm = symmetricKeyBinding2.getKeyAlgorithm();
                if (asymmetricKeyAlgorithm != null && !"".equals(asymmetricKeyAlgorithm)) {
                    secretKey = SecurityUtil.generateSymmetricKey(str3);
                }
                keyInfoStrategy = KeyInfoStrategy.getInstance("KeyName");
                secretKey2 = symmetricKeyBinding2.getSecretKey();
                str4 = symmetricKeyBinding2.getKeyIdentifier();
                secretKey2.getAlgorithm();
                if (secretKey == null) {
                    ((KeyNameStrategy) keyInfoStrategy).setKeyName(str4);
                    secretKey = secretKey2;
                    secretKey2 = null;
                }
            } else if (z10) {
                String eKSHA1Ref = getEKSHA1Ref(filterProcessingContext);
                secretKey = symmetricKeyBinding2.getSecretKey();
                new KeyInfoHeaderBlock((Document) securableSoapMessage2.getSOAPPart());
                securityTokenReference3 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                EncryptedKeySHA1Identifier encryptedKeySHA1Identifier = new EncryptedKeySHA1Identifier((Document) securableSoapMessage2.getSOAPPart());
                encryptedKeySHA1Identifier.setReferenceValue(eKSHA1Ref);
                securityTokenReference3.setReference(encryptedKeySHA1Identifier);
                keyInfoStrategy = KeyInfoStrategy.getInstance(MessageConstants.EK_SHA1_TYPE);
            } else if (equals2 || z11) {
                secretKey = symmetricKeyBinding2.getSecretKey();
                z9 = true;
                if (!symmetricKeyBinding2.getCertAlias().equals(MessageConstants._EMPTY)) {
                    x509CertificateBinding2 = new AuthenticationTokenPolicy.X509CertificateBinding();
                    x509CertificateBinding2.setCertificateIdentifier(symmetricKeyBinding2.getCertAlias());
                    x509CertificateBinding2.setX509Certificate(filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), x509CertificateBinding2.getCertificateIdentifier(), false));
                    x509CertificateBinding2.setReferenceType("Direct");
                } else if (filterProcessingContext.getX509CertificateBinding() != null) {
                    x509CertificateBinding2 = filterProcessingContext.getX509CertificateBinding();
                    filterProcessingContext.setX509CertificateBinding(null);
                }
                x509Certificate = x509CertificateBinding2.getX509Certificate();
                str2 = x509CertificateBinding2.getUUID();
                if (str2 == null || str2.equals("")) {
                    str2 = securableSoapMessage.generateId();
                }
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "Certificate was " + x509Certificate);
                    log.log(Level.FINEST, "BinaryToken ID " + str2);
                }
                HashMap tokenCache2 = filterProcessingContext.getTokenCache();
                HashMap insertedX509Cache2 = filterProcessingContext.getInsertedX509Cache();
                SecurityUtil.checkIncludeTokenPolicy(filterProcessingContext, x509CertificateBinding2, str2);
                X509SecurityToken x509SecurityToken3 = (X509SecurityToken) tokenCache2.get(str2);
                if (x509SecurityToken3 == null) {
                    String valueType2 = x509CertificateBinding2.getValueType();
                    if (valueType2 == null || valueType2.equals("")) {
                        valueType2 = MessageConstants.X509v3_NS;
                    }
                    x509SecurityToken3 = new X509SecurityToken(securableSoapMessage.getSOAPPart(), x509Certificate, str2, valueType2);
                    tokenCache2.put(str2, x509SecurityToken3);
                    filterProcessingContext.setCurrentSecret(secretKey);
                } else {
                    z8 = true;
                    secretKey = filterProcessingContext.getCurrentSecret();
                }
                securityTokenReference3 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                DirectReference directReference = new DirectReference();
                str5 = (String) encryptedKeyCache.get(str2);
                if (str5 == null) {
                    str5 = generateId;
                }
                directReference.setURI("#" + str5);
                directReference.setValueType(MessageConstants.EncryptedKey_NS);
                securityTokenReference3.setReference(directReference);
                if (!z8) {
                    str = x509CertificateBinding2.getReferenceType();
                    if (str.equals("Identifier") && x509CertificateBinding2.getValueType().equals(MessageConstants.X509v1_NS)) {
                        log.log(Level.SEVERE, "WSS1211.unsupported.KeyIdentifierStrategy.X509v1");
                        throw new XWSSecurityException("Key Identifier strategy with X509v1 is not allowed");
                    }
                    keyInfoStrategy = KeyInfoStrategy.getInstance(str);
                    keyInfoStrategy.setCertificate(x509Certificate);
                    filterProcessingContext.setExtraneousProperty("SecretKey", secretKey);
                }
                if ("Direct".equals(str)) {
                    if (insertedX509Cache2.get(str2) == null) {
                        securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(x509SecurityToken3);
                        insertedX509Cache2.put(str2, x509SecurityToken3);
                        x509SecurityToken = securableSoapMessage.findOrCreateSecurityHeader().getNextSiblingOfTimestamp();
                    } else {
                        x509SecurityToken = securableSoapMessage.getElementByWsuId(str2);
                    }
                }
            }
        } else if (PolicyTypeUtil.samlTokenPolicy(x509CertificateBinding3)) {
            AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) x509CertificateBinding3;
            try {
                Assertion fromElement = System.getProperty("com.sun.xml.wss.saml.binding.jaxb") == null ? sAMLAssertionBinding.getAssertion().getAttributeNode(MessageConstants.SAML_ID_LNAME) != null ? com.sun.xml.wss.saml.assertion.saml20.jaxb20.Assertion.fromElement(sAMLAssertionBinding.getAssertion()) : com.sun.xml.wss.saml.assertion.saml11.jaxb20.Assertion.fromElement(sAMLAssertionBinding.getAssertion()) : null;
                if (fromElement == null) {
                    log.log(Level.SEVERE, "WSS1213.null.SAMLAssertion");
                    throw new XWSSecurityException("SAML Assertion is NULL");
                }
                HashMap tokenCache3 = filterProcessingContext.getTokenCache();
                String assertionID = fromElement.getAssertionID();
                tokenCache3.put(assertionID, fromElement);
                key = KeyResolver.resolveSamlAssertion(filterProcessingContext.getSecurableSoapMessage(), sAMLAssertionBinding.getAssertion(), true, filterProcessingContext, assertionID);
                if (!"".equals(sAMLAssertionBinding.getKeyAlgorithm())) {
                    asymmetricKeyAlgorithm = sAMLAssertionBinding.getKeyAlgorithm();
                }
                secretKey = SecurityUtil.generateSymmetricKey(str3);
                if (sAMLAssertionBinding.getReferenceType().equals("Embedded")) {
                    log.log(Level.SEVERE, "WSS1215.unsupported.EmbeddedReference.SAMLAssertion");
                    throw new XWSSecurityException("Embedded Reference Type for SAML Assertions not supported yet");
                }
                String assertionID2 = fromElement != null ? fromElement.getAssertionID() : null;
                Element authorityBinding = sAMLAssertionBinding.getAuthorityBinding();
                securityTokenReference = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                String strid = sAMLAssertionBinding.getSTRID();
                if (strid == null) {
                    strid = securableSoapMessage.generateId();
                }
                securityTokenReference.setWsuId(strid);
                if (authorityBinding != null) {
                    securityTokenReference.setSamlAuthorityBinding(authorityBinding, securableSoapMessage.getSOAPPart());
                }
                keyInfoStrategy = new KeyIdentifierStrategy(assertionID2);
                keyInfoStrategy.insertKey(securityTokenReference, securableSoapMessage);
            } catch (SAMLException e) {
                log.log(Level.SEVERE, "WSS1212.error.SAMLAssertionException");
                throw new XWSSecurityException(e);
            }
        } else if (PolicyTypeUtil.issuedTokenKeyBinding(x509CertificateBinding3)) {
            IssuedTokenContext trustContext = filterProcessingContext.getTrustContext();
            try {
                secretKey = new SecretKeySpec(trustContext.getProofKey(), SecurityUtil.getSecretKeyAlgorithm(str3));
                GenericToken genericToken = (GenericToken) trustContext.getSecurityToken();
                IssuedTokenKeyBinding issuedTokenKeyBinding = (IssuedTokenKeyBinding) x509CertificateBinding3;
                String uuid = issuedTokenKeyBinding.getUUID();
                HashMap tokenCache4 = filterProcessingContext.getTokenCache();
                Object obj = tokenCache4.get(uuid);
                String includeToken = issuedTokenKeyBinding.getIncludeToken();
                z6 = IssuedTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(includeToken) || IssuedTokenKeyBinding.INCLUDE_ALWAYS.equals(includeToken) || IssuedTokenKeyBinding.INCLUDE_ALWAYS_VER2.equals(includeToken) || IssuedTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT_VER2.equals(includeToken);
                if (z6 && genericToken == null) {
                    log.log(Level.SEVERE, "WSS1217.null.IssueToken");
                    throw new XWSSecurityException("Issued Token to be inserted into the Message was Null");
                }
                if (genericToken != null) {
                    Element element3 = (Element) genericToken.getTokenValue();
                    if (obj == null) {
                        sOAPElement2 = XMLUtil.convertToSoapElement(securableSoapMessage2.getSOAPPart(), element3);
                        if ("".equals(sOAPElement2.getAttribute("Id")) && "EncryptedData".equals(sOAPElement2.getLocalName())) {
                            sOAPElement2.setAttribute("Id", securableSoapMessage2.generateId());
                        }
                        tokenCache4.put(uuid, sOAPElement2);
                    } else {
                        z5 = true;
                        element2 = securableSoapMessage2.getElementById(SecurityUtil.getWsuIdOrId((Element) obj));
                        if (element2 == null) {
                            log.log(Level.SEVERE, "WSS1218.unableto.locate.IssueToken.Message");
                            throw new XWSSecurityException("Could not locate Issued Token in Message");
                        }
                    }
                }
                if (z6) {
                    if (trustContext.getAttachedSecurityTokenReference() == null) {
                        log.log(Level.SEVERE, "WSS1219.unableto.refer.Attached.IssueToken");
                        throw new XWSSecurityException("Cannot determine how to reference the Attached Issued Token in the Message");
                    }
                    convertSTRToElement = SecurityUtil.convertSTRToElement(trustContext.getAttachedSecurityTokenReference().getTokenValue(), securableSoapMessage2.getSOAPPart());
                } else {
                    if (trustContext.getUnAttachedSecurityTokenReference() == null) {
                        log.log(Level.SEVERE, "WSS1220.unableto.refer.Un-Attached.IssueToken");
                        throw new XWSSecurityException("Cannot determine how to reference the Un-Attached Issued Token in the Message");
                    }
                    convertSTRToElement = SecurityUtil.convertSTRToElement(trustContext.getUnAttachedSecurityTokenReference().getTokenValue(), securableSoapMessage2.getSOAPPart());
                }
                securityTokenReference5 = new SecurityTokenReference(XMLUtil.convertToSoapElement(securableSoapMessage2.getSOAPPart(), (Element) securableSoapMessage2.getSOAPPart().importNode(convertSTRToElement, true)), false);
                SecurityUtil.updateSamlVsKeyCache(securityTokenReference5, filterProcessingContext, secretKey);
            } catch (Exception e2) {
                log.log(Level.SEVERE, "WSS1216.unableto.get.symmetrickey.Encryption");
                throw new XWSSecurityException(e2);
            }
        } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(x509CertificateBinding3)) {
            SecureConversationTokenKeyBinding secureConversationTokenKeyBinding = (SecureConversationTokenKeyBinding) x509CertificateBinding3;
            String uuid2 = secureConversationTokenKeyBinding.getUUID();
            HashMap tokenCache5 = filterProcessingContext.getTokenCache();
            securityContextTokenImpl = (SecurityContextTokenImpl) tokenCache5.get(uuid2);
            IssuedTokenContext secureConversationContext = filterProcessingContext.getSecureConversationContext();
            if (securityContextTokenImpl == null) {
                SecurityContextToken securityContextToken = (SecurityContextToken) secureConversationContext.getSecurityToken();
                if (securityContextToken == null) {
                    log.log(Level.SEVERE, "WSS1221.null.SecureConversationToken");
                    throw new XWSSecurityException("SecureConversation Token not Found");
                }
                securityContextTokenImpl = new SecurityContextTokenImpl(securableSoapMessage2.getSOAPPart(), securityContextToken.getIdentifier().toString(), securityContextToken.getInstance(), securityContextToken.getWsuId(), securityContextToken.getExtElements());
                tokenCache5.put(uuid2, securityContextTokenImpl);
            } else {
                z = true;
                sOAPElement = securableSoapMessage2.getElementByWsuId(securityContextTokenImpl.getWsuId());
            }
            if (securityContextTokenImpl.getWsuId() == null) {
                securityContextTokenImpl.setId(securableSoapMessage2.generateId());
            }
            String wsuId = securityContextTokenImpl.getWsuId();
            securityTokenReference2 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
            DirectReference directReference2 = new DirectReference();
            if (SecureConversationTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(secureConversationTokenKeyBinding.getIncludeToken()) || SecureConversationTokenKeyBinding.INCLUDE_ALWAYS.equals(secureConversationTokenKeyBinding.getIncludeToken())) {
                directReference2.setURI("#" + wsuId);
            } else {
                z3 = false;
                directReference2.setSCTURI(securityContextTokenImpl.getIdentifier().toString(), securityContextTokenImpl.getInstance());
            }
            securityTokenReference2.setReference(directReference2);
            keyInfoStrategy = KeyInfoStrategy.getInstance("Direct");
            secretKey = new SecretKeySpec(secureConversationContext.getProofKey(), SecurityUtil.getSecretKeyAlgorithm(str3));
        } else {
            if (!PolicyTypeUtil.derivedTokenKeyBinding(x509CertificateBinding3)) {
                log.log(Level.SEVERE, "WSS1222.unsupported.KeyBinding.EncryptionPolicy");
                throw new XWSSecurityException("Unsupported Key Binding for EncryptionPolicy");
            }
            WSSPolicy originalKeyBinding2 = ((DerivedTokenKeyBinding) x509CertificateBinding3.clone()).getOriginalKeyBinding();
            String encryptionAlgorithm = algorithmSuite != null ? algorithmSuite.getEncryptionAlgorithm() : null;
            long lengthFromAlgorithm = SecurityUtil.getLengthFromAlgorithm(encryptionAlgorithm);
            if (!PolicyTypeUtil.x509CertificateBinding(originalKeyBinding2)) {
                if (PolicyTypeUtil.symmetricKeyBinding(originalKeyBinding2)) {
                    if (filterProcessingContext.getSymmetricKeyBinding() != null) {
                        symmetricKeyBinding = filterProcessingContext.getSymmetricKeyBinding();
                        filterProcessingContext.setSymmetricKeyBinding(null);
                    } else {
                        symmetricKeyBinding = (SymmetricKeyBinding) originalKeyBinding2;
                    }
                    if (z10) {
                        String eKSHA1Ref2 = getEKSHA1Ref(filterProcessingContext);
                        secretKey3 = symmetricKeyBinding.getSecretKey();
                        DerivedKeyTokenImpl derivedKeyTokenImpl = new DerivedKeyTokenImpl(0L, lengthFromAlgorithm, secretKey3.getEncoded());
                        String generateId2 = securableSoapMessage2.generateId();
                        String encode = Base64.encode(derivedKeyTokenImpl.getNonce());
                        try {
                            secretKey = derivedKeyTokenImpl.generateSymmetricKey(SecurityUtil.getSecretKeyAlgorithm(encryptionAlgorithm));
                            SecurityTokenReference securityTokenReference7 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                            EncryptedKeySHA1Identifier encryptedKeySHA1Identifier2 = new EncryptedKeySHA1Identifier((Document) securableSoapMessage2.getSOAPPart());
                            encryptedKeySHA1Identifier2.setReferenceValue(eKSHA1Ref2);
                            securityTokenReference7.setReference(encryptedKeySHA1Identifier2);
                            derivedKeyTokenHeaderBlock = new DerivedKeyTokenHeaderBlock(findOrCreateSecurityHeader.getOwnerDocument(), securityTokenReference7, encode, derivedKeyTokenImpl.getOffset(), derivedKeyTokenImpl.getLength(), generateId2);
                            DirectReference directReference3 = new DirectReference();
                            directReference3.setURI("#" + generateId2);
                            securityTokenReference3 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                            securityTokenReference3.setReference(directReference3);
                        } catch (Exception e3) {
                            log.log(Level.SEVERE, "WSS1216.unableto.get.symmetrickey.Encryption");
                            throw new XWSSecurityException(e3);
                        }
                    } else if (equals2 || z11) {
                        z7 = true;
                        secretKey3 = symmetricKeyBinding.getSecretKey();
                        if (filterProcessingContext.getX509CertificateBinding() != null) {
                            x509CertificateBinding2 = filterProcessingContext.getX509CertificateBinding();
                            filterProcessingContext.setX509CertificateBinding(null);
                            x509CertificateBinding2.getX509Certificate();
                        }
                        x509Certificate = x509CertificateBinding2.getX509Certificate();
                        String referenceType2 = x509CertificateBinding2.getReferenceType();
                        keyInfoStrategy = KeyInfoStrategy.getInstance(referenceType2);
                        keyInfoStrategy.setCertificate(x509Certificate);
                        str2 = x509CertificateBinding2.getUUID();
                        if (str2 == null || str2.equals("")) {
                            str2 = securableSoapMessage.generateId();
                        }
                        if (log.isLoggable(Level.FINEST)) {
                            log.log(Level.FINEST, "Certificate was " + x509Certificate);
                            log.log(Level.FINEST, "BinaryToken ID " + str2);
                        }
                        HashMap tokenCache6 = filterProcessingContext.getTokenCache();
                        HashMap insertedX509Cache3 = filterProcessingContext.getInsertedX509Cache();
                        SecurityUtil.checkIncludeTokenPolicy(filterProcessingContext, x509CertificateBinding2, str2);
                        X509SecurityToken x509SecurityToken4 = (X509SecurityToken) filterProcessingContext.getInsertedX509Cache().get(str2);
                        X509SecurityToken x509SecurityToken5 = (X509SecurityToken) tokenCache6.get(str2);
                        if (x509SecurityToken5 == null) {
                            if (x509SecurityToken4 != null) {
                                x509SecurityToken5 = x509SecurityToken4;
                                tokenCache6.put(str2, x509SecurityToken4);
                            } else {
                                String valueType3 = x509CertificateBinding2.getValueType();
                                if (valueType3 == null || valueType3.equals("")) {
                                    valueType3 = MessageConstants.X509v3_NS;
                                }
                                x509SecurityToken5 = new X509SecurityToken(securableSoapMessage.getSOAPPart(), x509Certificate, str2, valueType3);
                                tokenCache6.put(str2, x509SecurityToken5);
                            }
                            filterProcessingContext.setCurrentSecret(secretKey3);
                            filterProcessingContext.setExtraneousProperty("SecretKey", secretKey3);
                        } else {
                            z8 = true;
                            secretKey3 = filterProcessingContext.getCurrentSecret();
                        }
                        if (x509SecurityToken4 != null) {
                            x509SecurityToken = x509SecurityToken4;
                        } else if ("Direct".equals(referenceType2)) {
                            securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(x509SecurityToken5);
                            insertedX509Cache3.put(str2, x509SecurityToken5);
                            x509SecurityToken = securableSoapMessage.findOrCreateSecurityHeader().getNextSiblingOfTimestamp();
                        }
                        DerivedKeyTokenImpl derivedKeyTokenImpl2 = new DerivedKeyTokenImpl(0L, lengthFromAlgorithm, secretKey3.getEncoded());
                        String generateId3 = securableSoapMessage2.generateId();
                        String encode2 = Base64.encode(derivedKeyTokenImpl2.getNonce());
                        try {
                            secretKey = derivedKeyTokenImpl2.generateSymmetricKey(SecurityUtil.getSecretKeyAlgorithm(encryptionAlgorithm));
                            SecurityTokenReference securityTokenReference8 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                            DirectReference directReference4 = new DirectReference();
                            str5 = (String) encryptedKeyCache.get(str2);
                            if (str5 == null) {
                                str5 = generateId;
                            }
                            directReference4.setURI("#" + str5);
                            directReference4.setValueType(MessageConstants.EncryptedKey_NS);
                            securityTokenReference8.setReference(directReference4);
                            derivedKeyTokenHeaderBlock = new DerivedKeyTokenHeaderBlock(findOrCreateSecurityHeader.getOwnerDocument(), securityTokenReference8, encode2, derivedKeyTokenImpl2.getOffset(), derivedKeyTokenImpl2.getLength(), generateId3);
                            DirectReference directReference5 = new DirectReference();
                            directReference5.setURI("#" + generateId3);
                            securityTokenReference3 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                            securityTokenReference3.setReference(directReference5);
                        } catch (Exception e4) {
                            log.log(Level.SEVERE, "WSS1216.unableto.get.symmetrickey.Encryption");
                            throw new XWSSecurityException(e4);
                        }
                    }
                } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(originalKeyBinding2)) {
                    z2 = true;
                    SecureConversationTokenKeyBinding secureConversationTokenKeyBinding2 = (SecureConversationTokenKeyBinding) originalKeyBinding2;
                    String uuid3 = secureConversationTokenKeyBinding2.getUUID();
                    HashMap tokenCache7 = filterProcessingContext.getTokenCache();
                    securityContextTokenImpl = (SecurityContextTokenImpl) tokenCache7.get(uuid3);
                    IssuedTokenContext secureConversationContext2 = filterProcessingContext.getSecureConversationContext();
                    if (securityContextTokenImpl == null) {
                        SecurityContextToken securityContextToken2 = (SecurityContextToken) secureConversationContext2.getSecurityToken();
                        if (securityContextToken2 == null) {
                            log.log(Level.SEVERE, "WSS1221.null.SecureConversationToken");
                            throw new XWSSecurityException("SecureConversation Token not Found");
                        }
                        securityContextTokenImpl = new SecurityContextTokenImpl(securableSoapMessage2.getSOAPPart(), securityContextToken2.getIdentifier().toString(), securityContextToken2.getInstance(), securityContextToken2.getWsuId(), securityContextToken2.getExtElements());
                        tokenCache7.put(uuid3, securityContextTokenImpl);
                    } else {
                        z = true;
                        sOAPElement = securableSoapMessage2.getElementByWsuId(securityContextTokenImpl.getWsuId());
                    }
                    if (securityContextTokenImpl.getWsuId() == null) {
                        securityContextTokenImpl.setId(securableSoapMessage2.generateId());
                    }
                    String wsuId2 = securityContextTokenImpl.getWsuId();
                    DerivedKeyTokenImpl derivedKeyTokenImpl3 = new DerivedKeyTokenImpl(0L, lengthFromAlgorithm, filterProcessingContext.getSecureConversationContext().getProofKey());
                    String generateId4 = securableSoapMessage2.generateId();
                    String encode3 = Base64.encode(derivedKeyTokenImpl3.getNonce());
                    try {
                        secretKey = derivedKeyTokenImpl3.generateSymmetricKey(SecurityUtil.getSecretKeyAlgorithm(str3));
                        SecurityTokenReference securityTokenReference9 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                        DirectReference directReference6 = new DirectReference();
                        if (SecureConversationTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(secureConversationTokenKeyBinding2.getIncludeToken()) || SecureConversationTokenKeyBinding.INCLUDE_ALWAYS.equals(secureConversationTokenKeyBinding2.getIncludeToken())) {
                            directReference6.setURI("#" + wsuId2);
                        } else {
                            z3 = false;
                            directReference6.setSCTURI(securityContextTokenImpl.getIdentifier().toString(), securityContextTokenImpl.getInstance());
                        }
                        securityTokenReference9.setReference(directReference6);
                        derivedKeyTokenHeaderBlock = new DerivedKeyTokenHeaderBlock(findOrCreateSecurityHeader.getOwnerDocument(), securityTokenReference9, encode3, derivedKeyTokenImpl3.getOffset(), derivedKeyTokenImpl3.getLength(), generateId4);
                        DirectReference directReference7 = new DirectReference();
                        directReference7.setURI("#" + generateId4);
                        securityTokenReference4 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                        securityTokenReference4.setReference(directReference7);
                    } catch (Exception e5) {
                        log.log(Level.SEVERE, "WSS1216.unableto.get.symmetrickey.Encryption");
                        throw new XWSSecurityException(e5);
                    }
                } else if (PolicyTypeUtil.issuedTokenKeyBinding(originalKeyBinding2)) {
                    z4 = true;
                    IssuedTokenContext trustContext2 = filterProcessingContext.getTrustContext();
                    DerivedKeyTokenImpl derivedKeyTokenImpl4 = new DerivedKeyTokenImpl(0L, lengthFromAlgorithm, trustContext2.getProofKey());
                    String generateId5 = securableSoapMessage2.generateId();
                    String encode4 = Base64.encode(derivedKeyTokenImpl4.getNonce());
                    try {
                        SecretKeySpec secretKeySpec = new SecretKeySpec(trustContext2.getProofKey(), SecurityUtil.getSecretKeyAlgorithm(str3));
                        try {
                            secretKey = derivedKeyTokenImpl4.generateSymmetricKey(SecurityUtil.getSecretKeyAlgorithm(str3));
                            GenericToken genericToken2 = (GenericToken) trustContext2.getSecurityToken();
                            IssuedTokenKeyBinding issuedTokenKeyBinding2 = (IssuedTokenKeyBinding) originalKeyBinding2;
                            String uuid4 = issuedTokenKeyBinding2.getUUID();
                            HashMap tokenCache8 = filterProcessingContext.getTokenCache();
                            Object obj2 = tokenCache8.get(uuid4);
                            String includeToken2 = issuedTokenKeyBinding2.getIncludeToken();
                            z6 = IssuedTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(includeToken2) || IssuedTokenKeyBinding.INCLUDE_ALWAYS.equals(includeToken2) || IssuedTokenKeyBinding.INCLUDE_ALWAYS_VER2.equals(includeToken2) || IssuedTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT_VER2.equals(includeToken2);
                            if (z6 && genericToken2 == null) {
                                log.log(Level.SEVERE, "WSS1217.null.IssueToken");
                                throw new XWSSecurityException("Issued Token to be inserted into the Message was Null");
                            }
                            if (genericToken2 != null) {
                                Element element4 = (Element) genericToken2.getTokenValue();
                                if (obj2 == null) {
                                    sOAPElement2 = XMLUtil.convertToSoapElement(securableSoapMessage2.getSOAPPart(), element4);
                                    if ("".equals(sOAPElement2.getAttribute("Id")) && "EncryptedData".equals(sOAPElement2.getLocalName())) {
                                        sOAPElement2.setAttribute("Id", securableSoapMessage2.generateId());
                                    }
                                    tokenCache8.put(uuid4, sOAPElement2);
                                } else {
                                    z5 = true;
                                    element2 = securableSoapMessage2.getElementById(SecurityUtil.getWsuIdOrId((Element) obj2));
                                    if (element2 == null) {
                                        log.log(Level.SEVERE, "WSS1218.unableto.locate.IssueToken.Message");
                                        throw new XWSSecurityException("Could not locate Issued Token in Message");
                                    }
                                }
                            }
                            if (z6) {
                                if (trustContext2.getAttachedSecurityTokenReference() == null) {
                                    log.log(Level.SEVERE, "WSS1219.unableto.refer.Attached.IssueToken");
                                    throw new XWSSecurityException("Cannot determine how to reference the Attached Issued Token in the Message");
                                }
                                element = (Element) trustContext2.getAttachedSecurityTokenReference().getTokenValue();
                            } else {
                                if (trustContext2.getUnAttachedSecurityTokenReference() == null) {
                                    log.log(Level.SEVERE, "WSS1220.unableto.refer.Un-Attached.IssueToken");
                                    throw new XWSSecurityException("Cannot determine how to reference the Un-Attached Issued Token in the Message");
                                }
                                element = (Element) trustContext2.getUnAttachedSecurityTokenReference().getTokenValue();
                            }
                            SecurityTokenReference securityTokenReference10 = new SecurityTokenReference(XMLUtil.convertToSoapElement(securableSoapMessage2.getSOAPPart(), (Element) ((Element) securableSoapMessage2.getSOAPPart().importNode(element, true)).cloneNode(true)), false);
                            if (secretKeySpec != null) {
                                SecurityUtil.updateSamlVsKeyCache(securityTokenReference10, filterProcessingContext, secretKeySpec);
                            }
                            derivedKeyTokenHeaderBlock = new DerivedKeyTokenHeaderBlock(findOrCreateSecurityHeader.getOwnerDocument(), securityTokenReference10, encode4, derivedKeyTokenImpl4.getOffset(), derivedKeyTokenImpl4.getLength(), generateId5);
                            DirectReference directReference8 = new DirectReference();
                            directReference8.setURI("#" + generateId5);
                            securityTokenReference6 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                            securityTokenReference6.setReference(directReference8);
                        } catch (Exception e6) {
                            log.log(Level.SEVERE, "WSS1216.unableto.get.symmetrickey.Encryption");
                            throw new XWSSecurityException(e6);
                        }
                    } catch (Exception e7) {
                        log.log(Level.SEVERE, "WSS1216.unableto.get.symmetrickey.Encryption");
                        throw new XWSSecurityException(e7);
                    }
                }
            }
        }
        XMLCipher xMLCipher = null;
        Cipher cipher = null;
        try {
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "KeyEncryption algorithm is " + asymmetricKeyAlgorithm);
            }
            if (x509Certificate != null) {
                xMLCipher = XMLCipher.getInstance(asymmetricKeyAlgorithm);
                xMLCipher.init(3, x509Certificate.getPublicKey());
            } else if (key != null) {
                xMLCipher = XMLCipher.getInstance(asymmetricKeyAlgorithm);
                xMLCipher.init(3, key);
            } else if (secretKey2 != null) {
                xMLCipher = XMLCipher.getInstance(asymmetricKeyAlgorithm);
                xMLCipher.init(3, secretKey2);
            }
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "Data encryption algorithm is " + str3);
            }
            JCEMapper.translateURItoJCEID(str3);
            XMLCipher xMLCipher2 = XMLCipher.getInstance(str3);
            xMLCipher2.init(1, secretKey);
            ArrayList targetBindings = featureBinding.getTargetBindings();
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            Iterator it = targetBindings.iterator();
            while (it.hasNext()) {
                EncryptionTarget encryptionTarget = (EncryptionTarget) it.next();
                Boolean valueOf = Boolean.valueOf(encryptionTarget.getContentOnly());
                if (MessageConstants.PROCESS_ALL_ATTACHMENTS.equals(encryptionTarget.getValue())) {
                    Iterator attachments = securableSoapMessage.getAttachments();
                    while (attachments.hasNext()) {
                        arrayList.add(new Object[]{(AttachmentPart) attachments.next(), valueOf});
                    }
                } else {
                    Object messageParts = securableSoapMessage.getMessageParts(encryptionTarget);
                    encryptionTarget.getCipherReferenceTransforms();
                    if (messageParts != null) {
                        if (messageParts instanceof AttachmentPart) {
                            arrayList.add(new Object[]{messageParts, valueOf});
                        } else if (messageParts instanceof Node) {
                            arrayList2.add(new Object[]{messageParts, valueOf});
                        } else if (messageParts instanceof NodeList) {
                            for (int i = 0; i < ((NodeList) messageParts).getLength(); i++) {
                                arrayList2.add(new Object[]{((NodeList) messageParts).item(i), valueOf});
                            }
                        }
                    }
                }
            }
            if (arrayList2.isEmpty() && arrayList.isEmpty() && log.isLoggable(Level.WARNING)) {
                log.log(Level.WARNING, "None of the specified Encryption Parts found in the Message");
            }
            EncryptedKey encryptedKey = null;
            ReferenceListHeaderBlock referenceListHeaderBlock = null;
            ReferenceListHeaderBlock referenceListHeaderBlock2 = null;
            if (xMLCipher != null && !z8) {
                try {
                    encryptedKey = !z7 ? xMLCipher.encryptKey(securableSoapMessage.getSOAPPart(), secretKey) : xMLCipher.encryptKey(securableSoapMessage.getSOAPPart(), secretKey3);
                    encryptedKey.setId(generateId);
                    encryptedKeyCache.put(str2, generateId);
                    KeyInfoHeaderBlock keyInfoHeaderBlock = new KeyInfoHeaderBlock((Document) securableSoapMessage.getSOAPPart());
                    if (securityTokenReference != null) {
                        keyInfoHeaderBlock.addSecurityTokenReference(securityTokenReference);
                    } else if (x509Certificate != null) {
                        keyInfoStrategy.insertKey(keyInfoHeaderBlock, securableSoapMessage, str2);
                    } else if (secretKey2 != null) {
                        keyInfoHeaderBlock.addKeyName(str4);
                    }
                    encryptedKey.setKeyInfo(keyInfoHeaderBlock.getKeyInfo());
                } catch (Exception e8) {
                    log.log(Level.SEVERE, "WSS1223.unableto.set.KeyInfo.EncryptedKey", (Throwable) e8);
                    throw new XWSSecurityException(e8);
                }
            }
            if (encryptedKey != null && !z7 && !z9) {
                referenceListHeaderBlock = new ReferenceListHeaderBlock((Document) securableSoapMessage.getSOAPPart());
            }
            Node node = x509SecurityToken != null ? (SOAPElement) x509SecurityToken.getNextSibling() : null;
            Iterator it2 = arrayList.iterator();
            if (it2.hasNext()) {
                try {
                    cipher = XMLCipherAdapter.constructCipher(str3);
                    cipher.init(1, secretKey);
                } catch (Exception e9) {
                    log.log(Level.SEVERE, "WSS1205.unableto.initialize.xml.cipher", (Throwable) e9);
                    throw new XWSSecurityException("Unable to initialize XML Cipher", e9);
                }
            }
            while (it2.hasNext()) {
                Object[] objArr = (Object[]) it2.next();
                AttachmentPart attachmentPart = (AttachmentPart) objArr[0];
                boolean booleanValue = ((Boolean) objArr[1]).booleanValue();
                EncryptedDataHeaderBlock encryptedDataHeaderBlock = new EncryptedDataHeaderBlock();
                String generateId6 = securableSoapMessage.generateId();
                encryptedDataHeaderBlock.setId(generateId6);
                encryptedDataHeaderBlock.setType(booleanValue ? MessageConstants.ATTACHMENT_CONTENT_ONLY_URI : MessageConstants.ATTACHMENT_COMPLETE_URI);
                encryptedDataHeaderBlock.setMimeType(attachmentPart.getContentType());
                String contentId = attachmentPart.getContentId();
                encryptedDataHeaderBlock.getCipherReference(true, contentId != null ? (contentId.charAt(0) == '<' && contentId.charAt(contentId.length() - 1) == '>') ? "cid:" + contentId.substring(1, contentId.length() - 1) : "cid:" + contentId : attachmentPart.getContentLocation());
                encryptedDataHeaderBlock.setEncryptionMethod(str3);
                encryptedDataHeaderBlock.addTransform(MessageConstants.ATTACHMENT_CONTENT_ONLY_TRANSFORM_URI);
                encryptAttachment(attachmentPart, booleanValue, cipher);
                if (referenceListHeaderBlock != null) {
                    referenceListHeaderBlock.addReference("#" + generateId6);
                }
                if (node == null && x509SecurityToken == null) {
                    findOrCreateSecurityHeader.insertHeaderBlock(encryptedDataHeaderBlock);
                } else if (node != null) {
                    findOrCreateSecurityHeader.insertBefore(encryptedDataHeaderBlock, node);
                } else {
                    findOrCreateSecurityHeader.appendChild(encryptedDataHeaderBlock);
                }
            }
            Iterator it3 = arrayList2.iterator();
            while (it3.hasNext()) {
                Object[] objArr2 = (Object[]) it3.next();
                SOAPElement sOAPElement3 = (Node) objArr2[0];
                boolean booleanValue2 = ((Boolean) objArr2[1]).booleanValue();
                if (filterProcessingContext.getConfigType() != 2) {
                    encryptElement = sOAPElement3.getNodeType() == 3 ? encryptElement(securableSoapMessage, sOAPElement3.getParentNode(), true, xMLCipher2) : encryptElement(securableSoapMessage, sOAPElement3, booleanValue2, xMLCipher2);
                } else if (0 != 0) {
                    encryptElement = encryptBodyContent(securableSoapMessage, filterProcessingContext.getCanonicalizedData(), xMLCipher2);
                } else {
                    signEncrypt(filterProcessingContext, null, referenceListHeaderBlock, referenceListHeaderBlock2, keyInfoStrategy, str3);
                }
                EncryptedHeaderBlock encryptedHeaderBlock = null;
                boolean z12 = false;
                EncryptedDataHeaderBlock encryptedDataHeaderBlock2 = new EncryptedDataHeaderBlock(XMLUtil.convertToSoapElement(securableSoapMessage.getSOAPPart(), encryptElement));
                String generateId7 = securableSoapMessage.generateId();
                String str6 = "#" + generateId7;
                if ((encryptElement.getParentNode() instanceof SOAPHeader) && equals2) {
                    z12 = true;
                    encryptedHeaderBlock = new EncryptedHeaderBlock((Document) securableSoapMessage.getSOAPPart());
                    encryptedHeaderBlock.setId(generateId7);
                    encryptedHeaderBlock.copyAttributes(securableSoapMessage, findOrCreateSecurityHeader);
                } else {
                    encryptedDataHeaderBlock2.setId(generateId7);
                }
                if (referenceListHeaderBlock != null) {
                    referenceListHeaderBlock.addReference(str6);
                } else {
                    if (referenceListHeaderBlock2 == null) {
                        referenceListHeaderBlock2 = new ReferenceListHeaderBlock((Document) securableSoapMessage.getSOAPPart());
                    }
                    referenceListHeaderBlock2.addReference(str6);
                    KeyInfoHeaderBlock keyInfoHeaderBlock2 = new KeyInfoHeaderBlock((Document) securableSoapMessage.getSOAPPart());
                    if (securityTokenReference4 != null) {
                        keyInfoHeaderBlock2.addSecurityTokenReference(new SecurityTokenReference(securityTokenReference4.cloneNode(true)));
                    } else if (securityTokenReference2 != null) {
                        keyInfoHeaderBlock2.addSecurityTokenReference(new SecurityTokenReference((SOAPElement) securityTokenReference2.cloneNode(true)));
                    } else if (securityTokenReference3 != null) {
                        keyInfoHeaderBlock2.addSecurityTokenReference(new SecurityTokenReference((SOAPElement) securityTokenReference3.cloneNode(true)));
                    } else if (securityTokenReference6 != null) {
                        keyInfoHeaderBlock2.addSecurityTokenReference(new SecurityTokenReference(securityTokenReference6.cloneNode(true)));
                    } else if (securityTokenReference5 != null) {
                        keyInfoHeaderBlock2.addSecurityTokenReference(new SecurityTokenReference(securityTokenReference5.cloneNode(true)));
                    } else if (PolicyTypeUtil.x509CertificateBinding(x509CertificateBinding3)) {
                        DirectReference directReference9 = new DirectReference();
                        directReference9.setURI("#" + generateId);
                        SecurityTokenReference securityTokenReference11 = new SecurityTokenReference((Document) securableSoapMessage2.getSOAPPart());
                        securityTokenReference11.setReference(directReference9);
                        keyInfoHeaderBlock2.addSecurityTokenReference(securityTokenReference11);
                    } else {
                        keyInfoStrategy.insertKey(keyInfoHeaderBlock2, securableSoapMessage, null);
                    }
                    encryptedDataHeaderBlock2.setKeyInfo(keyInfoHeaderBlock2);
                }
                if (z12) {
                    try {
                        encryptElement.getParentNode().replaceChild(encryptedHeaderBlock.getAsSoapElement(), encryptElement);
                        encryptedHeaderBlock.addChildElement(encryptedDataHeaderBlock2.getAsSoapElement());
                    } catch (Exception e10) {
                        e10.printStackTrace();
                    }
                } else {
                    encryptElement.getParentNode().replaceChild(encryptedDataHeaderBlock2.getAsSoapElement(), encryptElement);
                }
            }
            Node node2 = null;
            if (x509SecurityToken != null) {
                try {
                    node2 = (SOAPElement) x509SecurityToken.getNextSibling();
                } catch (NoSuchAlgorithmException e11) {
                    log.log(Level.SEVERE, "WSS1224.error.insertion.HeaderBlock.SecurityHeader", (Throwable) e11);
                    throw new XWSSecurityException(e11);
                } catch (Base64DecodingException e12) {
                    log.log(Level.SEVERE, "WSS1224.error.insertion.HeaderBlock.SecurityHeader", (Throwable) e12);
                    throw new XWSSecurityException(e12);
                }
            }
            if (encryptedKey != null) {
                Node makeUsable = findOrCreateSecurityHeader.makeUsable(xMLCipher.martial(encryptedKey));
                if (referenceListHeaderBlock != null) {
                    makeUsable.appendChild(referenceListHeaderBlock.getAsSoapElement());
                }
                filterProcessingContext.setExtraneousProperty(MessageConstants.EK_SHA1_TYPE, Base64.encode(MessageDigest.getInstance(MessageConstants.SHA_1).digest(Base64.decode(((Element) makeUsable.getChildElements(new QName("http://www.w3.org/2001/04/xmlenc#", "CipherData", MessageConstants.XENC_PREFIX)).next()).getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", EncryptionConstants._TAG_CIPHERVALUE).item(0).getTextContent()))));
                if (node2 != null) {
                    findOrCreateSecurityHeader.insertBefore(makeUsable, node2);
                } else if (x509SecurityToken == null) {
                    findOrCreateSecurityHeader.insertHeaderBlockElement(makeUsable);
                } else {
                    findOrCreateSecurityHeader.appendChild(makeUsable);
                }
                if (referenceListHeaderBlock2 != null) {
                    findOrCreateSecurityHeader.insertBefore(referenceListHeaderBlock2, makeUsable.getNextSibling());
                    filterProcessingContext.setCurrentReferenceList(makeUsable.getNextSibling());
                }
            } else if (referenceListHeaderBlock2 != null) {
                if (sOAPElement == null && element2 == null) {
                    if (str5 != null) {
                        findOrCreateSecurityHeader.insertBefore(referenceListHeaderBlock2, securableSoapMessage2.getElementById(str5).getNextSibling());
                    } else {
                        findOrCreateSecurityHeader.insertHeaderBlock(referenceListHeaderBlock2);
                        filterProcessingContext.setCurrentReferenceList(referenceListHeaderBlock2.getAsSoapElement());
                    }
                } else if (sOAPElement != null) {
                    findOrCreateSecurityHeader.insertBefore(referenceListHeaderBlock2, sOAPElement.getNextSibling());
                } else if (element2 != null) {
                    findOrCreateSecurityHeader.insertBefore(referenceListHeaderBlock2, element2.getNextSibling());
                } else {
                    findOrCreateSecurityHeader.insertHeaderBlock(referenceListHeaderBlock2);
                    filterProcessingContext.setCurrentReferenceList(referenceListHeaderBlock2.getAsSoapElement());
                }
            }
            if (!z2 && !z4) {
                if (derivedKeyTokenHeaderBlock != null) {
                    if (str5 != null) {
                        findOrCreateSecurityHeader.insertBefore(derivedKeyTokenHeaderBlock, securableSoapMessage2.getElementById(str5).getNextSibling());
                    } else {
                        findOrCreateSecurityHeader.insertHeaderBlock(derivedKeyTokenHeaderBlock);
                    }
                }
                if (!z && securityContextTokenImpl != null && z3) {
                    findOrCreateSecurityHeader.insertHeaderBlock(securityContextTokenImpl);
                }
                if (!z5 && sOAPElement2 != null && z6) {
                    findOrCreateSecurityHeader.insertHeaderBlockElement(sOAPElement2);
                    filterProcessingContext.setIssuedSAMLToken(sOAPElement2);
                }
            } else if (sOAPElement == null && securityContextTokenImpl != null) {
                findOrCreateSecurityHeader.insertHeaderBlock(derivedKeyTokenHeaderBlock);
                if (z3) {
                    findOrCreateSecurityHeader.insertHeaderBlock(securityContextTokenImpl);
                }
            } else if (element2 == null && sOAPElement2 != null) {
                findOrCreateSecurityHeader.insertHeaderBlock(derivedKeyTokenHeaderBlock);
                if (z6) {
                    findOrCreateSecurityHeader.insertHeaderBlockElement(sOAPElement2);
                }
                filterProcessingContext.setIssuedSAMLToken(sOAPElement2);
            } else if (sOAPElement != null) {
                findOrCreateSecurityHeader.insertBefore(derivedKeyTokenHeaderBlock, sOAPElement.getNextSibling());
            } else if (element2 != null) {
                findOrCreateSecurityHeader.insertBefore(derivedKeyTokenHeaderBlock, element2.getNextSibling());
            } else {
                findOrCreateSecurityHeader.insertHeaderBlock(derivedKeyTokenHeaderBlock);
            }
        } catch (Exception e13) {
            log.log(Level.SEVERE, "WSS1205.unableto.initialize.xml.cipher", (Throwable) e13);
            throw new XWSSecurityException("Unable to initialize XML Cipher", e13);
        }
    }

    private static Element encryptElement(SecurableSoapMessage securableSoapMessage, SOAPElement sOAPElement, boolean z, XMLCipher xMLCipher) throws XWSSecurityException {
        SOAPElement parentNode;
        String localName = sOAPElement.getLocalName();
        if (!z && (("http://schemas.xmlsoap.org/soap/envelope/".equalsIgnoreCase(sOAPElement.getNamespaceURI()) || "http://www.w3.org/2003/05/soap-envelope".equalsIgnoreCase(sOAPElement.getNamespaceURI())) && ("Header".equalsIgnoreCase(localName) || "Envelope".equalsIgnoreCase(localName) || "Body".equalsIgnoreCase(localName)))) {
            log.log(Level.SEVERE, "WSS1206.illegal.target", sOAPElement.getElementName().getQualifiedName());
            throw new XWSSecurityException("Encryption of SOAP " + localName + " is not allowed");
        }
        SOAPPart sOAPPart = securableSoapMessage.getSOAPPart();
        Node node = null;
        if (z) {
            parentNode = sOAPElement;
        } else {
            parentNode = sOAPElement.getParentNode();
            node = sOAPElement.getNextSibling();
        }
        try {
            xMLCipher.doFinal(sOAPPart, sOAPElement, z);
            return z ? (Element) parentNode.getFirstChild() : node == null ? (Element) parentNode.getLastChild() : (Element) node.getPreviousSibling();
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1207.unableto.encrypt.message");
            throw new XWSSecurityException("Unable to encrypt element", e);
        }
    }

    private static Element encryptBodyContent(SecurableSoapMessage securableSoapMessage, byte[] bArr, XMLCipher xMLCipher) throws XWSSecurityException {
        throw new UnsupportedOperationException("Old optimizations disabled in WSIT");
    }

    private static void signEncrypt(FilterProcessingContext filterProcessingContext, Cipher cipher, ReferenceListHeaderBlock referenceListHeaderBlock, ReferenceListHeaderBlock referenceListHeaderBlock2, KeyInfoStrategy keyInfoStrategy, String str) throws XWSSecurityException {
        throw new UnsupportedOperationException("Not supported in WSIT");
    }

    private static void encryptAttachment(AttachmentPart attachmentPart, boolean z, Cipher cipher) throws XWSSecurityException {
        byte[] bArr;
        try {
            if (z) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                attachmentPart.getDataHandler().writeTo(byteArrayOutputStream);
                bArr = byteArrayOutputStream.toByteArray();
            } else {
                Object[] _getSignatureInput = AttachmentSignatureInput._getSignatureInput(attachmentPart);
                byte[] serializeHeaders = serializeHeaders((Vector) _getSignatureInput[0]);
                byte[] bArr2 = (byte[]) _getSignatureInput[1];
                bArr = new byte[serializeHeaders.length + bArr2.length];
                System.arraycopy(serializeHeaders, 0, bArr, 0, serializeHeaders.length);
                System.arraycopy(bArr2, 0, bArr, serializeHeaders.length, bArr2.length);
            }
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] iv = cipher.getIV();
            byte[] bArr3 = new byte[iv.length + doFinal.length];
            System.arraycopy(iv, 0, bArr3, 0, iv.length);
            System.arraycopy(doFinal, 0, bArr3, iv.length, doFinal.length);
            int length = bArr3.length;
            String contentId = attachmentPart.getContentId();
            if (!z) {
                attachmentPart.removeAllMimeHeaders();
            }
            if (contentId != null) {
                attachmentPart.setMimeHeader("Content-ID", contentId);
            } else {
                String contentLocation = attachmentPart.getContentLocation();
                if (contentLocation != null) {
                    attachmentPart.setMimeHeader("Content-Location", contentLocation);
                }
            }
            attachmentPart.setContentType(MimeConstants.APPLICATION_OCTET_STREAM_TYPE);
            attachmentPart.setMimeHeader(MimeConstants.CONTENT_LENGTH, Integer.toString(length));
            attachmentPart.setMimeHeader(MimeConstants.CONTENT_TRANSFER_ENCODING, "base64");
            attachmentPart.setDataHandler(new EncryptedAttachmentDataHandler(new EncryptedAttachmentDataSource(bArr3)));
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1225.error.encrypting.Attachment", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    private static String getEKSHA1Ref(FilterProcessingContext filterProcessingContext) {
        return (String) filterProcessingContext.getExtraneousProperty(MessageConstants.EK_SHA1_VALUE);
    }

    private static byte[] serializeHeaders(Vector vector) throws XWSSecurityException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i = 0; i < vector.size(); i++) {
            try {
                MimeHeader mimeHeader = (MimeHeader) vector.elementAt(i);
                byte[] bytes = (mimeHeader.getName() + ":" + mimeHeader.getValue() + "\r\n").getBytes("US-ASCII");
                byteArrayOutputStream.write(bytes, 0, bytes.length);
            } catch (Exception e) {
                log.log(Level.SEVERE, "WSS1226.error.serialize.headers", (Throwable) e);
                throw new XWSSecurityException(e);
            }
        }
        byteArrayOutputStream.write(crlf, 0, crlf.length);
        return byteArrayOutputStream.toByteArray();
    }

    static {
        crlf = null;
        try {
            crlf = "\r\n".getBytes("US-ASCII");
        } catch (UnsupportedEncodingException e) {
            if (log != null) {
                log.log(Level.SEVERE, "WSS1204.crlf.init.failed", (Throwable) e);
            }
        }
    }
}
