package com.ibm.ws.wssecurity.saml.security.impl;

import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.WSSAlgorithmFactory;
import com.ibm.ws.wssecurity.saml.config.impl.SamlConfigUtil;
import com.ibm.ws.wssecurity.trust.ext.client.base.TrustProperties;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.KeyStoreManager;
import com.ibm.ws.wssecurity.xml.xss4j.domutil.DOMUtil;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.ws.wssecurity.xml.xss4j.enc.DecryptionContext;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import java.security.Key;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;

/* loaded from: input_file:com/ibm/ws/wssecurity/saml/security/impl/EncryptedKeyConsume.class */
public class EncryptedKeyConsume {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(EncryptedKeyConsume.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = clsName;
    private static final String clsName = clsName;
    private static final WSSAlgorithmFactory _algorithmFactory = (WSSAlgorithmFactory) WSSAlgorithmFactory.getInstance();

    public static Key decryptEncryptedKey(OMElement oMElement, ConsumerConfig consumerConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decryptEncryptedKey(OMElement enckey,ConsumerConfig keyStoreCfg)");
        }
        String algorithmSuite = consumerConfig.getAlgorithmSuite();
        Key key = null;
        OMElement oMElement2 = null;
        OMElement firstElement = DOMUtils.getFirstElement(oMElement);
        while (true) {
            OMElement oMElement3 = firstElement;
            if (oMElement3 == null) {
                break;
            }
            if ("KeyInfo".equals(oMElement3.getLocalName())) {
                oMElement2 = oMElement3;
                break;
            }
            firstElement = DOMUtils.getNextElement(oMElement3);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "keyInfoElm[" + ConfigUtil.getObjState(oMElement2) + "]");
            if (oMElement2 != null) {
                Tr.debug(tc, "keyInfoElm[" + DOMUtils.getDisplayName(oMElement2) + "]");
            }
        }
        OMNode firstChild2 = DOMUtil.getFirstChild2(oMElement2);
        while (true) {
            OMNode oMNode = firstChild2;
            if (oMNode == null) {
                break;
            }
            if (oMNode.getType() == 1) {
                OMElement oMElement4 = (OMElement) oMNode;
                String localName = oMElement4.getLocalName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "el[" + ConfigUtil.getObjState(oMElement4) + "]");
                    if (oMElement2 != null) {
                        Tr.debug(tc, "el[" + DOMUtils.getDisplayName(oMElement4) + "]");
                    }
                }
                if ("KeyValue".equals(localName)) {
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "creating kek from KeyValue");
                        }
                        key = ProcessKey.createKey(oMElement4);
                    } catch (Exception e) {
                    }
                }
            }
            firstChild2 = DOMUtil.getNextSibling2(oMNode);
        }
        if (key == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "creating kek from KeyInformation");
            }
            KeyStoreManager.KeyInformation keyInformation = SamlConfigUtil.getKeyInformation(consumerConfig);
            if (keyInformation != null) {
                key = KeyInfoUtil.getKey(keyInformation, oMElement2, false);
            }
        }
        DecryptionContext decryptionContext = new DecryptionContext();
        decryptionContext.setIdResolver(IdUtils.getInstance());
        decryptionContext.setAlgorithmFactory(_algorithmFactory);
        try {
            decryptionContext.setEncryptedType(oMElement, (String) null, (OMElement) null, (OMElement) null);
            OMElement childElement = DOMUtils.getChildElement(oMElement, Constants.NS_ENC, TrustProperties.LocalNames.xenc.EncryptionMethod);
            decryptionContext.setEncAlgorithm(childElement.getAttributeValue(new QName("", "Algorithm")));
            decryptionContext.setEncryptionMethod(EncryptedKeyGenerate.createEncryptionMethod(algorithmSuite, _algorithmFactory).createElement(childElement.getOMFactory(), (OMElement) null));
            decryptionContext.setKey(key);
            decryptionContext.decrypt();
            Key key2 = (Key) decryptionContext.getData();
            decryptionContext.setEncryptionMethod((OMElement) null);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "kek[" + ConfigUtil.getObjType(key) + "]");
                if (key != null) {
                    Tr.debug(tc, "kek[key[" + Base64.encode(key.getEncoded()) + "], length[" + key.getEncoded().length + "], algorithm [" + key.getAlgorithm() + "], address[" + key + "]]");
                }
                Tr.debug(tc, "dek[" + ConfigUtil.getObjType(key2) + "]");
                if (key2 != null) {
                    Tr.debug(tc, "Returning dek[key[" + Base64.encode(key2.getEncoded()) + "], length[" + key2.getEncoded().length + "], algorithm [" + key2.getAlgorithm() + "], address[" + key2 + "]]");
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "decryptEncryptedKey(OMElement,ConsumerConfig) returns Key[" + key2 + "]");
            }
            return key2;
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception from decrypting the key: ", e2);
            }
            Tr.processException(e2, clsName + ".decryptEncryptedKey", "793");
            Tr.error(tc, "security.wssecurity.EncryptionConsumer.s11", new Object[]{e2});
            throw SoapSecurityException.format("security.wssecurity.EncryptionConsumer.s11", new String[]{e2.getMessage()}, e2);
        }
    }
}
