package com.ibm.ws.wssecurity.xss4j.dsig.transform;

import com.ibm.security.krb5.wss.util.LocalConstants;
import com.ibm.ws.wssecurity.xss4j.domutil.XPathCanonicalizer;
import com.ibm.ws.wssecurity.xss4j.dsig.SignatureContext;
import com.ibm.ws.wssecurity.xss4j.dsig.TransformContext;
import com.ibm.ws.wssecurity.xss4j.dsig.TransformException;
import com.ibm.ws.wssecurity.xss4j.dsig.XSignatureException;
import com.ibm.ws.wssecurity.xss4j.enc.DecryptionContext;
import com.ibm.ws.wssecurity.xss4j.enc.KeyInfoResolvingException;
import com.ibm.ws.wssecurity.xss4j.enc.StructureException;
import com.ibm.ws.wssecurity.xss4j.enc.type.EncryptedData;
import com.ibm.ws.wssecurity.xss4j.enc.util.DOMUtil;
import com.ibm.ws.wssecurity.xss4j.enc.util.Util;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.xml.parsers.ParserConfigurationException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/ibm/ws/wssecurity/xss4j/dsig/transform/XMLDecryptionTransformer.class */
public class XMLDecryptionTransformer extends DecryptionTransformer {
    private static final boolean DEBUG = false;
    private boolean fReplace;
    private boolean fContinue;
    private Set fFailedEncryptedData = new HashSet();

    public void setReplaceEncryptedData(boolean z) {
        this.fReplace = z;
    }

    public void setContinueProcessing(boolean z) {
        this.fContinue = z;
    }

    private boolean containsEncryptedData(NodeList nodeList) throws StructureException {
        return getIndexOfEncryptedData(nodeList) >= 0;
    }

    private NodeList cloneNodeSet(NodeList nodeList, TransformContext transformContext) throws TransformException {
        return convertToNodeSet(parseOctets(DecryptionContext.wrapData(XPathCanonicalizer.serializeSubset(nodeList, true), nodeList.item(0)), transformContext).getDocumentElement());
    }

    private NodeList decryptIncludedNodes(NodeList nodeList, TransformContext transformContext) throws Exception {
        while (isSingleRooted(nodeList)) {
            int indexOfEncryptedData = getIndexOfEncryptedData(nodeList);
            if (indexOfEncryptedData < 0) {
                return nodeList;
            }
            try {
                nodeList = decrypt(nodeList, indexOfEncryptedData, transformContext);
            } catch (Exception e) {
                if (!this.fContinue) {
                    throw e;
                }
                getInnerException(e);
                this.fFailedEncryptedData.add(nodeList.item(indexOfEncryptedData));
            }
        }
        throw new TransformException("Not single-rooted node-set");
    }

    private boolean isSingleRooted(NodeList nodeList) {
        boolean z = true;
        if (nodeList.getLength() > 0) {
            Node item = nodeList.item(0);
            int i = 1;
            int length = nodeList.getLength();
            while (true) {
                if (i >= length) {
                    break;
                }
                if (!DOMUtil.isDescendantNode(nodeList.item(i), item)) {
                    z = false;
                    break;
                }
                i++;
            }
        }
        return z;
    }

    private int getIndexOfEncryptedData(NodeList nodeList) throws StructureException {
        int i = -1;
        int i2 = 0;
        int length = nodeList.getLength();
        while (true) {
            if (i2 >= length) {
                break;
            }
            if (isEncryptedData(nodeList.item(i2))) {
                i = i2;
                break;
            }
            i2++;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.ibm.ws.wssecurity.xss4j.dsig.transform.DecryptionTransformer
    public boolean isEncryptedData(Node node) throws StructureException {
        return super.isEncryptedData(node) && !this.fFailedEncryptedData.contains(node);
    }

    private NodeList decrypt(NodeList nodeList, int i, TransformContext transformContext) throws BadPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, KeyInfoResolvingException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, ParserConfigurationException, SAXException, StructureException, TransformException, XSignatureException {
        int indexOfNextNode = getIndexOfNextNode(nodeList, i);
        return replaceSubNodeSet(nodeList, i, indexOfNextNode, decryptEncryptedData(getSubNodeSet(nodeList, i, indexOfNextNode), i == 0, transformContext));
    }

    private int getIndexOfNextNode(NodeList nodeList, int i) {
        Node item = nodeList.item(i);
        int i2 = i + 1;
        int length = nodeList.getLength();
        while (i2 < length && DOMUtil.isDescendantNode(nodeList.item(i2), item)) {
            i2++;
        }
        return i2;
    }

    private NodeList getSubNodeSet(NodeList nodeList, int i, int i2) {
        DOMUtil.NodeListImpl nodeListImpl = new DOMUtil.NodeListImpl();
        for (int i3 = i; i3 < i2; i3++) {
            nodeListImpl.add(nodeList.item(i3));
        }
        return nodeListImpl;
    }

    private NodeList decryptEncryptedData(NodeList nodeList, boolean z, TransformContext transformContext) throws BadPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, KeyInfoResolvingException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, ParserConfigurationException, SAXException, StructureException, TransformException, XSignatureException {
        return convertToNodeSet((Element) nodeList.item(0).getOwnerDocument().importNode(parseOctets(DecryptionContext.wrapData(decryptEncryptedData(transformContext.getSignatureContext(), XPathCanonicalizer.serializeSubset(nodeList, false), z), nodeList.item(0)), transformContext).getDocumentElement(), true));
    }

    private byte[] decryptEncryptedData(SignatureContext signatureContext, byte[] bArr, boolean z) throws BadPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, KeyInfoResolvingException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, ParserConfigurationException, SAXException, StructureException, XSignatureException {
        DecryptionContext createDecryptionContext = createDecryptionContext(signatureContext);
        createDecryptionContext.setEncryptedType(new ByteArrayInputStream(bArr), (String) null, (Element) null, (Element) null);
        createDecryptionContext.decrypt();
        String type = createDecryptionContext.getType();
        if (type == null) {
            throw new StructureException("Type attribute not specified");
        }
        if (!type.equals(EncryptedData.ELEMENT)) {
            if (!type.equals(EncryptedData.CONTENT)) {
                throw new StructureException("Unknown type: " + type);
            }
            if (z) {
                throw new StructureException("Wrong type: " + type);
            }
        }
        return Util.getBytes((InputStream) createDecryptionContext.getData());
    }

    private Document parseOctets(byte[] bArr, TransformContext transformContext) throws TransformException {
        transformContext.setContent(bArr, LocalConstants.UTF8);
        return transformContext.getDocument();
    }

    private NodeList convertToNodeSet(Node node) {
        DOMUtil.NodeListImpl nodeListImpl = new DOMUtil.NodeListImpl();
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return nodeListImpl;
            }
            NodeList nodeset = XPathCanonicalizer.toNodeset(node2, null, true);
            int length = nodeset.getLength();
            for (int i = 0; i < length; i++) {
                nodeListImpl.add(nodeset.item(i));
            }
            firstChild = node2.getNextSibling();
        }
    }

    private NodeList replaceSubNodeSet(NodeList nodeList, int i, int i2, NodeList nodeList2) {
        DOMUtil.NodeListImpl nodeListImpl = new DOMUtil.NodeListImpl();
        for (int i3 = 0; i3 < i; i3++) {
            nodeListImpl.add(nodeList.item(i3));
        }
        int length = nodeList2.getLength();
        for (int i4 = 0; i4 < length; i4++) {
            nodeListImpl.add(nodeList2.item(i4));
        }
        int length2 = nodeList.getLength();
        for (int i5 = i2; i5 < length2; i5++) {
            nodeListImpl.add(nodeList.item(i5));
        }
        Node item = nodeList.item(i);
        Node parentNode = item.getParentNode();
        if (parentNode != null) {
            Node item2 = nodeList2.item(0);
            Node nextSibling = item2.getNextSibling();
            parentNode.replaceChild(item2, item);
            Node nextSibling2 = item2.getNextSibling();
            while (true) {
                Node node = nextSibling;
                if (node == null) {
                    break;
                }
                nextSibling = node.getNextSibling();
                parentNode.insertBefore(node, nextSibling2);
            }
        }
        return nodeListImpl;
    }

    private Exception getInnerException(Exception exc) {
        Exception exception;
        if (exc instanceof SAXException) {
            Exception exception2 = ((SAXException) exc).getException();
            if (exception2 != null) {
                exc = exception2;
            }
        } else if ((exc instanceof XSignatureException) && (exception = ((XSignatureException) exc).getException()) != null) {
            exc = exception;
        }
        return exc;
    }

    @Override // com.ibm.ws.wssecurity.xss4j.dsig.Transform
    public String getURI() {
        return DecryptionTransformer.XML;
    }

    @Override // com.ibm.ws.wssecurity.xss4j.dsig.Transform
    public void transform(TransformContext transformContext) throws TransformException {
        NodeList nodeList = null;
        switch (transformContext.getType()) {
            case 0:
            case 1:
                nodeList = XPathCanonicalizer.toNodeset(transformContext.getDocument(), null, true);
                break;
            case 2:
                nodeList = transformContext.getNodeset();
                break;
            case 3:
                nodeList = XPathCanonicalizer.toNodeset(transformContext.getNode(), null, true);
                break;
        }
        if (nodeList != null) {
            if (!isSingleRooted(nodeList)) {
                throw new TransformException("Not single-rooted node-set");
            }
            try {
                if (containsEncryptedData(nodeList)) {
                    if (!this.fReplace) {
                        nodeList = cloneNodeSet(nodeList, transformContext);
                    }
                    nodeList = decryptIncludedNodes(nodeList, transformContext);
                }
            } catch (TransformException e) {
                throw e;
            } catch (RuntimeException e2) {
                throw e2;
            } catch (Exception e3) {
                throw new TransformException(getInnerException(e3).getMessage());
            }
        }
        transformContext.setContent(nodeList);
    }
}
