package com.ibm.ws.wssecurity.enc;

import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.WSSAlgorithmFactory;
import com.ibm.ws.wssecurity.core.WSSecurityPlatformContextFactory;
import com.ibm.ws.wssecurity.handler.PolicyConfigUtil;
import com.ibm.ws.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.wssecurity.saml.security.impl.EncryptedKeyGenerate;
import com.ibm.ws.wssecurity.trust.ext.client.base.TrustProperties;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.CommonContentConsumer;
import com.ibm.ws.wssecurity.xml.xss4j.enc.DecryptionContext;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.security.Key;
import java.util.HashMap;
import java.util.Map;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.context.MessageContext;

/* loaded from: input_file:com/ibm/ws/wssecurity/enc/EncryptedKeyRefConsumer.class */
public class EncryptedKeyRefConsumer {
    private static final String comp = "security.wssecurity";
    private static final int ENCRYPTION_ALGORITHM = 3;
    private static final String KEYINFO = "KeyInfo";
    private static final TraceComponent tc = Tr.register(EncryptedKeyRefConsumer.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = clsName;
    private static final String clsName = clsName;
    private static final WSSAlgorithmFactory _algorithmFactory = (WSSAlgorithmFactory) WSSAlgorithmFactory.getInstance();

    public static Key decryptEncryptedKey(OMElement oMElement, Key key, String str, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decryptEncryptedKey(OMElement enckey, TokenConsumerConfig keyStoreCfg, X509ConsumeCallback x509Callback, X509TokenImpl x509Token, String algorithmSuite) ");
        }
        String algorithm = PolicyConfigUtil.getAlgorithm(str, 3);
        DecryptionContext decryptionContext = new DecryptionContext();
        decryptionContext.setIdResolver(IdUtils.getInstance());
        decryptionContext.setAlgorithmFactory(_algorithmFactory);
        try {
            decryptionContext.setEncryptedType(oMElement, (String) null, (OMElement) null, (OMElement) null);
            OMElement childElement = DOMUtils.getChildElement(oMElement, Constants.NS_ENC, TrustProperties.LocalNames.xenc.EncryptionMethod);
            decryptionContext.setEncAlgorithm(childElement.getAttributeValue(new QName("", "Algorithm")));
            decryptionContext.setEncryptionMethod(childElement);
            decryptionContext.setEncryptionMethod(EncryptedKeyGenerate.createEncryptionMethod(algorithm, _algorithmFactory).createElement(childElement.getOMFactory(), (OMElement) null));
            decryptionContext.setKey(key);
            decryptionContext.decrypt();
            Key key2 = (Key) decryptionContext.getData();
            decryptionContext.setEncryptionMethod((OMElement) null);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "decryptEncryptedKey(OMElement enckey,DecryptionContext dcontext,Key kek,OMElement encdata) returns Key[" + key2 + "]");
            }
            return key2;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception from decrypting the key: ", e);
            }
            Tr.processException(e, clsName + ".decryptEncryptedKey", "793");
            Tr.error(tc, "security.wssecurity.EncryptionConsumer.s11", new Object[]{e});
            throw SoapSecurityException.format("security.wssecurity.EncryptionConsumer.s11", new String[]{e.getMessage()}, e);
        }
    }

    public static void populateContext(CommonContentConsumer.ResolvedKeyInfo resolvedKeyInfo, Map<Object, Object> map) throws SoapSecurityException {
        String kitype = resolvedKeyInfo.getKitype();
        map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE, kitype);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The type of a key information is [" + kitype + "].");
        }
        if (ConfigUtil.isKeyInfoStrref(kitype)) {
            String tokenReference = resolvedKeyInfo.getTokenReference();
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_REFERENCE, tokenReference);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Reference URI to a token is [" + tokenReference + "].");
            }
        } else if (ConfigUtil.isKeyInfoKeyid(kitype)) {
            String tokenId = resolvedKeyInfo.getTokenId();
            QName kidValueType = resolvedKeyInfo.getKidValueType();
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ID, tokenId);
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_VALUETYPE, kidValueType);
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ENCODING, resolvedKeyInfo.getKidEncodingType());
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_IDTYPE, resolvedKeyInfo.getKidIdentifierType());
            if (WSSecurityPlatformContextFactory.getInstance().isServer() && kidValueType != null && (kidValueType.equals(Constants.X509_SKI) || kidValueType.equals(Constants.X509_SKI_OLD))) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The " + kidValueType + " key idendifier is found.        It is cached in order to use it for response generator.");
                }
                MessageContext messageContext = (MessageContext) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                if (messageContext == null) {
                    throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s01");
                }
                messageContext.setProperty(Constants.CONSUMED_KEYID_VALUETYPE, kidValueType);
            }
        } else if (ConfigUtil.isKeyInfoThumbprint(kitype)) {
            String tokenId2 = resolvedKeyInfo.getTokenId();
            QName kidValueType2 = resolvedKeyInfo.getKidValueType();
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_THUMBPRINT_REFERENCE, tokenId2);
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_VALUETYPE, kidValueType2);
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ENCODING, resolvedKeyInfo.getKidEncodingType());
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_IDTYPE, resolvedKeyInfo.getKidIdentifierType());
            if (WSSecurityPlatformContextFactory.getInstance().isServer() && kidValueType2 != null && kidValueType2.equals(Constants.THUMBPRINTSHA1)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The " + kidValueType2 + " thumbprint reference is found.  It is cached in order to use it for response generator.");
                }
                MessageContext messageContext2 = (MessageContext) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT);
                if (messageContext2 == null) {
                    throw SoapSecurityException.format("security.wssecurity.WSSGenerator.s01");
                }
                messageContext2.setProperty(Constants.CONSUMED_KEYID_VALUETYPE, kidValueType2);
            }
        } else if (ConfigUtil.isKeyInfoKeyname(kitype)) {
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_NAME, resolvedKeyInfo.geTtokenName());
        } else if (ConfigUtil.isKeyInfoEmb(kitype)) {
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_EMBID, resolvedKeyInfo.getTokenId());
            resolvedKeyInfo.getEmbeddedToken();
        } else {
            if (!ConfigUtil.isKeyInfoX509issuer(kitype)) {
                throw SoapSecurityException.format("security.wssecurity.KeyInfoGenerator.getKey03", kitype);
            }
            String x509issuerName = resolvedKeyInfo.getX509issuerName();
            String x509issuerSerial = resolvedKeyInfo.getX509issuerSerial();
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERNAME, x509issuerName);
            map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERSERIAL, x509issuerSerial);
        }
        map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE, WSSKeyInfoComponent.KEY_DECRYPTING);
    }

    public static Map<Object, Object> copyContext(Map<Object, Object> map) {
        HashMap hashMap = new HashMap();
        for (Object obj : map.keySet()) {
            if (obj != null) {
                hashMap.put(obj, map.get(obj));
            }
        }
        return hashMap;
    }
}
