package org.apache.wss4j.dom.processor;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.DOMX509IssuerSerial;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.str.EncryptedKeySTRParser;
import org.apache.wss4j.dom.str.STRParser;
import org.apache.wss4j.dom.str.STRParserParameters;
import org.apache.wss4j.dom.str.STRParserResult;
import org.apache.wss4j.dom.util.EncryptionUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.X509Util;
import org.apache.xml.security.algorithms.JCEMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: classes4.dex */
public class EncryptedKeyProcessor implements Processor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) EncryptedKeyProcessor.class);

    private void checkBSPCompliance(Element element, String str, BSPEnforcer bSPEnforcer) throws WSSecurityException {
        String attributeNS = element.getAttributeNS(null, "Type");
        if (attributeNS != null && !"".equals(attributeNS)) {
            bSPEnforcer.handleBSPRule(BSPRule.R3209);
        }
        String attributeNS2 = element.getAttributeNS(null, "MimeType");
        if (attributeNS2 != null && !"".equals(attributeNS2)) {
            bSPEnforcer.handleBSPRule(BSPRule.R5622);
        }
        String attributeNS3 = element.getAttributeNS(null, "Encoding");
        if (attributeNS3 != null && !"".equals(attributeNS3)) {
            bSPEnforcer.handleBSPRule(BSPRule.R5623);
        }
        String attributeNS4 = element.getAttributeNS(null, "Recipient");
        if (attributeNS4 != null && !"".equals(attributeNS4)) {
            bSPEnforcer.handleBSPRule(BSPRule.R5602);
        }
        if ("http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(str) || "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str) || "http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str)) {
            return;
        }
        bSPEnforcer.handleBSPRule(BSPRule.R5621);
    }

    private WSDataRef decryptDataRef(Document document, String str, WSDocInfo wSDocInfo, byte[] bArr, RequestData requestData) throws WSSecurityException {
        Logger logger = LOG;
        if (logger.isDebugEnabled()) {
            logger.debug("found data reference: " + str);
        }
        Element findEncryptedDataElement = EncryptionUtils.findEncryptedDataElement(document, wSDocInfo, str);
        if (findEncryptedDataElement != null && requestData.isRequireSignedEncryptedDataElements()) {
            WSSecurityUtil.verifySignedElement(findEncryptedDataElement, wSDocInfo.getResultsByTag(2));
        }
        String encAlgo = X509Util.getEncAlgo(findEncryptedDataElement);
        if (encAlgo == null) {
            logger.debug("No encryption algorithm was specified in the request");
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "badEncAlgo", new Object[]{null});
        }
        if (!"http://www.w3.org/2001/04/xmlenc#tripledes-cbc".equals(encAlgo) && !"http://www.w3.org/2001/04/xmlenc#aes128-cbc".equals(encAlgo) && !"http://www.w3.org/2009/xmlenc11#aes128-gcm".equals(encAlgo) && !"http://www.w3.org/2001/04/xmlenc#aes256-cbc".equals(encAlgo) && !"http://www.w3.org/2009/xmlenc11#aes256-gcm".equals(encAlgo)) {
            requestData.getBSPEnforcer().handleBSPRule(BSPRule.R5620);
        }
        try {
            SecretKey prepareSecretKey = KeyUtils.prepareSecretKey(encAlgo, bArr);
            AlgorithmSuite algorithmSuite = requestData.getAlgorithmSuite();
            if (algorithmSuite != null) {
                AlgorithmSuiteValidator algorithmSuiteValidator = new AlgorithmSuiteValidator(algorithmSuite);
                algorithmSuiteValidator.checkSymmetricKeyLength(prepareSecretKey.getEncoded().length);
                algorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(encAlgo);
            }
            return EncryptionUtils.decryptEncryptedData(document, str, findEncryptedDataElement, prepareSecretKey, encAlgo, requestData.getAttachmentCallbackHandler());
        } catch (IllegalArgumentException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e, "badEncAlgo", new Object[]{encAlgo});
        }
    }

    private List<WSDataRef> decryptDataRefs(Element element, WSDocInfo wSDocInfo, byte[] bArr, RequestData requestData) throws WSSecurityException {
        if (element == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (Node firstChild = element.getFirstChild(); firstChild != null; firstChild = firstChild.getNextSibling()) {
            if (1 == firstChild.getNodeType() && "http://www.w3.org/2001/04/xmlenc#".equals(firstChild.getNamespaceURI()) && "DataReference".equals(firstChild.getLocalName())) {
                arrayList.add(decryptDataRef(element.getOwnerDocument(), XMLUtils.getIDFromReference(((Element) firstChild).getAttributeNS(null, "URI")), wSDocInfo, bArr, requestData));
            }
        }
        return arrayList;
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x00a5 A[Catch: Exception -> 0x00c8, TryCatch #2 {Exception -> 0x00c8, blocks: (B:5:0x000a, B:8:0x0020, B:14:0x00a5, B:25:0x00a9, B:26:0x002a, B:29:0x0032, B:31:0x003a, B:32:0x0040, B:34:0x004b, B:36:0x0057, B:37:0x005f, B:39:0x0067, B:40:0x006f, B:42:0x0077, B:43:0x007f, B:45:0x0087, B:46:0x008e, B:48:0x0096, B:49:0x009b), top: B:4:0x000a }] */
    /* JADX WARN: Removed duplicated region for block: B:25:0x00a9 A[Catch: Exception -> 0x00c8, TRY_LEAVE, TryCatch #2 {Exception -> 0x00c8, blocks: (B:5:0x000a, B:8:0x0020, B:14:0x00a5, B:25:0x00a9, B:26:0x002a, B:29:0x0032, B:31:0x003a, B:32:0x0040, B:34:0x004b, B:36:0x0057, B:37:0x005f, B:39:0x0067, B:40:0x006f, B:42:0x0077, B:43:0x007f, B:45:0x0087, B:46:0x008e, B:48:0x0096, B:49:0x009b), top: B:4:0x000a }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static byte[] getAsymmetricDecryptedBytes(org.apache.wss4j.dom.handler.RequestData r4, org.apache.wss4j.dom.WSDocInfo r5, java.lang.String r6, byte[] r7, org.w3c.dom.Element r8, org.w3c.dom.Element r9, java.security.cert.X509Certificate r10) throws org.apache.wss4j.common.ext.WSSecurityException {
        /*
            org.apache.wss4j.common.crypto.Crypto r0 = r4.getDecCrypto()
            if (r0 == 0) goto Ld1
            javax.crypto.Cipher r0 = org.apache.wss4j.common.util.KeyUtils.getCipherInstance(r6)
            org.apache.wss4j.common.crypto.Crypto r1 = r4.getDecCrypto()     // Catch: java.lang.Exception -> Lc8
            javax.security.auth.callback.CallbackHandler r4 = r4.getCallbackHandler()     // Catch: java.lang.Exception -> Lc8
            java.security.PrivateKey r4 = r1.getPrivateKey(r10, r4)     // Catch: java.lang.Exception -> Lc8
            java.lang.String r10 = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
            boolean r10 = r10.equals(r6)     // Catch: java.lang.Exception -> Lc8
            java.lang.String r1 = "http://www.w3.org/2009/xmlenc11#rsa-oaep"
            if (r10 != 0) goto L2a
            boolean r10 = r1.equals(r6)     // Catch: java.lang.Exception -> Lc8
            if (r10 == 0) goto L27
            goto L2a
        L27:
            r9 = 0
            goto La2
        L2a:
            java.lang.String r10 = org.apache.wss4j.dom.util.EncryptionUtils.getDigestAlgorithm(r9)     // Catch: java.lang.Exception -> Lc8
            java.lang.String r2 = "SHA-1"
            if (r10 == 0) goto L3f
            java.lang.String r3 = ""
            boolean r3 = r3.equals(r10)     // Catch: java.lang.Exception -> Lc8
            if (r3 != 0) goto L3f
            java.lang.String r10 = org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID(r10)     // Catch: java.lang.Exception -> Lc8
            goto L40
        L3f:
            r10 = r2
        L40:
            java.security.spec.MGF1ParameterSpec r3 = new java.security.spec.MGF1ParameterSpec     // Catch: java.lang.Exception -> Lc8
            r3.<init>(r2)     // Catch: java.lang.Exception -> Lc8
            boolean r1 = r1.equals(r6)     // Catch: java.lang.Exception -> Lc8
            if (r1 == 0) goto L8e
            java.lang.String r1 = org.apache.wss4j.dom.util.EncryptionUtils.getMGFAlgorithm(r9)     // Catch: java.lang.Exception -> Lc8
            java.lang.String r2 = "http://www.w3.org/2009/xmlenc11#mgf1sha224"
            boolean r2 = r2.equals(r1)     // Catch: java.lang.Exception -> Lc8
            if (r2 == 0) goto L5f
            java.security.spec.MGF1ParameterSpec r3 = new java.security.spec.MGF1ParameterSpec     // Catch: java.lang.Exception -> Lc8
            java.lang.String r1 = "SHA-224"
            r3.<init>(r1)     // Catch: java.lang.Exception -> Lc8
            goto L8e
        L5f:
            java.lang.String r2 = "http://www.w3.org/2009/xmlenc11#mgf1sha256"
            boolean r2 = r2.equals(r1)     // Catch: java.lang.Exception -> Lc8
            if (r2 == 0) goto L6f
            java.security.spec.MGF1ParameterSpec r3 = new java.security.spec.MGF1ParameterSpec     // Catch: java.lang.Exception -> Lc8
            java.lang.String r1 = "SHA-256"
            r3.<init>(r1)     // Catch: java.lang.Exception -> Lc8
            goto L8e
        L6f:
            java.lang.String r2 = "http://www.w3.org/2009/xmlenc11#mgf1sha384"
            boolean r2 = r2.equals(r1)     // Catch: java.lang.Exception -> Lc8
            if (r2 == 0) goto L7f
            java.security.spec.MGF1ParameterSpec r3 = new java.security.spec.MGF1ParameterSpec     // Catch: java.lang.Exception -> Lc8
            java.lang.String r1 = "SHA-384"
            r3.<init>(r1)     // Catch: java.lang.Exception -> Lc8
            goto L8e
        L7f:
            java.lang.String r2 = "http://www.w3.org/2009/xmlenc11#mgf1sha512"
            boolean r1 = r2.equals(r1)     // Catch: java.lang.Exception -> Lc8
            if (r1 == 0) goto L8e
            java.security.spec.MGF1ParameterSpec r3 = new java.security.spec.MGF1ParameterSpec     // Catch: java.lang.Exception -> Lc8
            java.lang.String r1 = "SHA-512"
            r3.<init>(r1)     // Catch: java.lang.Exception -> Lc8
        L8e:
            javax.crypto.spec.PSource$PSpecified r1 = javax.crypto.spec.PSource.PSpecified.DEFAULT     // Catch: java.lang.Exception -> Lc8
            byte[] r9 = org.apache.wss4j.dom.util.EncryptionUtils.getPSource(r9)     // Catch: java.lang.Exception -> Lc8
            if (r9 == 0) goto L9b
            javax.crypto.spec.PSource$PSpecified r1 = new javax.crypto.spec.PSource$PSpecified     // Catch: java.lang.Exception -> Lc8
            r1.<init>(r9)     // Catch: java.lang.Exception -> Lc8
        L9b:
            javax.crypto.spec.OAEPParameterSpec r9 = new javax.crypto.spec.OAEPParameterSpec     // Catch: java.lang.Exception -> Lc8
            java.lang.String r2 = "MGF1"
            r9.<init>(r10, r2, r3, r1)     // Catch: java.lang.Exception -> Lc8
        La2:
            r10 = 4
            if (r9 != 0) goto La9
            r0.init(r10, r4)     // Catch: java.lang.Exception -> Lc8
            goto Lac
        La9:
            r0.init(r10, r4, r9)     // Catch: java.lang.Exception -> Lc8
        Lac:
            java.lang.String r4 = org.apache.xml.security.algorithms.JCEMapper.translateURItoJCEID(r6)     // Catch: java.lang.Exception -> Lba java.lang.IllegalStateException -> Lbf
            r6 = 3
            java.security.Key r4 = r0.unwrap(r7, r4, r6)     // Catch: java.lang.Exception -> Lba java.lang.IllegalStateException -> Lbf
            byte[] r4 = r4.getEncoded()     // Catch: java.lang.Exception -> Lba java.lang.IllegalStateException -> Lbf
            return r4
        Lba:
            byte[] r4 = getRandomKey(r8, r5)
            return r4
        Lbf:
            r4 = move-exception
            org.apache.wss4j.common.ext.WSSecurityException r5 = new org.apache.wss4j.common.ext.WSSecurityException
            org.apache.wss4j.common.ext.WSSecurityException$ErrorCode r6 = org.apache.wss4j.common.ext.WSSecurityException.ErrorCode.FAILED_CHECK
            r5.<init>(r6, r4)
            throw r5
        Lc8:
            r4 = move-exception
            org.apache.wss4j.common.ext.WSSecurityException r5 = new org.apache.wss4j.common.ext.WSSecurityException
            org.apache.wss4j.common.ext.WSSecurityException$ErrorCode r6 = org.apache.wss4j.common.ext.WSSecurityException.ErrorCode.FAILED_CHECK
            r5.<init>(r6, r4)
            throw r5
        Ld1:
            org.apache.wss4j.common.ext.WSSecurityException r4 = new org.apache.wss4j.common.ext.WSSecurityException
            org.apache.wss4j.common.ext.WSSecurityException$ErrorCode r5 = org.apache.wss4j.common.ext.WSSecurityException.ErrorCode.FAILURE
            java.lang.String r6 = "noDecCryptoFile"
            r4.<init>(r5, r6)
            throw r4
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.wss4j.dom.processor.EncryptedKeyProcessor.getAsymmetricDecryptedBytes(org.apache.wss4j.dom.handler.RequestData, org.apache.wss4j.dom.WSDocInfo, java.lang.String, byte[], org.w3c.dom.Element, org.w3c.dom.Element, java.security.cert.X509Certificate):byte[]");
    }

    private X509Certificate[] getCertificatesFromX509Data(Element element, RequestData requestData) throws WSSecurityException {
        if (!"http://www.w3.org/2000/09/xmldsig#".equals(element.getNamespaceURI()) || !"X509Data".equals(element.getLocalName())) {
            return null;
        }
        requestData.getBSPEnforcer().handleBSPRule(BSPRule.R5426);
        Element firstElement = getFirstElement(element);
        if (firstElement == null || !"http://www.w3.org/2000/09/xmldsig#".equals(firstElement.getNamespaceURI())) {
            return null;
        }
        if ("X509IssuerSerial".equals(firstElement.getLocalName())) {
            DOMX509IssuerSerial dOMX509IssuerSerial = new DOMX509IssuerSerial(firstElement);
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
            cryptoType.setIssuerSerial(dOMX509IssuerSerial.getIssuer(), dOMX509IssuerSerial.getSerialNumber());
            return requestData.getDecCrypto().getX509Certificates(cryptoType);
        }
        if (!"X509Certificate".equals(firstElement.getLocalName())) {
            return null;
        }
        byte[] decodedBase64EncodedData = EncryptionUtils.getDecodedBase64EncodedData(firstElement);
        if (decodedBase64EncodedData == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidCertData", new Object[]{"0"});
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decodedBase64EncodedData);
            try {
                X509Certificate loadCertificate = requestData.getDecCrypto().loadCertificate(byteArrayInputStream);
                if (loadCertificate == null) {
                    byteArrayInputStream.close();
                    return null;
                }
                X509Certificate[] x509CertificateArr = {loadCertificate};
                byteArrayInputStream.close();
                return x509CertificateArr;
            } finally {
            }
        } catch (IOException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "parseError");
        }
    }

    private static String getFirstDataRefURI(Element element) {
        if (element != null) {
            for (Node firstChild = element.getFirstChild(); firstChild != null; firstChild = firstChild.getNextSibling()) {
                if (1 == firstChild.getNodeType() && "http://www.w3.org/2001/04/xmlenc#".equals(firstChild.getNamespaceURI()) && "DataReference".equals(firstChild.getLocalName())) {
                    return XMLUtils.getIDFromReference(((Element) firstChild).getAttributeNS(null, "URI"));
                }
            }
        }
        return null;
    }

    private Element getFirstElement(Element element) {
        for (Node firstChild = element.getFirstChild(); firstChild != null; firstChild = firstChild.getNextSibling()) {
            if (1 == firstChild.getNodeType()) {
                return (Element) firstChild;
            }
        }
        return null;
    }

    private Element getKeyInfoChildElement(Element element, RequestData requestData) throws WSSecurityException {
        Element directChildElement = XMLUtils.getDirectChildElement(element, "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
        if (directChildElement == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
        }
        Element element2 = null;
        int i = 0;
        for (Node firstChild = directChildElement.getFirstChild(); firstChild != null; firstChild = firstChild.getNextSibling()) {
            if (1 == firstChild.getNodeType()) {
                i++;
                element2 = (Element) firstChild;
            }
        }
        if (i != 1) {
            requestData.getBSPEnforcer().handleBSPRule(BSPRule.R5424);
        }
        if (element2 != null) {
            return element2;
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noSecTokRef");
    }

    private static byte[] getRandomKey(Element element, WSDocInfo wSDocInfo) throws WSSecurityException {
        int i;
        String str;
        try {
            try {
                String firstDataRefURI = getFirstDataRefURI(element);
                if (firstDataRefURI != null) {
                    String encAlgo = X509Util.getEncAlgo(EncryptionUtils.findEncryptedDataElement(element.getOwnerDocument(), wSDocInfo, firstDataRefURI));
                    str = JCEMapper.getJCEKeyAlgorithmFromURI(encAlgo);
                    i = KeyUtils.getKeyLength(encAlgo);
                } else {
                    i = 16;
                    str = "AES";
                }
                KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
                keyGenerator.init(i * 8);
                return keyGenerator.generateKey().getEncoded();
            } catch (Throwable unused) {
                KeyGenerator keyGenerator2 = KeyGenerator.getInstance("AES");
                keyGenerator2.init(128);
                return keyGenerator2.generateKey().getEncoded();
            }
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
        }
    }

    private static byte[] getSymmetricDecryptedBytes(RequestData requestData, WSDocInfo wSDocInfo, Element element, Element element2, byte[] bArr) throws WSSecurityException {
        String firstDataRefURI = getFirstDataRefURI(element2);
        return X509Util.getSecretKey(element, firstDataRefURI != null ? X509Util.getEncAlgo(EncryptionUtils.findEncryptedDataElement(element2.getOwnerDocument(), wSDocInfo, firstDataRefURI)) : null, requestData.getCallbackHandler(), bArr);
    }

    private static boolean isSymmetricKeyWrap(String str) {
        return "http://www.w3.org/2001/04/xmlenc#kw-aes128".equals(str) || "http://www.w3.org/2001/04/xmlenc#kw-aes192".equals(str) || "http://www.w3.org/2001/04/xmlenc#kw-aes256".equals(str) || "http://www.w3.org/2001/04/xmlenc#kw-tripledes".equals(str) || "http://www.w3.org/2001/04/xmldsig-more#kw-camellia128".equals(str) || "http://www.w3.org/2001/04/xmldsig-more#kw-camellia192".equals(str) || "http://www.w3.org/2001/04/xmldsig-more#kw-camellia256".equals(str) || "http://www.w3.org/2007/05/xmldsig-more#kw-seed128".equals(str);
    }

    @Override // org.apache.wss4j.dom.processor.Processor
    public List<WSSecurityEngineResult> handleToken(Element element, RequestData requestData, WSDocInfo wSDocInfo) throws WSSecurityException {
        return handleToken(element, requestData, wSDocInfo, requestData.getAlgorithmSuite());
    }

    public List<WSSecurityEngineResult> handleToken(Element element, RequestData requestData, WSDocInfo wSDocInfo, AlgorithmSuite algorithmSuite) throws WSSecurityException {
        STRParser.REFERENCE_TYPE reference_type;
        X509Certificate[] x509CertificateArr;
        byte[] bArr;
        byte[] asymmetricDecryptedBytes;
        X509Certificate[] certificatesFromX509Data;
        STRParser.REFERENCE_TYPE reference_type2;
        WSSecurityEngineResult result;
        Logger logger = LOG;
        if (logger.isDebugEnabled()) {
            logger.debug("Found encrypted key element");
        }
        String attributeNS = element.getAttributeNS(null, "Id");
        if (!"".equals(attributeNS) && (result = wSDocInfo.getResult(attributeNS)) != null && 4 == ((Integer) result.get("action")).intValue()) {
            return Collections.singletonList(result);
        }
        if (requestData.getCallbackHandler() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCallback");
        }
        String encAlgo = X509Util.getEncAlgo(element);
        if (encAlgo == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncAlgo");
        }
        if ("http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(encAlgo) && !requestData.isAllowRSA15KeyTransportAlgorithm() && (algorithmSuite == null || !algorithmSuite.getKeyWrapAlgorithms().contains("http://www.w3.org/2001/04/xmlenc#rsa-1_5"))) {
            logger.debug("The Key transport method does not match the requirement");
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
        }
        checkBSPCompliance(element, encAlgo, requestData.getBSPEnforcer());
        Element cipherValueFromEncryptedData = EncryptionUtils.getCipherValueFromEncryptedData(element);
        if (cipherValueFromEncryptedData == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
        }
        Element keyInfoChildElement = getKeyInfoChildElement(element, requestData);
        boolean isSymmetricKeyWrap = isSymmetricKeyWrap(encAlgo);
        if (isSymmetricKeyWrap) {
            reference_type = null;
            x509CertificateArr = null;
        } else {
            if ("SecurityTokenReference".equals(keyInfoChildElement.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(keyInfoChildElement.getNamespaceURI())) {
                STRParserParameters sTRParserParameters = new STRParserParameters();
                sTRParserParameters.setData(requestData);
                sTRParserParameters.setWsDocInfo(wSDocInfo);
                sTRParserParameters.setStrElement(keyInfoChildElement);
                STRParserResult parseSecurityTokenReference = new EncryptedKeySTRParser().parseSecurityTokenReference(sTRParserParameters);
                certificatesFromX509Data = parseSecurityTokenReference.getCertificates();
                reference_type2 = parseSecurityTokenReference.getCertificatesReferenceType();
            } else {
                certificatesFromX509Data = getCertificatesFromX509Data(keyInfoChildElement, requestData);
                reference_type2 = null;
            }
            if (certificatesFromX509Data == null || certificatesFromX509Data.length < 1 || certificatesFromX509Data[0] == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCertsFound", new Object[]{"decryption (KeyId)"});
            }
            reference_type = reference_type2;
            x509CertificateArr = certificatesFromX509Data;
        }
        if (algorithmSuite != null) {
            AlgorithmSuiteValidator algorithmSuiteValidator = new AlgorithmSuiteValidator(algorithmSuite);
            if (!isSymmetricKeyWrap) {
                algorithmSuiteValidator.checkAsymmetricKeyLength(x509CertificateArr[0]);
            }
            algorithmSuiteValidator.checkEncryptionKeyWrapAlgorithm(encAlgo);
        }
        Element directChildElement = XMLUtils.getDirectChildElement(element, "ReferenceList", "http://www.w3.org/2001/04/xmlenc#");
        String xOPURIFromCipherValue = EncryptionUtils.getXOPURIFromCipherValue(cipherValueFromEncryptedData);
        byte[] decodedBase64EncodedData = (xOPURIFromCipherValue == null || !xOPURIFromCipherValue.startsWith("cid:")) ? EncryptionUtils.getDecodedBase64EncodedData(cipherValueFromEncryptedData) : WSSecurityUtil.getBytesFromAttachment(xOPURIFromCipherValue, requestData);
        if (isSymmetricKeyWrap) {
            asymmetricDecryptedBytes = getSymmetricDecryptedBytes(requestData, wSDocInfo, keyInfoChildElement, directChildElement, decodedBase64EncodedData);
            bArr = decodedBase64EncodedData;
        } else {
            bArr = decodedBase64EncodedData;
            asymmetricDecryptedBytes = getAsymmetricDecryptedBytes(requestData, wSDocInfo, encAlgo, decodedBase64EncodedData, directChildElement, element, x509CertificateArr[0]);
        }
        WSSecurityEngineResult wSSecurityEngineResult = new WSSecurityEngineResult(4, asymmetricDecryptedBytes, bArr, decryptDataRefs(directChildElement, wSDocInfo, asymmetricDecryptedBytes, requestData), x509CertificateArr);
        wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_TRANSPORT_METHOD, encAlgo);
        wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_TOKEN_ELEMENT, element);
        String attributeNS2 = element.getAttributeNS(null, "Id");
        if (!"".equals(attributeNS2)) {
            wSSecurityEngineResult.put("id", attributeNS2);
        }
        if (reference_type != null) {
            wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE, reference_type);
        }
        wSDocInfo.addResult(wSSecurityEngineResult);
        wSDocInfo.addTokenElement(element);
        return Collections.singletonList(wSSecurityEngineResult);
    }
}
