package org.apache.wss4j.dom.message;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.Attachment;
import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.AttachmentResultCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.AttachmentUtils;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WsuIdAllocator;
import org.apache.wss4j.dom.callback.CallbackLookup;
import org.apache.wss4j.dom.callback.DOMCallbackLookup;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.Serializer;
import org.apache.xml.security.encryption.TransformSerializer;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLCipherUtil;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.utils.Base64;
import org.apache.xmlbeans.impl.common.Sax2Dom;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-283-10.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-dom-2.1.7.jar:org/apache/wss4j/dom/message/WSSecEncrypt.class */
public class WSSecEncrypt extends WSSecEncryptedKey {
    private static final Logger LOG = LoggerFactory.getLogger(WSSecEncrypt.class);
    private SecurityTokenReference securityTokenReference;
    private boolean encryptSymmKey = true;
    private String customReferenceValue;
    private boolean encKeyIdDirectId;
    private boolean embedEncryptedKey;
    private List<Element> attachmentEncryptedDataElements;
    private Serializer encryptionSerializer;

    @Override // org.apache.wss4j.dom.message.WSSecEncryptedKey
    public void prepare(Document document, Crypto crypto) throws WSSecurityException {
        CryptoType cryptoType;
        this.document = document;
        this.attachmentEncryptedDataElements = new ArrayList();
        if (this.symmetricKey == null) {
            if (getEphemeralKey() != null) {
                this.symmetricKey = KeyUtils.prepareSecretKey(getSymmetricEncAlgorithm(), getEphemeralKey());
            } else {
                this.symmetricKey = KeyUtils.getKeyGenerator(getSymmetricEncAlgorithm()).generateKey();
            }
        }
        if (!this.encryptSymmKey || this.encryptedEphemeralKey != null) {
            if (this.encryptedEphemeralKey != null) {
                prepareInternal(this.symmetricKey);
                return;
            } else {
                this.encryptedEphemeralKey = this.symmetricKey.getEncoded();
                return;
            }
        }
        if (getUseThisPublicKey() != null) {
            prepareInternal(this.symmetricKey, getUseThisPublicKey(), crypto);
            return;
        }
        X509Certificate useThisCert = getUseThisCert();
        if (useThisCert == null) {
            if (this.keyIdentifierType == 14) {
                cryptoType = new CryptoType(CryptoType.TYPE.ENDPOINT);
                cryptoType.setEndpoint(this.user);
            } else {
                cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
                cryptoType.setAlias(this.user);
            }
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates == null || x509Certificates.length <= 0) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUserCertsFound", new Object[]{this.user, "encryption"});
            }
            useThisCert = x509Certificates[0];
        }
        prepareInternal(this.symmetricKey, useThisCert, crypto);
    }

    public Document build(Document document, Crypto crypto, WSSecHeader wSSecHeader) throws WSSecurityException {
        this.doDebug = LOG.isDebugEnabled();
        prepare(document, crypto);
        if (this.doDebug) {
            LOG.debug("Beginning Encryption...");
        }
        Element encrypt = encrypt();
        addAttachmentEncryptedDataElements(wSSecHeader);
        if (getEncryptedKeyElement() != null) {
            addInternalRefElement(encrypt);
            prependToHeader(wSSecHeader);
        } else {
            addExternalRefElement(encrypt, wSSecHeader);
        }
        prependBSTElementToHeader(wSSecHeader);
        clean();
        LOG.debug("Encryption complete.");
        return document;
    }

    public Element encrypt() throws WSSecurityException {
        if (getParts().isEmpty()) {
            getParts().add(WSSecurityUtil.getDefaultEncryptionPart(this.document));
        }
        return encryptForRef(null, getParts());
    }

    public Element encryptForRef(Element element, List<WSEncryptionPart> list) throws WSSecurityException {
        List<String> doEncryption = doEncryption(this.document, getIdAllocator(), createKeyInfo(), new SecretKeySpec(this.symmetricKey.getEncoded(), this.symmetricKey.getAlgorithm()), getSymmetricEncAlgorithm(), list, this.callbackLookup, this.attachmentCallbackHandler, this.attachmentEncryptedDataElements, this.storeBytesInAttachment);
        if (doEncryption.isEmpty()) {
            return null;
        }
        if (element == null) {
            element = this.document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:ReferenceList");
            if (!this.encryptSymmKey) {
                XMLUtils.setNamespace(element, "http://www.w3.org/2001/04/xmlenc#", "xenc");
            }
        }
        return createDataRefList(this.document, element, doEncryption);
    }

    public void addInternalRefElement(Element element) {
        if (element != null) {
            getEncryptedKeyElement().appendChild(element);
        }
    }

    public void addExternalRefElement(Element element, WSSecHeader wSSecHeader) {
        if (element != null) {
            WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), element);
        }
    }

    public void addAttachmentEncryptedDataElements(WSSecHeader wSSecHeader) {
        if (this.attachmentEncryptedDataElements != null) {
            for (int i = 0; i < this.attachmentEncryptedDataElements.size(); i++) {
                WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.attachmentEncryptedDataElements.get(i));
            }
        }
    }

    public static List<String> doEncryption(Document document, WsuIdAllocator wsuIdAllocator, KeyInfo keyInfo, SecretKey secretKey, String str, List<WSEncryptionPart> list, CallbackLookup callbackLookup) throws WSSecurityException {
        return doEncryption(document, wsuIdAllocator, keyInfo, secretKey, str, list, callbackLookup, null, null, false);
    }

    public static List<String> doEncryption(Document document, WsuIdAllocator wsuIdAllocator, KeyInfo keyInfo, SecretKey secretKey, String str, List<WSEncryptionPart> list, CallbackLookup callbackLookup, CallbackHandler callbackHandler, List<Element> list2, boolean z) throws WSSecurityException {
        return doEncryption(document, wsuIdAllocator, keyInfo, secretKey, str, list, callbackLookup, callbackHandler, list2, z, null);
    }

    public static List<String> doEncryption(Document document, WsuIdAllocator wsuIdAllocator, KeyInfo keyInfo, SecretKey secretKey, String str, List<WSEncryptionPart> list, CallbackLookup callbackLookup, CallbackHandler callbackHandler, List<Element> list2, boolean z, Serializer serializer) throws WSSecurityException {
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(str);
            if (serializer != null) {
                xMLCipher.setSerializer(serializer);
            }
            ArrayList arrayList = new ArrayList();
            WSEncryptionPart wSEncryptionPart = null;
            for (int i = 0; i < list.size(); i++) {
                WSEncryptionPart wSEncryptionPart2 = list.get(i);
                if (wSEncryptionPart2.getId() == null || !wSEncryptionPart2.getId().startsWith("cid:")) {
                    if (callbackLookup == null) {
                        callbackLookup = new DOMCallbackLookup(document);
                    }
                    List<Element> findElements = WSSecurityUtil.findElements(wSEncryptionPart2, callbackLookup, document);
                    if (findElements == null || findElements.size() == 0) {
                        if (wSEncryptionPart2.isRequired()) {
                            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noEncElement", new Object[]{"{" + wSEncryptionPart2.getNamespace() + "}" + wSEncryptionPart2.getName()});
                        }
                    } else if (z) {
                        Iterator<Element> it = findElements.iterator();
                        while (it.hasNext()) {
                            try {
                                String encryptElementInAttachment = encryptElementInAttachment(document, wsuIdAllocator, keyInfo, secretKey, str, callbackHandler, wSEncryptionPart2, it.next());
                                wSEncryptionPart2.setEncId(encryptElementInAttachment);
                                arrayList.add("#" + encryptElementInAttachment);
                            } catch (Exception e) {
                                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
                            }
                        }
                    } else {
                        Iterator<Element> it2 = findElements.iterator();
                        while (it2.hasNext()) {
                            String encryptElement = encryptElement(document, it2.next(), wSEncryptionPart2.getEncModifier(), wsuIdAllocator, xMLCipher, secretKey, keyInfo);
                            wSEncryptionPart2.setEncId(encryptElement);
                            arrayList.add("#" + encryptElement);
                        }
                    }
                } else {
                    wSEncryptionPart = wSEncryptionPart2;
                }
            }
            if (wSEncryptionPart != null) {
                encryptAttachment(document, wsuIdAllocator, keyInfo, secretKey, str, callbackHandler, wSEncryptionPart, arrayList, list2);
            }
            return arrayList;
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e2);
        }
    }

    private static String encryptElementInAttachment(Document document, WsuIdAllocator wsuIdAllocator, KeyInfo keyInfo, SecretKey secretKey, String str, CallbackHandler callbackHandler, WSEncryptionPart wSEncryptionPart, Element element) throws Exception {
        byte[] serializeToByteArray;
        String str2 = "Content".equals(wSEncryptionPart.getEncModifier()) ? "http://www.w3.org/2001/04/xmlenc#Content" : "http://www.w3.org/2001/04/xmlenc#Element";
        String createId = wsuIdAllocator.createId("", document);
        String createId2 = wsuIdAllocator.createId("ED-", createId);
        if ("Header".equals(wSEncryptionPart.getEncModifier()) && element.getParentNode().equals(WSSecurityUtil.getSOAPHeader(document))) {
            createEncryptedHeaderElement(document, element, wsuIdAllocator);
        }
        Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptedData");
        createElementNS.setAttributeNS(null, "Id", createId2);
        createElementNS.setAttributeNS(null, "Type", str2);
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptionMethod");
        createElementNS2.setAttributeNS(null, "Algorithm", str);
        createElementNS.appendChild(createElementNS2);
        createElementNS.appendChild(keyInfo.getElement().cloneNode(true));
        Element createElementNS3 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherData");
        Element createElementNS4 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherValue");
        createElementNS3.appendChild(createElementNS4);
        createElementNS.appendChild(createElementNS3);
        Cipher createCipher = createCipher(str, secretKey);
        TransformSerializer transformSerializer = new TransformSerializer();
        transformSerializer.setCanonicalizer(Canonicalizer.getInstance("http://santuario.apache.org/c14n/physical"));
        transformSerializer.setSecureValidation(true);
        if (str2.equals("http://www.w3.org/2001/04/xmlenc#Content")) {
            NodeList childNodes = element.getChildNodes();
            if (null == childNodes) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "Element has no content.");
            }
            serializeToByteArray = transformSerializer.serializeToByteArray(childNodes);
        } else {
            serializeToByteArray = transformSerializer.serializeToByteArray(element);
        }
        try {
            byte[] doFinal = createCipher.doFinal(serializeToByteArray);
            byte[] iv = createCipher.getIV();
            byte[] bArr = new byte[iv.length + doFinal.length];
            System.arraycopy(iv, 0, bArr, 0, iv.length);
            System.arraycopy(doFinal, 0, bArr, iv.length, doFinal.length);
            if ("Content".equals(wSEncryptionPart.getEncModifier())) {
                Node firstChild = element.getFirstChild();
                while (true) {
                    Node node = firstChild;
                    if (node == null) {
                        break;
                    }
                    Node nextSibling = node.getNextSibling();
                    element.removeChild(node);
                    firstChild = nextSibling;
                }
                element.appendChild(createElementNS);
            } else {
                element.getParentNode().replaceChild(createElementNS, element);
            }
            WSSecurityUtil.storeBytesInAttachment(createElementNS4, document, createId, bArr, callbackHandler);
            return createId2;
        } catch (BadPaddingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
        } catch (IllegalBlockSizeException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e2);
        }
    }

    private static void encryptAttachment(Document document, WsuIdAllocator wsuIdAllocator, KeyInfo keyInfo, SecretKey secretKey, String str, CallbackHandler callbackHandler, WSEncryptionPart wSEncryptionPart, List<String> list, List<Element> list2) throws WSSecurityException {
        if (callbackHandler == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"no attachment callbackhandler supplied"});
        }
        AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
        attachmentRequestCallback.setAttachmentId(wSEncryptionPart.getId().substring(4));
        try {
            callbackHandler.handle(new Callback[]{attachmentRequestCallback});
            String str2 = "Element".equals(wSEncryptionPart.getEncModifier()) ? "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete" : "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only";
            for (Attachment attachment : attachmentRequestCallback.getAttachments()) {
                String id = attachment.getId();
                String createId = wsuIdAllocator.createId("ED-", id);
                list.add("#" + createId);
                Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptedData");
                createElementNS.setAttributeNS(null, "Id", createId);
                createElementNS.setAttributeNS(null, "MimeType", attachment.getMimeType());
                createElementNS.setAttributeNS(null, "Type", str2);
                Element createElementNS2 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:EncryptionMethod");
                createElementNS2.setAttributeNS(null, "Algorithm", str);
                createElementNS.appendChild(createElementNS2);
                createElementNS.appendChild(keyInfo.getElement().cloneNode(true));
                Element createElementNS3 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherData");
                Element createElementNS4 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:CipherReference");
                createElementNS4.setAttributeNS(null, "URI", "cid:" + id);
                Element createElementNS5 = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:Transforms");
                Element createElementNS6 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transform");
                createElementNS6.setAttributeNS(null, "Algorithm", "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform");
                createElementNS5.appendChild(createElementNS6);
                createElementNS4.appendChild(createElementNS5);
                createElementNS3.appendChild(createElementNS4);
                createElementNS.appendChild(createElementNS3);
                list2.add(createElementNS);
                Attachment attachment2 = new Attachment();
                attachment2.setId(id);
                attachment2.setMimeType("application/octet-stream");
                Cipher createCipher = createCipher(str, secretKey);
                HashMap hashMap = new HashMap(attachment.getHeaders());
                attachment2.setSourceStream(AttachmentUtils.setupAttachmentEncryptionStream(createCipher, "Element".equals(wSEncryptionPart.getEncModifier()), attachment, hashMap));
                attachment2.addHeaders(hashMap);
                AttachmentResultCallback attachmentResultCallback = new AttachmentResultCallback();
                attachmentResultCallback.setAttachmentId(id);
                attachmentResultCallback.setAttachment(attachment2);
                try {
                    callbackHandler.handle(new Callback[]{attachmentResultCallback});
                } catch (Exception e) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
                }
            }
        } catch (Exception e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e2);
        }
    }

    private static Cipher createCipher(String str, SecretKey secretKey) throws WSSecurityException {
        try {
            Cipher cipher = Cipher.getInstance(JCEMapper.translateURItoJCEID(str));
            cipher.init(1, secretKey, XMLCipherUtil.constructBlockCipherParameters(str, XMLSecurityConstants.generateBytes(JCEMapper.getIVLengthFromURI(str) / 8), (Class<?>) WSSecEncrypt.class));
            return cipher;
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
        }
    }

    private static String encryptElement(Document document, Element element, String str, WsuIdAllocator wsuIdAllocator, XMLCipher xMLCipher, SecretKey secretKey, KeyInfo keyInfo) throws WSSecurityException {
        boolean equals = "Content".equals(str);
        String createId = wsuIdAllocator.createId("ED-", element);
        try {
            if ("Header".equals(str) && element.getParentNode().equals(WSSecurityUtil.getSOAPHeader(document))) {
                createEncryptedHeaderElement(document, element, wsuIdAllocator);
            }
            xMLCipher.init(1, secretKey);
            EncryptedData encryptedData = xMLCipher.getEncryptedData();
            encryptedData.setId(createId);
            encryptedData.setKeyInfo(keyInfo);
            xMLCipher.doFinal(document, element, equals);
            return createId;
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
        }
    }

    private static void createEncryptedHeaderElement(Document document, Element element, WsuIdAllocator wsuIdAllocator) {
        Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:EncryptedHeader");
        XMLUtils.setNamespace(createElementNS, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
        createElementNS.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", XMLUtils.setNamespace(createElementNS, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu") + ":Id", wsuIdAllocator.createId("EH-", element));
        Element element2 = (Element) element.getParentNode().replaceChild(createElementNS, element);
        createElementNS.appendChild(element2);
        NamedNodeMap attributes = element2.getAttributes();
        for (int i = 0; i < attributes.getLength(); i++) {
            Attr attr = (Attr) attributes.item(i);
            if ("http://schemas.xmlsoap.org/soap/envelope/".equals(attr.getNamespaceURI()) || "http://www.w3.org/2003/05/soap-envelope".equals(attr.getNamespaceURI())) {
                createElementNS.setAttributeNS(attr.getNamespaceURI(), XMLUtils.setNamespace(createElementNS, attr.getNamespaceURI(), "soapenv") + ":" + attr.getLocalName(), attr.getValue());
            }
        }
    }

    private KeyInfo createKeyInfo() throws WSSecurityException {
        KeyInfo keyInfo = new KeyInfo(this.document);
        if (this.embedEncryptedKey) {
            keyInfo.addUnknownElement(getEncryptedKeyElement());
        } else if (this.keyIdentifierType == 10) {
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(this.document);
            securityTokenReference.addWSSENamespace();
            if (this.customReferenceValue != null) {
                securityTokenReference.setKeyIdentifierEncKeySHA1(this.customReferenceValue);
            } else {
                securityTokenReference.setKeyIdentifierEncKeySHA1(Base64.encode(KeyUtils.generateDigest(this.encryptedEphemeralKey)));
            }
            securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            keyInfo.addUnknownElement(securityTokenReference.getElement());
        } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customReferenceValue)) {
            SecurityTokenReference securityTokenReference2 = new SecurityTokenReference(this.document);
            securityTokenReference2.addWSSENamespace();
            securityTokenReference2.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
            securityTokenReference2.setKeyIdentifier("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", getId());
            keyInfo.addUnknownElement(securityTokenReference2.getElement());
        } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customReferenceValue)) {
            SecurityTokenReference securityTokenReference3 = new SecurityTokenReference(this.document);
            securityTokenReference3.addWSSENamespace();
            securityTokenReference3.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
            securityTokenReference3.setKeyIdentifier("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID", getId());
            keyInfo.addUnknownElement(securityTokenReference3.getElement());
        } else if ("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1".equals(this.customReferenceValue)) {
            SecurityTokenReference securityTokenReference4 = new SecurityTokenReference(this.document);
            securityTokenReference4.addWSSENamespace();
            securityTokenReference4.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ");
            securityTokenReference4.setKeyIdentifier(this.customReferenceValue, getId(), true);
            keyInfo.addUnknownElement(securityTokenReference4.getElement());
        } else if (this.securityTokenReference != null) {
            Element element = this.securityTokenReference.getElement();
            element.setAttributeNS("http://www.w3.org/2000/xmlns/", Sax2Dom.XMLNS_STRING + element.getPrefix(), element.getNamespaceURI());
            keyInfo.addUnknownElement(this.securityTokenReference.getElement());
        } else if (getId() != null) {
            SecurityTokenReference securityTokenReference5 = new SecurityTokenReference(this.document);
            securityTokenReference5.addWSSENamespace();
            Reference reference = new Reference(this.document);
            if (this.encKeyIdDirectId) {
                reference.setURI(getId());
            } else {
                reference.setURI("#" + getId());
            }
            if (this.customReferenceValue != null) {
                reference.setValueType(this.customReferenceValue);
            }
            securityTokenReference5.setReference(reference);
            if (KerberosSecurity.isKerberosToken(this.customReferenceValue)) {
                securityTokenReference5.addTokenType(this.customReferenceValue);
            } else if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken".equals(this.customReferenceValue)) {
                securityTokenReference5.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            }
            keyInfo.addUnknownElement(securityTokenReference5.getElement());
        } else if (!this.encryptSymmKey && this.keyIdentifierType == 2) {
            SecurityTokenReference securityTokenReference6 = new SecurityTokenReference(this.document);
            securityTokenReference6.addWSSENamespace();
            if (this.customReferenceValue != null) {
                securityTokenReference6.setKeyIdentifierEncKeySHA1(this.customReferenceValue);
            } else {
                securityTokenReference6.setKeyIdentifierEncKeySHA1(Base64.encode(KeyUtils.generateDigest(this.encryptedEphemeralKey)));
            }
            securityTokenReference6.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            keyInfo.addUnknownElement(securityTokenReference6.getElement());
        }
        keyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
        return keyInfo;
    }

    public static Element createDataRefList(Document document, Element element, List<String> list) {
        for (String str : list) {
            Element createElementNS = document.createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:DataReference");
            createElementNS.setAttributeNS(null, "URI", str);
            element.appendChild(createElementNS);
        }
        return element;
    }

    public SecurityTokenReference getSecurityTokenReference() {
        return this.securityTokenReference;
    }

    public void setSecurityTokenReference(SecurityTokenReference securityTokenReference) {
        this.securityTokenReference = securityTokenReference;
    }

    public boolean isEncryptSymmKey() {
        return this.encryptSymmKey;
    }

    public void setEncryptSymmKey(boolean z) {
        this.encryptSymmKey = z;
    }

    public void setCustomReferenceValue(String str) {
        this.customReferenceValue = str;
    }

    public void setEncKeyIdDirectId(boolean z) {
        this.encKeyIdDirectId = z;
    }

    public void setEmbedEncryptedKey(boolean z) {
        this.embedEncryptedKey = z;
    }

    public boolean isEmbedEncryptedKey() {
        return this.embedEncryptedKey;
    }

    public List<Element> getAttachmentEncryptedDataElements() {
        return this.attachmentEncryptedDataElements;
    }

    public Serializer getEncryptionSerializer() {
        return this.encryptionSerializer;
    }

    public void setEncryptionSerializer(Serializer serializer) {
        this.encryptionSerializer = serializer;
    }
}
