package org.apache.wss4j.dom.processor;

import com.helger.as4.messaging.domain.CreateUserMessage;
import com.helger.commons.version.Version;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.DOMX509IssuerSerial;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.str.EncryptedKeySTRParser;
import org.apache.wss4j.dom.str.STRParser;
import org.apache.wss4j.dom.str.STRParserParameters;
import org.apache.wss4j.dom.str.STRParserResult;
import org.apache.wss4j.dom.util.EncryptionUtils;
import org.apache.wss4j.dom.util.SignatureUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.X509Util;
import org.apache.xml.security.algorithms.JCEMapper;
import org.opensaml.security.crypto.JCAConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/wss4j-ws-security-dom-2.1.8.jar:org/apache/wss4j/dom/processor/EncryptedKeyProcessor.class */
public class EncryptedKeyProcessor implements Processor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) EncryptedKeyProcessor.class);

    @Override // org.apache.wss4j.dom.processor.Processor
    public List<WSSecurityEngineResult> handleToken(Element element, RequestData requestData, WSDocInfo wSDocInfo) throws WSSecurityException {
        return handleToken(element, requestData, wSDocInfo, requestData.getAlgorithmSuite());
    }

    public List<WSSecurityEngineResult> handleToken(Element element, RequestData requestData, WSDocInfo wSDocInfo, AlgorithmSuite algorithmSuite) throws WSSecurityException {
        XMLSignatureFactory xMLSignatureFactory;
        WSSecurityEngineResult result;
        if (LOG.isDebugEnabled()) {
            LOG.debug("Found encrypted key element");
        }
        String attributeNS = element.getAttributeNS(null, "Id");
        if (!"".equals(attributeNS) && (result = wSDocInfo.getResult(attributeNS)) != null && 4 == ((Integer) result.get("action")).intValue()) {
            return Collections.singletonList(result);
        }
        if (requestData.getCallbackHandler() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCallback");
        }
        String encAlgo = X509Util.getEncAlgo(element);
        if (encAlgo == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncAlgo");
        }
        if ("http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(encAlgo) && !requestData.isAllowRSA15KeyTransportAlgorithm() && (algorithmSuite == null || !algorithmSuite.getKeyWrapAlgorithms().contains("http://www.w3.org/2001/04/xmlenc#rsa-1_5"))) {
            LOG.debug("The Key transport method does not match the requirement");
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
        }
        checkBSPCompliance(element, encAlgo, requestData.getBSPEnforcer());
        Element cipherValueFromEncryptedData = EncryptionUtils.getCipherValueFromEncryptedData(element);
        if (cipherValueFromEncryptedData == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
        }
        Element keyInfoChildElement = getKeyInfoChildElement(element, requestData);
        X509Certificate[] x509CertificateArr = null;
        STRParser.REFERENCE_TYPE reference_type = null;
        PublicKey publicKey = null;
        boolean isSymmetricKeyWrap = isSymmetricKeyWrap(encAlgo);
        if (!isSymmetricKeyWrap) {
            if ("SecurityTokenReference".equals(keyInfoChildElement.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(keyInfoChildElement.getNamespaceURI())) {
                STRParserParameters sTRParserParameters = new STRParserParameters();
                sTRParserParameters.setData(requestData);
                sTRParserParameters.setWsDocInfo(wSDocInfo);
                sTRParserParameters.setStrElement(keyInfoChildElement);
                STRParserResult parseSecurityTokenReference = new EncryptedKeySTRParser().parseSecurityTokenReference(sTRParserParameters);
                x509CertificateArr = parseSecurityTokenReference.getCertificates();
                publicKey = parseSecurityTokenReference.getPublicKey();
                reference_type = parseSecurityTokenReference.getCertificatesReferenceType();
            } else {
                x509CertificateArr = getCertificatesFromX509Data(keyInfoChildElement, requestData);
                if (x509CertificateArr == null) {
                    try {
                        xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
                    } catch (NoSuchProviderException e) {
                        xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
                    }
                    publicKey = X509Util.parseKeyValue((Element) keyInfoChildElement.getParentNode(), xMLSignatureFactory);
                }
            }
            if (publicKey == null && (x509CertificateArr == null || x509CertificateArr.length < 1 || x509CertificateArr[0] == null)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCertsFound", new Object[]{"decryption (KeyId)"});
            }
            if (x509CertificateArr != null && x509CertificateArr.length > 0) {
                publicKey = x509CertificateArr[0].getPublicKey();
            }
        }
        if (algorithmSuite != null) {
            AlgorithmSuiteValidator algorithmSuiteValidator = new AlgorithmSuiteValidator(algorithmSuite);
            if (!isSymmetricKeyWrap) {
                algorithmSuiteValidator.checkAsymmetricKeyLength(publicKey);
            }
            algorithmSuiteValidator.checkEncryptionKeyWrapAlgorithm(encAlgo);
        }
        Element directChildElement = XMLUtils.getDirectChildElement(element, "ReferenceList", "http://www.w3.org/2001/04/xmlenc#");
        String xOPURIFromCipherValue = EncryptionUtils.getXOPURIFromCipherValue(cipherValueFromEncryptedData);
        byte[] decodedBase64EncodedData = (xOPURIFromCipherValue == null || !xOPURIFromCipherValue.startsWith(CreateUserMessage.PREFIX_CID)) ? EncryptionUtils.getDecodedBase64EncodedData(cipherValueFromEncryptedData) : WSSecurityUtil.getBytesFromAttachment(xOPURIFromCipherValue, requestData);
        byte[] symmetricDecryptedBytes = isSymmetricKeyWrap ? getSymmetricDecryptedBytes(requestData, wSDocInfo, keyInfoChildElement, directChildElement, decodedBase64EncodedData) : getAsymmetricDecryptedBytes(requestData, wSDocInfo, encAlgo, decodedBase64EncodedData, directChildElement, element, getPrivateKey(requestData, x509CertificateArr, publicKey));
        WSSecurityEngineResult wSSecurityEngineResult = new WSSecurityEngineResult(4, symmetricDecryptedBytes, decodedBase64EncodedData, decryptDataRefs(directChildElement, wSDocInfo, symmetricDecryptedBytes, requestData), x509CertificateArr);
        wSSecurityEngineResult.put("encrypted-key-transport-method", encAlgo);
        wSSecurityEngineResult.put("token-element", element);
        String attributeNS2 = element.getAttributeNS(null, "Id");
        if (!"".equals(attributeNS2)) {
            wSSecurityEngineResult.put("id", attributeNS2);
        }
        if (reference_type != null) {
            wSSecurityEngineResult.put("x509-reference-type", reference_type);
        }
        if (publicKey != null) {
            wSSecurityEngineResult.put("public-key", publicKey);
        }
        wSDocInfo.addResult(wSSecurityEngineResult);
        wSDocInfo.addTokenElement(element);
        return Collections.singletonList(wSSecurityEngineResult);
    }

    private PrivateKey getPrivateKey(RequestData requestData, X509Certificate[] x509CertificateArr, PublicKey publicKey) throws WSSecurityException {
        try {
            if (x509CertificateArr != null) {
                return requestData.getDecCrypto().getPrivateKey(x509CertificateArr[0], requestData.getCallbackHandler());
            }
            if (requestData.getDecCrypto() instanceof Merlin) {
                return ((Merlin) requestData.getDecCrypto()).getPrivateKey(publicKey, requestData.getCallbackHandler());
            }
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
        } catch (WSSecurityException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
        }
    }

    private static byte[] getSymmetricDecryptedBytes(RequestData requestData, WSDocInfo wSDocInfo, Element element, Element element2, byte[] bArr) throws WSSecurityException {
        String firstDataRefURI = getFirstDataRefURI(element2);
        String str = null;
        if (firstDataRefURI != null) {
            str = X509Util.getEncAlgo(EncryptionUtils.findEncryptedDataElement(element2.getOwnerDocument(), wSDocInfo, firstDataRefURI));
        }
        return X509Util.getSecretKey(element, str, requestData.getCallbackHandler(), bArr);
    }

    private static byte[] getAsymmetricDecryptedBytes(RequestData requestData, WSDocInfo wSDocInfo, String str, byte[] bArr, Element element, Element element2, PrivateKey privateKey) throws WSSecurityException {
        if (requestData.getDecCrypto() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noDecCryptoFile");
        }
        Cipher cipherInstance = KeyUtils.getCipherInstance(str, requestData.getDecCrypto().getCryptoProvider());
        try {
            OAEPParameterSpec oAEPParameterSpec = null;
            if ("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str) || "http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str)) {
                String digestAlgorithm = EncryptionUtils.getDigestAlgorithm(element2);
                String str2 = "SHA-1";
                if (digestAlgorithm != null && !"".equals(digestAlgorithm)) {
                    str2 = JCEMapper.translateURItoJCEID(digestAlgorithm);
                }
                MGF1ParameterSpec mGF1ParameterSpec = new MGF1ParameterSpec("SHA-1");
                if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str)) {
                    String mGFAlgorithm = EncryptionUtils.getMGFAlgorithm(element2);
                    if ("http://www.w3.org/2009/xmlenc11#mgf1sha224".equals(mGFAlgorithm)) {
                        mGF1ParameterSpec = new MGF1ParameterSpec("SHA-224");
                    } else if ("http://www.w3.org/2009/xmlenc11#mgf1sha256".equals(mGFAlgorithm)) {
                        mGF1ParameterSpec = new MGF1ParameterSpec("SHA-256");
                    } else if ("http://www.w3.org/2009/xmlenc11#mgf1sha384".equals(mGFAlgorithm)) {
                        mGF1ParameterSpec = new MGF1ParameterSpec("SHA-384");
                    } else if ("http://www.w3.org/2009/xmlenc11#mgf1sha512".equals(mGFAlgorithm)) {
                        mGF1ParameterSpec = new MGF1ParameterSpec("SHA-512");
                    }
                }
                PSource.PSpecified pSpecified = PSource.PSpecified.DEFAULT;
                byte[] pSource = EncryptionUtils.getPSource(element2);
                if (pSource != null) {
                    pSpecified = new PSource.PSpecified(pSource);
                }
                oAEPParameterSpec = new OAEPParameterSpec(str2, "MGF1", mGF1ParameterSpec, pSpecified);
            }
            if (oAEPParameterSpec == null) {
                cipherInstance.init(4, privateKey);
            } else {
                cipherInstance.init(4, privateKey, oAEPParameterSpec);
            }
            try {
                return cipherInstance.unwrap(bArr, JCEMapper.translateURItoJCEID(str), 3).getEncoded();
            } catch (IllegalStateException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
            } catch (Exception e2) {
                return getRandomKey(element, wSDocInfo);
            }
        } catch (Exception e3) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e3);
        }
    }

    private static boolean isSymmetricKeyWrap(String str) {
        return "http://www.w3.org/2001/04/xmlenc#kw-aes128".equals(str) || "http://www.w3.org/2001/04/xmlenc#kw-aes192".equals(str) || "http://www.w3.org/2001/04/xmlenc#kw-aes256".equals(str) || "http://www.w3.org/2001/04/xmlenc#kw-tripledes".equals(str) || "http://www.w3.org/2001/04/xmldsig-more#kw-camellia128".equals(str) || "http://www.w3.org/2001/04/xmldsig-more#kw-camellia192".equals(str) || "http://www.w3.org/2001/04/xmldsig-more#kw-camellia256".equals(str) || "http://www.w3.org/2007/05/xmldsig-more#kw-seed128".equals(str);
    }

    private static byte[] getRandomKey(Element element, WSDocInfo wSDocInfo) throws WSSecurityException {
        try {
            String str = JCAConstants.KEY_ALGO_AES;
            int i = 16;
            String firstDataRefURI = getFirstDataRefURI(element);
            if (firstDataRefURI != null) {
                String encAlgo = X509Util.getEncAlgo(EncryptionUtils.findEncryptedDataElement(element.getOwnerDocument(), wSDocInfo, firstDataRefURI));
                str = JCEMapper.getJCEKeyAlgorithmFromURI(encAlgo);
                i = KeyUtils.getKeyLength(encAlgo);
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
            keyGenerator.init(i * 8);
            return keyGenerator.generateKey().getEncoded();
        } catch (Throwable th) {
            try {
                KeyGenerator keyGenerator2 = KeyGenerator.getInstance(JCAConstants.KEY_ALGO_AES);
                keyGenerator2.init(128);
                return keyGenerator2.generateKey().getEncoded();
            } catch (NoSuchAlgorithmException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
            }
        }
    }

    private static String getFirstDataRefURI(Element element) {
        if (element == null) {
            return null;
        }
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return null;
            }
            if (1 == node.getNodeType() && "http://www.w3.org/2001/04/xmlenc#".equals(node.getNamespaceURI()) && "DataReference".equals(node.getLocalName())) {
                return XMLUtils.getIDFromReference(((Element) node).getAttributeNS(null, "URI"));
            }
            firstChild = node.getNextSibling();
        }
    }

    private Element getKeyInfoChildElement(Element element, RequestData requestData) throws WSSecurityException {
        Element directChildElement = XMLUtils.getDirectChildElement(element, "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
        if (directChildElement == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
        }
        Element element2 = null;
        int i = 0;
        Node firstChild = directChildElement.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                break;
            }
            if (1 == node.getNodeType()) {
                i++;
                element2 = (Element) node;
            }
            firstChild = node.getNextSibling();
        }
        if (i != 1) {
            requestData.getBSPEnforcer().handleBSPRule(BSPRule.R5424);
        }
        if (element2 == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noSecTokRef");
        }
        return element2;
    }

    private X509Certificate[] getCertificatesFromX509Data(Element element, RequestData requestData) throws WSSecurityException {
        if (!"http://www.w3.org/2000/09/xmldsig#".equals(element.getNamespaceURI()) || !"X509Data".equals(element.getLocalName())) {
            return null;
        }
        requestData.getBSPEnforcer().handleBSPRule(BSPRule.R5426);
        Element firstElement = getFirstElement(element);
        if (firstElement == null || !"http://www.w3.org/2000/09/xmldsig#".equals(firstElement.getNamespaceURI())) {
            return null;
        }
        if ("X509IssuerSerial".equals(firstElement.getLocalName())) {
            DOMX509IssuerSerial dOMX509IssuerSerial = new DOMX509IssuerSerial(firstElement);
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
            cryptoType.setIssuerSerial(dOMX509IssuerSerial.getIssuer(), dOMX509IssuerSerial.getSerialNumber());
            return requestData.getDecCrypto().getX509Certificates(cryptoType);
        }
        if (!"X509Certificate".equals(firstElement.getLocalName())) {
            return null;
        }
        byte[] decodedBase64EncodedData = EncryptionUtils.getDecodedBase64EncodedData(firstElement);
        if (decodedBase64EncodedData == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidCertData", new Object[]{Version.DEFAULT_VERSION_STRING});
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decodedBase64EncodedData);
            Throwable th = null;
            try {
                try {
                    X509Certificate loadCertificate = requestData.getDecCrypto().loadCertificate(byteArrayInputStream);
                    if (loadCertificate == null) {
                        if (byteArrayInputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                        return null;
                    }
                    X509Certificate[] x509CertificateArr = {loadCertificate};
                    if (byteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            byteArrayInputStream.close();
                        }
                    }
                    return x509CertificateArr;
                } finally {
                }
            } catch (Throwable th4) {
                th = th4;
                throw th4;
            }
        } catch (IOException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "parseError");
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "parseError");
    }

    private Element getFirstElement(Element element) {
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return null;
            }
            if (1 == node.getNodeType()) {
                return (Element) node;
            }
            firstChild = node.getNextSibling();
        }
    }

    private List<WSDataRef> decryptDataRefs(Element element, WSDocInfo wSDocInfo, byte[] bArr, RequestData requestData) throws WSSecurityException {
        if (element == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return arrayList;
            }
            if (1 == node.getNodeType() && "http://www.w3.org/2001/04/xmlenc#".equals(node.getNamespaceURI()) && "DataReference".equals(node.getLocalName())) {
                arrayList.add(decryptDataRef(element.getOwnerDocument(), XMLUtils.getIDFromReference(((Element) node).getAttributeNS(null, "URI")), wSDocInfo, bArr, requestData));
            }
            firstChild = node.getNextSibling();
        }
    }

    private WSDataRef decryptDataRef(Document document, String str, WSDocInfo wSDocInfo, byte[] bArr, RequestData requestData) throws WSSecurityException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("found data reference: " + str);
        }
        Element findEncryptedDataElement = EncryptionUtils.findEncryptedDataElement(document, wSDocInfo, str);
        if (findEncryptedDataElement != null && requestData.isRequireSignedEncryptedDataElements()) {
            SignatureUtils.verifySignedElement(findEncryptedDataElement, wSDocInfo.getResultsByTag(2));
        }
        String encAlgo = X509Util.getEncAlgo(findEncryptedDataElement);
        if (encAlgo == null) {
            LOG.debug("No encryption algorithm was specified in the request");
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "badEncAlgo", new Object[]{null});
        }
        if (!"http://www.w3.org/2001/04/xmlenc#tripledes-cbc".equals(encAlgo) && !"http://www.w3.org/2001/04/xmlenc#aes128-cbc".equals(encAlgo) && !"http://www.w3.org/2009/xmlenc11#aes128-gcm".equals(encAlgo) && !"http://www.w3.org/2001/04/xmlenc#aes256-cbc".equals(encAlgo) && !"http://www.w3.org/2009/xmlenc11#aes256-gcm".equals(encAlgo)) {
            requestData.getBSPEnforcer().handleBSPRule(BSPRule.R5620);
        }
        try {
            SecretKey prepareSecretKey = KeyUtils.prepareSecretKey(encAlgo, bArr);
            AlgorithmSuite algorithmSuite = requestData.getAlgorithmSuite();
            if (algorithmSuite != null) {
                AlgorithmSuiteValidator algorithmSuiteValidator = new AlgorithmSuiteValidator(algorithmSuite);
                algorithmSuiteValidator.checkSymmetricKeyLength(prepareSecretKey.getEncoded().length);
                algorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(encAlgo);
            }
            return EncryptionUtils.decryptEncryptedData(document, str, findEncryptedDataElement, prepareSecretKey, encAlgo, requestData.getAttachmentCallbackHandler(), requestData.getEncryptionSerializer());
        } catch (IllegalArgumentException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e, "badEncAlgo", new Object[]{encAlgo});
        }
    }

    private void checkBSPCompliance(Element element, String str, BSPEnforcer bSPEnforcer) throws WSSecurityException {
        String attributeNS = element.getAttributeNS(null, "Type");
        if (attributeNS != null && !"".equals(attributeNS)) {
            bSPEnforcer.handleBSPRule(BSPRule.R3209);
        }
        String attributeNS2 = element.getAttributeNS(null, "MimeType");
        if (attributeNS2 != null && !"".equals(attributeNS2)) {
            bSPEnforcer.handleBSPRule(BSPRule.R5622);
        }
        String attributeNS3 = element.getAttributeNS(null, "Encoding");
        if (attributeNS3 != null && !"".equals(attributeNS3)) {
            bSPEnforcer.handleBSPRule(BSPRule.R5623);
        }
        String attributeNS4 = element.getAttributeNS(null, "Recipient");
        if (attributeNS4 != null && !"".equals(attributeNS4)) {
            bSPEnforcer.handleBSPRule(BSPRule.R5602);
        }
        if ("http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(str) || "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(str) || "http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str)) {
            return;
        }
        bSPEnforcer.handleBSPRule(BSPRule.R5621);
    }
}
