package org.picketlink.identity.federation.core.util;

import java.io.OutputStream;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.util.Collections;
import javax.security.cert.X509Certificate;
import javax.xml.bind.JAXBException;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamResult;
import org.apache.log4j.Logger;
import org.apache.xml.security.utils.Constants;
import org.jcp.xml.dsig.internal.dom.XMLDSigRI;
import org.openxri.xml.SEPElement;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory;
import org.picketlink.identity.xmlsec.w3.xmldsig.SignatureType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/picketlink-fed-core-1.0.3.CR2.jar:org/picketlink/identity/federation/core/util/XMLSignatureUtil.class */
public class XMLSignatureUtil {
    private static Logger log = Logger.getLogger(XMLSignatureUtil.class);
    private static boolean trace = log.isTraceEnabled();
    private static String pkgName = "org.picketlink.identity.federation.w3.xmldsig";
    private static String schemaLocation = "schema/saml/v2/xmldsig-core-schema.xsd";
    private static ObjectFactory objectFactory = new ObjectFactory();
    private static XMLSignatureFactory fac = getXMLSignatureFactory();

    private static XMLSignatureFactory getXMLSignatureFactory() {
        XMLSignatureFactory xMLSignatureFactory;
        try {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        } catch (Exception e) {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());
        }
        return xMLSignatureFactory;
    }

    public static boolean preCheckSignedInfo(Document document) {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(), Constants._TAG_SIGNEDINFO);
        return elementsByTagNameNS != null && elementsByTagNameNS.getLength() > 0;
    }

    public static Document sign(Document document, Node node, PrivateKey privateKey, X509Certificate x509Certificate, String str, String str2, String str3) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException {
        return sign(document, node, new KeyPair(x509Certificate.getPublicKey(), privateKey), str, str2, str3);
    }

    public static Document sign(Document document, Node node, KeyPair keyPair, String str, String str2, String str3) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException {
        if (node == null) {
            throw new IllegalArgumentException("Node to be signed is null");
        }
        if (trace) {
            log.trace("Document to be signed=" + DocumentUtil.asString(document));
        }
        Node parentNode = node.getParentNode();
        Document createDocument = DocumentUtil.createDocument();
        createDocument.appendChild(createDocument.importNode(node, true));
        parentNode.replaceChild(document.importNode(sign(createDocument, keyPair, str, str2, str3).getFirstChild(), true), node);
        return document;
    }

    public static Document sign(Document document, KeyPair keyPair, String str, String str2, String str3) throws GeneralSecurityException, MarshalException, XMLSignatureException {
        if (trace) {
            log.trace("Document to be signed=" + DocumentUtil.asString(document));
        }
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        DOMSignContext dOMSignContext = new DOMSignContext(privateKey, document.getDocumentElement());
        dOMSignContext.setDefaultNamespacePrefix("dsig");
        Reference newReference = fac.newReference(str3, fac.newDigestMethod(str, null), Collections.singletonList(fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), null, null);
        SignedInfo newSignedInfo = fac.newSignedInfo(fac.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#WithComments", (C14NMethodParameterSpec) null), fac.newSignatureMethod(str2, null), Collections.singletonList(newReference));
        KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory();
        fac.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue(publicKey)))).sign(dOMSignContext);
        return document;
    }

    public static boolean validate(Document document, Key key) throws MarshalException, XMLSignatureException {
        if (document == null) {
            throw new IllegalArgumentException("Signed Document is null");
        }
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
            throw new IllegalArgumentException("Cannot find Signature element");
        }
        if (key == null) {
            throw new IllegalArgumentException("Public Key is null");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(key, elementsByTagNameNS.item(0));
        XMLSignature unmarshalXMLSignature = fac.unmarshalXMLSignature(dOMValidateContext);
        boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
        if (trace && !validate) {
            log.trace("Signature validation status: " + unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext));
            for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                log.trace("[Ref id=" + reference.getId() + ":uri=" + reference.getURI() + "]validity status:" + reference.validate(dOMValidateContext));
            }
        }
        return validate;
    }

    public static void marshall(SignatureType signatureType, OutputStream outputStream) throws JAXBException, SAXException {
        JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation).marshal(objectFactory.createSignature(signatureType), outputStream);
    }

    public static void marshall(Document document, OutputStream outputStream) throws TransformerException {
        TransformerFactory.newInstance().newTransformer().transform(DocumentUtil.getXMLSource(document), new StreamResult(outputStream));
    }

    static {
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.picketlink.identity.federation.core.util.XMLSignatureUtil.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                System.setProperty("org.apache.xml.security.ignoreLineBreaks", SEPElement.SELECT_ATTR_TRUE);
                return null;
            }
        });
    }
}
