package org.apache.ws.security.message;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.PKIPathSecurity;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/ws/security/message/WSSecSignature.class */
public class WSSecSignature extends WSSecBase {
    private static Log log;
    private String customTokenValueType;
    private String customTokenId;
    static Class class$org$apache$ws$security$message$WSSecSignature;
    protected boolean useSingleCert = true;
    protected String sigAlgo = null;
    protected String canonAlgo = WSConstants.C14N_EXCL_OMIT_COMMENTS;
    protected WSSecUsernameToken usernameToken = null;
    protected byte[] signatureValue = null;
    protected Document document = null;
    private Crypto crypto = null;
    protected WSDocInfo wsDocInfo = null;
    protected String certUri = null;
    protected XMLSignature sig = null;
    protected KeyInfo keyInfo = null;
    protected String keyInfoUri = null;
    protected SecurityTokenReference secRef = null;
    protected String strUri = null;
    private byte[] secretKey = null;
    private String encrKeySha1value = null;
    protected BinarySecurity bstToken = null;
    private String digestAlgo = "http://www.w3.org/2000/09/xmldsig#sha1";
    private X509Certificate useThisCert = null;

    public void setUseSingleCertificate(boolean z) {
        this.useSingleCert = z;
    }

    public boolean isUseSingleCertificate() {
        return this.useSingleCert;
    }

    public void setSignatureAlgorithm(String str) {
        this.sigAlgo = str;
    }

    public String getSignatureAlgorithm() {
        return this.sigAlgo;
    }

    public void setSigCanonicalization(String str) {
        this.canonAlgo = str;
    }

    public String getSigCanonicalization() {
        return this.canonAlgo;
    }

    public String getDigestAlgo() {
        return this.digestAlgo;
    }

    public void setDigestAlgo(String str) {
        this.digestAlgo = str;
    }

    public void setUsernameToken(WSSecUsernameToken wSSecUsernameToken) {
        this.usernameToken = wSSecUsernameToken;
    }

    public byte[] getSignatureValue() {
        return this.signatureValue;
    }

    public String getId() {
        if (this.sig == null) {
            return null;
        }
        return this.sig.getId();
    }

    public String getBSTTokenId() {
        if (this.bstToken == null) {
            return null;
        }
        return this.bstToken.getID();
    }

    public void prepare(Document document, Crypto crypto, WSSecHeader wSSecHeader) throws WSSecurityException {
        this.crypto = crypto;
        this.document = document;
        this.wsDocInfo = new WSDocInfo(document);
        this.wsDocInfo.setCrypto(crypto);
        X509Certificate[] x509CertificateArr = null;
        if (this.keyIdentifierType != 7 && this.keyIdentifierType != 9 && this.keyIdentifierType != 11 && this.keyIdentifierType != 10 && this.keyIdentifierType != 12) {
            x509CertificateArr = this.useThisCert == null ? this.crypto.getCertificates(this.user) : new X509Certificate[]{this.useThisCert};
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                throw new WSSecurityException(0, "noUserCertsFound", new Object[]{this.user, "signature"});
            }
            this.certUri = this.wssConfig.getIdAllocator().createSecureId("CertId-", x509CertificateArr[0]);
            if (this.sigAlgo == null) {
                String algorithm = x509CertificateArr[0].getPublicKey().getAlgorithm();
                log.debug(new StringBuffer().append("automatic sig algo detection: ").append(algorithm).toString());
                if (algorithm.equalsIgnoreCase("DSA")) {
                    this.sigAlgo = WSConstants.DSA;
                } else {
                    if (!algorithm.equalsIgnoreCase("RSA")) {
                        throw new WSSecurityException(0, "unknownSignatureAlgorithm", new Object[]{algorithm});
                    }
                    this.sigAlgo = WSConstants.RSA;
                }
            }
        }
        if (this.canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
            Element createElementInSignatureSpace = XMLUtils.createElementInSignatureSpace(document, "CanonicalizationMethod");
            createElementInSignatureSpace.setAttributeNS(null, "Algorithm", this.canonAlgo);
            if (this.wssConfig.isWsiBSPCompliant()) {
                createElementInSignatureSpace.appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(wSSecHeader.getSecurityHeader(), false)).getElement());
            }
            try {
                this.sig = new XMLSignature(document, (String) null, new SignatureAlgorithm(document, this.sigAlgo).getElement(), createElementInSignatureSpace);
            } catch (XMLSecurityException e) {
                log.error("", e);
                throw new WSSecurityException(10, "noXMLSig", null, e);
            }
        } else {
            try {
                this.sig = new XMLSignature(document, (String) null, this.sigAlgo, this.canonAlgo);
            } catch (XMLSecurityException e2) {
                log.error("", e2);
                throw new WSSecurityException(10, "noXMLSig", null, e2);
            }
        }
        this.sig.addResourceResolver(new EnvelopeIdResolver(this.wsDocInfo));
        this.sig.setId(this.wssConfig.getIdAllocator().createId("Signature-", this.sig));
        this.keyInfo = this.sig.getKeyInfo();
        this.keyInfoUri = this.wssConfig.getIdAllocator().createSecureId("KeyId-", this.keyInfo);
        this.keyInfo.setId(this.keyInfoUri);
        this.secRef = new SecurityTokenReference(document);
        this.strUri = this.wssConfig.getIdAllocator().createSecureId("STRId-", this.secRef);
        this.secRef.setID(this.strUri);
        switch (this.keyIdentifierType) {
            case 1:
                Reference reference = new Reference(this.document);
                reference.setURI(new StringBuffer().append("#").append(this.certUri).toString());
                if (this.useSingleCert) {
                    this.bstToken = new X509Security(this.document);
                    ((X509Security) this.bstToken).setX509Certificate(x509CertificateArr[0]);
                } else {
                    this.bstToken = new PKIPathSecurity(this.document);
                    ((PKIPathSecurity) this.bstToken).setX509Certificates(x509CertificateArr, false, this.crypto);
                }
                reference.setValueType(this.bstToken.getValueType());
                this.secRef.setReference(reference);
                this.bstToken.setID(this.certUri);
                this.wsDocInfo.setBst(this.bstToken.getElement());
                break;
            case 2:
                XMLX509IssuerSerial xMLX509IssuerSerial = new XMLX509IssuerSerial(this.document, x509CertificateArr[0]);
                X509Data x509Data = new X509Data(this.document);
                x509Data.add(xMLX509IssuerSerial);
                this.secRef.setX509IssuerSerial(x509Data);
                break;
            case 3:
                this.secRef.setKeyIdentifier(x509CertificateArr[0]);
                break;
            case 4:
                this.secRef.setKeyIdentifierSKI(x509CertificateArr[0], this.crypto);
                break;
            case 5:
            case 6:
            default:
                throw new WSSecurityException(0, "unsupportedKeyId");
            case 7:
                Reference reference2 = new Reference(this.document);
                reference2.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
                reference2.setURI(new StringBuffer().append("#").append(this.usernameToken.getId()).toString());
                this.secRef.setReference(reference2);
                this.secretKey = this.usernameToken.getSecretKey();
                break;
            case 8:
                this.secRef.setKeyIdentifierThumb(x509CertificateArr[0]);
                break;
            case 9:
                Reference reference3 = new Reference(this.document);
                reference3.setValueType(this.customTokenValueType);
                reference3.setURI(new StringBuffer().append("#").append(this.customTokenId).toString());
                this.secRef.setReference(reference3);
                break;
            case 10:
                if (this.encrKeySha1value == null) {
                    this.secRef.setKeyIdentifierEncKeySHA1(getSHA1(this.secretKey));
                    break;
                } else {
                    this.secRef.setKeyIdentifierEncKeySHA1(this.encrKeySha1value);
                    break;
                }
            case WSConstants.CUSTOM_SYMM_SIGNING_DIRECT /* 11 */:
                Reference reference4 = new Reference(this.document);
                reference4.setValueType(this.customTokenValueType);
                reference4.setURI(this.customTokenId);
                this.secRef.setReference(reference4);
                break;
            case WSConstants.CUSTOM_KEY_IDENTIFIER /* 12 */:
                this.secRef.setKeyIdentifier(this.customTokenValueType, this.customTokenId);
                break;
            case WSConstants.KEY_VALUE /* 13 */:
                PublicKey publicKey = x509CertificateArr[0].getPublicKey();
                String algorithm2 = publicKey.getAlgorithm();
                if (algorithm2.equalsIgnoreCase("DSA")) {
                    this.keyInfo.add(new DSAKeyValue(this.document, publicKey));
                    break;
                } else {
                    if (!algorithm2.equalsIgnoreCase("RSA")) {
                        throw new WSSecurityException(0, "unknownSignatureAlgorithm", new Object[]{algorithm2});
                    }
                    this.keyInfo.add(new RSAKeyValue(this.document, publicKey));
                    break;
                }
        }
        if (this.keyIdentifierType != 13) {
            this.keyInfo.addUnknownElement(this.secRef.getElement());
            this.wsDocInfo.setSecurityTokenReference(this.secRef.getElement());
        }
    }

    public void addReferencesToSign(Vector vector, WSSecHeader wSSecHeader) throws WSSecurityException {
        Element documentElement = this.document.getDocumentElement();
        for (int i = 0; i < vector.size(); i++) {
            WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) vector.get(i);
            String id = wSEncryptionPart.getId();
            String name = wSEncryptionPart.getName();
            String namespace = wSEncryptionPart.getNamespace();
            Transforms transforms = new Transforms(this.document);
            if (id != null) {
                try {
                    Element findElementById = WSSecurityUtil.findElementById(this.document.getDocumentElement(), id, WSConstants.WSU_NS);
                    if (findElementById == null) {
                        findElementById = WSSecurityUtil.findElementById(this.document.getDocumentElement(), id, null);
                    }
                    transforms.addTransform(WSConstants.C14N_EXCL_OMIT_COMMENTS);
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(findElementById)).getElement());
                    }
                    this.sig.addDocument(new StringBuffer().append("#").append(id).toString(), transforms, this.digestAlgo);
                } catch (TransformationException e) {
                    throw new WSSecurityException(10, "noXMLSig", null, e);
                } catch (XMLSignatureException e2) {
                    throw new WSSecurityException(10, "noXMLSig", null, e2);
                }
            } else if (name.equals("Token")) {
                transforms.addTransform(WSConstants.C14N_EXCL_OMIT_COMMENTS);
                if (this.keyIdentifierType == 1) {
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(wSSecHeader.getSecurityHeader())).getElement());
                    }
                    this.sig.addDocument(new StringBuffer().append("#").append(this.certUri).toString(), transforms, this.digestAlgo);
                } else {
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(this.keyInfo.getElement())).getElement());
                    }
                    this.sig.addDocument(new StringBuffer().append("#").append(this.keyInfoUri).toString(), transforms, this.digestAlgo);
                }
            } else if (name.equals("STRTransform")) {
                transforms.addTransform(STRTransform.implementedTransformURI, createSTRParameter(this.document));
                this.sig.addDocument(new StringBuffer().append("#").append(this.strUri).toString(), transforms, this.digestAlgo);
            } else if (name.equals(WSConstants.ASSERTION_LN)) {
                String assertionId = SAMLUtil.getAssertionId(documentElement, name, namespace);
                Element element = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                if (element == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{new StringBuffer().append(namespace).append(", ").append(name).toString()});
                }
                transforms.addTransform(WSConstants.C14N_EXCL_OMIT_COMMENTS);
                if (this.wssConfig.isWsiBSPCompliant()) {
                    transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(element)).getElement());
                }
                element.setAttributeNS(WSConstants.WSU_NS, new StringBuffer().append(WSSecurityUtil.setNamespace(element, WSConstants.WSU_NS, WSConstants.WSU_PREFIX)).append(":Id").toString(), assertionId);
                this.sig.addDocument(new StringBuffer().append("#").append(assertionId).toString(), transforms, this.digestAlgo);
            } else {
                Element element2 = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                if (element2 == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{new StringBuffer().append(namespace).append(", ").append(name).toString()});
                }
                transforms.addTransform(WSConstants.C14N_EXCL_OMIT_COMMENTS);
                if (this.wssConfig.isWsiBSPCompliant()) {
                    transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(element2)).getElement());
                }
                this.sig.addDocument(new StringBuffer().append("#").append(setWsuId(element2)).toString(), transforms, this.digestAlgo);
            }
        }
    }

    public void prependToHeader(WSSecHeader wSSecHeader) {
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.sig.getElement());
    }

    public void appendToHeader(WSSecHeader wSSecHeader) {
        wSSecHeader.getSecurityHeader().appendChild(this.sig.getElement());
    }

    public void prependBSTElementToHeader(WSSecHeader wSSecHeader) {
        if (this.bstToken != null) {
            WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.bstToken.getElement());
        }
        this.bstToken = null;
    }

    public Element getSignatureElement() {
        return this.sig.getElement();
    }

    public Element getBinarySecurityTokenElement() {
        if (this.bstToken != null) {
            return this.bstToken.getElement();
        }
        return null;
    }

    public void appendBSTElementToHeader(WSSecHeader wSSecHeader) {
        if (this.bstToken != null) {
            wSSecHeader.getSecurityHeader().appendChild(this.bstToken.getElement());
        }
        this.bstToken = null;
    }

    public void computeSignature() throws WSSecurityException {
        boolean store = WSDocInfoStore.store(this.wsDocInfo);
        try {
            try {
                if (this.keyIdentifierType != 7 && this.keyIdentifierType != 9 && this.keyIdentifierType != 11 && this.keyIdentifierType != 12 && this.keyIdentifierType != 10) {
                    this.sig.sign(this.crypto.getPrivateKey(this.user, this.password));
                } else if (this.secretKey == null) {
                    this.sig.sign(this.crypto.getPrivateKey(this.user, this.password));
                } else {
                    this.sig.sign(this.sig.createSecretKey(this.secretKey));
                }
                this.signatureValue = this.sig.getSignatureValue();
                if (store) {
                    WSDocInfoStore.delete(this.wsDocInfo);
                }
            } catch (Exception e) {
                throw new WSSecurityException(10, null, null, e);
            } catch (XMLSignatureException e2) {
                throw new WSSecurityException(10, null, null, e2);
            }
        } catch (Throwable th) {
            if (store) {
                WSDocInfoStore.delete(this.wsDocInfo);
            }
            throw th;
        }
    }

    public Document build(Document document, Crypto crypto, WSSecHeader wSSecHeader) throws WSSecurityException {
        this.doDebug = log.isDebugEnabled();
        if (this.doDebug) {
            log.debug("Beginning signing...");
        }
        prepare(document, crypto, wSSecHeader);
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(document.getDocumentElement());
        if (this.parts == null) {
            this.parts = new Vector();
            this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        }
        addReferencesToSign(this.parts, wSSecHeader);
        prependToHeader(wSSecHeader);
        if (this.bstToken != null) {
            prependBSTElementToHeader(wSSecHeader);
        }
        computeSignature();
        return document;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element createSTRParameter(Document document) {
        Element createElementNS = document.createElementNS(WSConstants.WSSE_NS, "wsse:TransformationParameters");
        WSSecurityUtil.setNamespace(createElementNS, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
        Element createElementNS2 = document.createElementNS(WSConstants.SIG_NS, "ds:CanonicalizationMethod");
        WSSecurityUtil.setNamespace(createElementNS2, WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
        createElementNS2.setAttributeNS(null, "Algorithm", WSConstants.C14N_EXCL_OMIT_COMMENTS);
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set getInclusivePrefixes(Element element) {
        return getInclusivePrefixes(element, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set getInclusivePrefixes(Element element, boolean z) {
        HashSet hashSet = new HashSet();
        Element element2 = element;
        while (!(element2.getParentNode() instanceof Document)) {
            element2 = element2.getParentNode();
            NamedNodeMap attributes = element2.getAttributes();
            for (int i = 0; i < attributes.getLength(); i++) {
                Node item = attributes.item(i);
                if (item.getNamespaceURI() != null && item.getNamespaceURI().equals(WSConstants.XMLNS_NS)) {
                    if (item.getNodeName().equals("xmlns")) {
                        hashSet.add("#default");
                    } else {
                        hashSet.add(item.getLocalName());
                    }
                }
            }
        }
        if (z) {
            NamedNodeMap attributes2 = element.getAttributes();
            for (int i2 = 0; i2 < attributes2.getLength(); i2++) {
                Node item2 = attributes2.item(i2);
                if (item2.getNamespaceURI() != null && item2.getNamespaceURI().equals(WSConstants.XMLNS_NS)) {
                    if (item2.getNodeName().equals("xmlns")) {
                        hashSet.remove("#default");
                    } else {
                        hashSet.remove(item2.getLocalName());
                    }
                }
                if (item2.getPrefix() != null) {
                    hashSet.remove(item2.getPrefix());
                }
            }
            if (element.getPrefix() == null) {
                hashSet.remove("#default");
            } else {
                hashSet.remove(element.getPrefix());
            }
        }
        return hashSet;
    }

    public void setSecretKey(byte[] bArr) {
        this.secretKey = bArr;
    }

    public void setCustomTokenValueType(String str) {
        this.customTokenValueType = str;
    }

    public void setCustomTokenId(String str) {
        this.customTokenId = str;
    }

    public void setEncrKeySha1value(String str) {
        this.encrKeySha1value = str;
    }

    public void setX509Certificate(X509Certificate x509Certificate) {
        this.useThisCert = x509Certificate;
    }

    private String getSHA1(byte[] bArr) throws WSSecurityException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr);
            return Base64.encode(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(2, null, null, e);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$message$WSSecSignature == null) {
            cls = class$("org.apache.ws.security.message.WSSecSignature");
            class$org$apache$ws$security$message$WSSecSignature = cls;
        } else {
            cls = class$org$apache$ws$security$message$WSSecSignature;
        }
        log = LogFactory.getLog(cls.getName());
    }
}
