package org.apache.ws.security.saml;

import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.EnvelopeIdResolver;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
import org.opensaml.SAMLObject;
import org.opensaml.SAMLSubject;
import org.opensaml.SAMLSubjectStatement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/wss4j-1.5.5.jar:org/apache/ws/security/saml/WSSecSignatureSAML.class */
public class WSSecSignatureSAML extends WSSecSignature {
    private static Log log;
    private boolean senderVouches = false;
    private SecurityTokenReference secRefSaml = null;
    private Element samlToken = null;
    private Crypto userCrypto = null;
    private Crypto issuerCrypto = null;
    private String issuerKeyName = null;
    private String issuerKeyPW = null;
    static Class class$org$apache$ws$security$saml$WSSecSignatureSAML;

    public Document build(Document document, Crypto crypto, SAMLAssertion sAMLAssertion, Crypto crypto2, String str, String str2, WSSecHeader wSSecHeader) throws WSSecurityException {
        prepare(document, crypto, sAMLAssertion, crypto2, str, str2, wSSecHeader);
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(document.getDocumentElement());
        if (this.parts == null) {
            this.parts = new Vector();
            this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        }
        addReferencesToSign(this.parts, wSSecHeader);
        prependToHeader(wSSecHeader);
        if (this.bstToken != null) {
            prependBSTElementToHeader(wSSecHeader);
        }
        prependSAMLElementsToHeader(wSSecHeader);
        computeSignature();
        return document;
    }

    public void prepare(Document document, Crypto crypto, SAMLAssertion sAMLAssertion, Crypto crypto2, String str, String str2, WSSecHeader wSSecHeader) throws WSSecurityException {
        this.doDebug = log.isDebugEnabled();
        if (this.doDebug) {
            log.debug("Beginning ST signing...");
        }
        this.userCrypto = crypto;
        this.issuerCrypto = crypto2;
        this.document = document;
        this.issuerKeyName = str;
        this.issuerKeyPW = str2;
        SAMLSubjectStatement sAMLSubjectStatement = null;
        Iterator statements = sAMLAssertion.getStatements();
        while (true) {
            if (!statements.hasNext()) {
                break;
            }
            SAMLObject sAMLObject = (SAMLObject) statements.next();
            if (sAMLObject instanceof SAMLSubjectStatement) {
                sAMLSubjectStatement = (SAMLSubjectStatement) sAMLObject;
                break;
            }
        }
        SAMLSubject sAMLSubject = null;
        if (sAMLSubjectStatement != null) {
            sAMLSubject = sAMLSubjectStatement.getSubject();
        }
        if (sAMLSubject == null) {
            throw new WSSecurityException(0, "invalidSAMLToken", new Object[]{"for Signature"});
        }
        String str3 = null;
        Iterator confirmationMethods = sAMLSubject.getConfirmationMethods();
        if (confirmationMethods.hasNext()) {
            str3 = (String) confirmationMethods.next();
        }
        if (SAMLSubject.CONF_SENDER_VOUCHES.equals(str3)) {
            this.senderVouches = true;
        }
        this.wsDocInfo = new WSDocInfo(document.hashCode());
        X509Certificate[] x509CertificateArr = null;
        if (this.senderVouches) {
            x509CertificateArr = this.issuerCrypto.getCertificates(this.issuerKeyName);
            this.wsDocInfo.setCrypto(this.issuerCrypto);
        } else {
            if (this.userCrypto == null || !sAMLAssertion.isSigned()) {
                throw new WSSecurityException(0, "invalidSAMLsecurity", new Object[]{"for SAML Signature (Key Holder)"});
            }
            try {
                KeyInfo keyInfo = new KeyInfo(sAMLSubject.getKeyInfo(), null);
                if (keyInfo.containsX509Data()) {
                    X509Data itemX509Data = keyInfo.itemX509Data(0);
                    XMLX509Certificate xMLX509Certificate = null;
                    if (itemX509Data != null && itemX509Data.containsCertificate()) {
                        xMLX509Certificate = itemX509Data.itemCertificate(0);
                    }
                    if (xMLX509Certificate != null) {
                        x509CertificateArr = new X509Certificate[]{xMLX509Certificate.getX509Certificate()};
                    }
                }
                this.wsDocInfo.setCrypto(this.userCrypto);
            } catch (XMLSecurityException e) {
                throw new WSSecurityException(0, "invalidSAMLsecurity", new Object[]{"cannot get certificate (key holder)"}, e);
            }
        }
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            throw new WSSecurityException(0, "noCertsFound", new Object[]{"SAML signature"});
        }
        if (this.sigAlgo == null) {
            String algorithm = x509CertificateArr[0].getPublicKey().getAlgorithm();
            log.debug(new StringBuffer().append("automatic sig algo detection: ").append(algorithm).toString());
            if (algorithm.equalsIgnoreCase("DSA")) {
                this.sigAlgo = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
            } else {
                if (!algorithm.equalsIgnoreCase("RSA")) {
                    throw new WSSecurityException(0, "unknownSignatureAlgorithm", new Object[]{algorithm});
                }
                this.sigAlgo = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            }
        }
        this.sig = null;
        if (this.canonAlgo.equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
            Element createElementInSignatureSpace = XMLUtils.createElementInSignatureSpace(document, Constants._TAG_CANONICALIZATIONMETHOD);
            createElementInSignatureSpace.setAttributeNS(null, "Algorithm", this.canonAlgo);
            if (this.wssConfig.isWsiBSPCompliant()) {
                createElementInSignatureSpace.appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(wSSecHeader.getSecurityHeader(), false)).getElement());
            }
            try {
                this.sig = new XMLSignature(document, (String) null, new SignatureAlgorithm(document, this.sigAlgo).getElement(), createElementInSignatureSpace);
            } catch (XMLSecurityException e2) {
                log.error("", e2);
                throw new WSSecurityException(10, "noXMLSig", null, e2);
            }
        } else {
            try {
                this.sig = new XMLSignature(document, (String) null, this.sigAlgo, this.canonAlgo);
            } catch (XMLSecurityException e3) {
                log.error("", e3);
                throw new WSSecurityException(10, "noXMLSig", null, e3);
            }
        }
        this.sig.addResourceResolver(EnvelopeIdResolver.getInstance());
        this.sig.setId(new StringBuffer().append("Signature-").append(this.sig.hashCode()).toString());
        this.keyInfo = this.sig.getKeyInfo();
        this.keyInfoUri = new StringBuffer().append("KeyId-").append(this.keyInfo.hashCode()).toString();
        this.keyInfo.setId(this.keyInfoUri);
        this.secRef = new SecurityTokenReference(document);
        this.strUri = new StringBuffer().append("STRId-").append(this.secRef.hashCode()).toString();
        this.secRef.setID(this.strUri);
        this.certUri = new StringBuffer().append("CertId-").append(x509CertificateArr[0].hashCode()).toString();
        try {
            if (this.senderVouches) {
                this.secRefSaml = new SecurityTokenReference(document);
                String stringBuffer = new StringBuffer().append("STRSAMLId-").append(this.secRefSaml.hashCode()).toString();
                this.secRefSaml.setID(stringBuffer);
                Reference reference = new Reference(document);
                reference.setURI(new StringBuffer().append("#").append(sAMLAssertion.getId()).toString());
                reference.setValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertion-1.1");
                this.secRefSaml.setReference(reference);
                Element createSTRParameter = createSTRParameter(document);
                Transforms transforms = new Transforms(document);
                transforms.addTransform(STRTransform.implementedTransformURI, createSTRParameter);
                this.sig.addDocument(new StringBuffer().append("#").append(stringBuffer).toString(), transforms);
            }
            switch (this.keyIdentifierType) {
                case 1:
                    Reference reference2 = new Reference(document);
                    if (this.senderVouches) {
                        reference2.setURI(new StringBuffer().append("#").append(this.certUri).toString());
                        this.bstToken = new X509Security(document);
                        ((X509Security) this.bstToken).setX509Certificate(x509CertificateArr[0]);
                        this.bstToken.setID(this.certUri);
                        this.wsDocInfo.setBst(this.bstToken.getElement());
                        reference2.setValueType(this.bstToken.getValueType());
                    } else {
                        reference2.setURI(new StringBuffer().append("#").append(sAMLAssertion.getId()).toString());
                        reference2.setValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertion-1.1");
                    }
                    this.secRef.setReference(reference2);
                    this.keyInfo.addUnknownElement(this.secRef.getElement());
                    this.keyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
                    try {
                        this.samlToken = (Element) sAMLAssertion.toDOM(document);
                        this.wsDocInfo.setAssertion(this.samlToken);
                        return;
                    } catch (SAMLException e4) {
                        throw new WSSecurityException(10, "noSAMLdoc", null, e4);
                    }
                default:
                    throw new WSSecurityException(0, "unsupportedKeyId");
            }
        } catch (XMLSignatureException e5) {
            throw new WSSecurityException(10, "noXMLSig", null, e5);
        } catch (TransformationException e6) {
            throw new WSSecurityException(10, "noXMLSig", null, e6);
        }
    }

    public void prependSAMLElementsToHeader(WSSecHeader wSSecHeader) {
        if (this.senderVouches) {
            WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.secRefSaml.getElement());
        }
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.samlToken);
    }

    @Override // org.apache.ws.security.message.WSSecSignature
    public void addReferencesToSign(Vector vector, WSSecHeader wSSecHeader) throws WSSecurityException {
        Element documentElement = this.document.getDocumentElement();
        for (int i = 0; i < this.parts.size(); i++) {
            WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) vector.get(i);
            String id = wSEncryptionPart.getId();
            String name = wSEncryptionPart.getName();
            String namespace = wSEncryptionPart.getNamespace();
            Transforms transforms = new Transforms(this.document);
            if (id != null) {
                try {
                    Element findElementById = WSSecurityUtil.findElementById(this.document.getDocumentElement(), id, WSConstants.WSU_NS);
                    if (findElementById == null) {
                        findElementById = WSSecurityUtil.findElementById(this.document.getDocumentElement(), id, null);
                    }
                    transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(findElementById)).getElement());
                    }
                    this.sig.addDocument(new StringBuffer().append("#").append(id).toString(), transforms);
                } catch (XMLSignatureException e) {
                    throw new WSSecurityException(10, "noXMLSig", null, e);
                } catch (TransformationException e2) {
                    throw new WSSecurityException(10, "noXMLSig", null, e2);
                }
            } else {
                if (name.equals("Token")) {
                    transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                    if (this.keyIdentifierType == 1) {
                        if (this.wssConfig.isWsiBSPCompliant()) {
                            transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(wSSecHeader.getSecurityHeader())).getElement());
                        }
                        this.sig.addDocument(new StringBuffer().append("#").append(this.certUri).toString(), transforms);
                    } else {
                        if (this.wssConfig.isWsiBSPCompliant()) {
                            transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(this.keyInfo.getElement())).getElement());
                        }
                        this.sig.addDocument(new StringBuffer().append("#").append(this.keyInfoUri).toString(), transforms);
                    }
                } else if (name.equals("STRTransform")) {
                    transforms.addTransform(STRTransform.implementedTransformURI, createSTRParameter(this.document));
                    this.sig.addDocument(new StringBuffer().append("#").append(this.strUri).toString(), transforms);
                } else {
                    Element element = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                    if (element == null) {
                        throw new WSSecurityException(0, "noEncElement", new Object[]{new StringBuffer().append(namespace).append(", ").append(name).toString()});
                    }
                    transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(element)).getElement());
                    }
                    this.sig.addDocument(new StringBuffer().append("#").append(setWsuId(element)).toString(), transforms);
                }
            }
        }
    }

    @Override // org.apache.ws.security.message.WSSecSignature
    public void computeSignature() throws WSSecurityException {
        WSDocInfoStore.store(this.wsDocInfo);
        try {
            try {
                try {
                    if (this.senderVouches) {
                        this.sig.sign(this.issuerCrypto.getPrivateKey(this.issuerKeyName, this.issuerKeyPW));
                    } else {
                        this.sig.sign(this.userCrypto.getPrivateKey(this.user, this.password));
                    }
                    this.signatureValue = this.sig.getSignatureValue();
                    WSDocInfoStore.delete(this.wsDocInfo);
                } catch (XMLSignatureException e) {
                    throw new WSSecurityException(10, null, null, e);
                }
            } catch (Exception e2) {
                throw new WSSecurityException(10, null, null, e2);
            }
        } catch (Throwable th) {
            WSDocInfoStore.delete(this.wsDocInfo);
            throw th;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$saml$WSSecSignatureSAML == null) {
            cls = class$("org.apache.ws.security.saml.WSSecSignatureSAML");
            class$org$apache$ws$security$saml$WSSecSignatureSAML = cls;
        } else {
            cls = class$org$apache$ws$security$saml$WSSecSignatureSAML;
        }
        log = LogFactory.getLog(cls.getName());
    }
}
