package org.apache.wss4j.dom.message;

import java.security.NoSuchProviderException;
import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.transform.STRTransform;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-406.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-dom-2.1.7.jar:org/apache/wss4j/dom/message/WSSecDKSign.class */
public class WSSecDKSign extends WSSecDerivedKeyBase {
    private static final Logger LOG = LoggerFactory.getLogger(WSSecDKSign.class);
    private byte[] signatureValue;
    private String keyInfoUri;
    private SecurityTokenReference secRef;
    private String strUri;
    private WSDocInfo wsDocInfo;
    private XMLSignatureFactory signatureFactory;
    private XMLSignature sig;
    private KeyInfo keyInfo;
    private CanonicalizationMethod c14nMethod;
    private Element securityHeader;
    private String sigAlgo = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
    private String digestAlgo = "http://www.w3.org/2000/09/xmldsig#sha1";
    private String canonAlgo = "http://www.w3.org/2001/10/xml-exc-c14n#";
    private int derivedKeyLength = -1;
    private boolean addInclusivePrefixes = true;

    public WSSecDKSign() {
        init();
    }

    private void init() {
        try {
            this.signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
        } catch (NoSuchProviderException e) {
            this.signatureFactory = XMLSignatureFactory.getInstance("DOM");
        }
    }

    public Document build(Document document, WSSecHeader wSSecHeader) throws WSSecurityException {
        prepare(document, wSSecHeader);
        if (getParts().isEmpty()) {
            getParts().add(WSSecurityUtil.getDefaultEncryptionPart(this.document));
        } else {
            for (WSEncryptionPart wSEncryptionPart : getParts()) {
                if ("STRTransform".equals(wSEncryptionPart.getName()) && wSEncryptionPart.getId() == null) {
                    wSEncryptionPart.setId(this.strUri);
                }
            }
        }
        computeSignature(addReferencesToSign(getParts(), wSSecHeader));
        prependDKElementToHeader(wSSecHeader);
        return document;
    }

    public void prepare(Document document, WSSecHeader wSSecHeader) throws WSSecurityException {
        super.prepare(document);
        this.wsDocInfo = new WSDocInfo(document);
        this.securityHeader = wSSecHeader.getSecurityHeader();
        this.sig = null;
        try {
            ExcC14NParameterSpec excC14NParameterSpec = null;
            if (this.addInclusivePrefixes && this.canonAlgo.equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
                excC14NParameterSpec = new ExcC14NParameterSpec(getInclusivePrefixes(wSSecHeader.getSecurityHeader(), false));
            }
            this.c14nMethod = this.signatureFactory.newCanonicalizationMethod(this.canonAlgo, excC14NParameterSpec);
            this.keyInfoUri = getIdAllocator().createSecureId("KI-", this.keyInfo);
            this.secRef = new SecurityTokenReference(document);
            this.strUri = getIdAllocator().createSecureId("STR-", this.secRef);
            this.secRef.setID(this.strUri);
            Reference reference = new Reference(this.document);
            reference.setURI("#" + getId());
            reference.setValueType(ConversationConstants.getWSCNs(getWscVersion()) + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN);
            this.secRef.setReference(reference);
            DOMStructure dOMStructure = new DOMStructure(this.secRef.getElement());
            this.wsDocInfo.addTokenElement(this.secRef.getElement(), false);
            this.keyInfo = this.signatureFactory.getKeyInfoFactory().newKeyInfo(Collections.singletonList(dOMStructure), this.keyInfoUri);
        } catch (Exception e) {
            LOG.error("", e);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e, "noXMLSig");
        }
    }

    public Element getSignatureElement() {
        return XMLUtils.getDirectChildElement(this.securityHeader, "Signature", "http://www.w3.org/2000/09/xmldsig#");
    }

    public List<javax.xml.crypto.dsig.Reference> addReferencesToSign(List<WSEncryptionPart> list, WSSecHeader wSSecHeader) throws WSSecurityException {
        return addReferencesToSign(this.document, list, this.wsDocInfo, this.signatureFactory, wSSecHeader, this.addInclusivePrefixes, this.digestAlgo);
    }

    public void computeSignature(List<javax.xml.crypto.dsig.Reference> list) throws WSSecurityException {
        computeSignature(list, true, null);
    }

    public void computeSignature(List<javax.xml.crypto.dsig.Reference> list, boolean z, Element element) throws WSSecurityException {
        DOMSignContext dOMSignContext;
        try {
            SecretKey derivedKey = getDerivedKey(this.sigAlgo);
            this.sig = this.signatureFactory.newXMLSignature(this.signatureFactory.newSignedInfo(this.c14nMethod, this.signatureFactory.newSignatureMethod(this.sigAlgo, (SignatureMethodParameterSpec) null), list), this.keyInfo, (List) null, getIdAllocator().createId("SIG-", null), (String) null);
            if (z) {
                if (element == null) {
                    element = (Element) this.securityHeader.getFirstChild();
                }
                dOMSignContext = element == null ? new DOMSignContext(derivedKey, this.securityHeader) : new DOMSignContext(derivedKey, this.securityHeader, element);
            } else {
                dOMSignContext = new DOMSignContext(derivedKey, this.securityHeader);
            }
            dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            if ("http://www.w3.org/2001/10/xml-exc-c14n#".equals(this.canonAlgo)) {
                dOMSignContext.putNamespacePrefix("http://www.w3.org/2001/10/xml-exc-c14n#", WSS4JConstants.C14N_EXCL_OMIT_COMMENTS_PREFIX);
            }
            dOMSignContext.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, this.wsDocInfo);
            this.wsDocInfo.setCallbackLookup(this.callbackLookup);
            this.wsDocInfo.setTokensOnContext(dOMSignContext);
            this.sig.sign(dOMSignContext);
            this.signatureValue = this.sig.getSignatureValue().getValue();
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
        }
    }

    @Override // org.apache.wss4j.dom.message.WSSecDerivedKeyBase
    protected int getDerivedKeyLength() throws WSSecurityException {
        return this.derivedKeyLength > 0 ? this.derivedKeyLength : KeyUtils.getKeyLength(this.sigAlgo);
    }

    public void setDerivedKeyLength(int i) {
        this.derivedKeyLength = i;
    }

    public void setSignatureAlgorithm(String str) {
        this.sigAlgo = str;
    }

    public String getSignatureAlgorithm() {
        return this.sigAlgo;
    }

    public String getSignatureId() {
        if (this.sig == null) {
            return null;
        }
        return this.sig.getId();
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlgo = str;
    }

    public String getDigestAlgorithm() {
        return this.digestAlgo;
    }

    public byte[] getSignatureValue() {
        return this.signatureValue;
    }

    public void setSigCanonicalization(String str) {
        this.canonAlgo = str;
    }

    public String getSigCanonicalization() {
        return this.canonAlgo;
    }

    public boolean isAddInclusivePrefixes() {
        return this.addInclusivePrefixes;
    }

    public void setAddInclusivePrefixes(boolean z) {
        this.addInclusivePrefixes = z;
    }
}
