package org.apache.xml.security.stax.impl.processor.input;

import java.io.IOException;
import java.io.OutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Deque;
import java.util.HashMap;
import java.util.Iterator;
import javax.xml.bind.JAXBElement;
import javax.xml.stream.XMLStreamException;
import org.apache.xml.security.binding.excc14n.InclusiveNamespaces;
import org.apache.xml.security.binding.xmldsig.CanonicalizationMethodType;
import org.apache.xml.security.binding.xmldsig.SignatureType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InboundSecurityContext;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.Transformer;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithmFactory;
import org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_Excl;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.impl.util.SignerOutputStream;
import org.apache.xml.security.stax.impl.util.UnsynchronizedBufferedOutputStream;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-441.zip:modules/system/layers/fuse/org/apache/santuario/xmlsec/2.0/xmlsec-2.0.6.jar:org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.class */
public abstract class AbstractSignatureInputHandler extends AbstractInputSecurityHeaderHandler {

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-441.zip:modules/system/layers/fuse/org/apache/santuario/xmlsec/2.0/xmlsec-2.0.6.jar:org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler$SignatureVerifier.class */
    public abstract class SignatureVerifier {
        private final SignatureType signatureType;
        private final InboundSecurityToken inboundSecurityToken;
        private SignerOutputStream signerOutputStream;
        private OutputStream bufferedSignerOutputStream;
        private Transformer transformer;

        public SignatureVerifier(SignatureType signatureType, InboundSecurityContext inboundSecurityContext, XMLSecurityProperties xMLSecurityProperties) throws XMLSecurityException {
            this.signatureType = signatureType;
            InboundSecurityToken retrieveSecurityToken = retrieveSecurityToken(signatureType, xMLSecurityProperties, inboundSecurityContext);
            this.inboundSecurityToken = retrieveSecurityToken;
            createSignatureAlgorithm(retrieveSecurityToken, signatureType);
        }

        protected abstract InboundSecurityToken retrieveSecurityToken(SignatureType signatureType, XMLSecurityProperties xMLSecurityProperties, InboundSecurityContext inboundSecurityContext) throws XMLSecurityException;

        public InboundSecurityToken getInboundSecurityToken() {
            return this.inboundSecurityToken;
        }

        protected void createSignatureAlgorithm(InboundSecurityToken inboundSecurityToken, SignatureType signatureType) throws XMLSecurityException {
            String algorithm = signatureType.getSignedInfo().getSignatureMethod().getAlgorithm();
            Key publicKey = inboundSecurityToken.isAsymmetric() ? inboundSecurityToken.getPublicKey(algorithm, XMLSecurityConstants.Asym_Sig, signatureType.getId()) : XMLSecurityUtils.prepareSecretKey(algorithm, inboundSecurityToken.getSecretKey(algorithm, XMLSecurityConstants.Sym_Sig, signatureType.getId()).getEncoded());
            try {
                SignatureAlgorithm signatureAlgorithm = SignatureAlgorithmFactory.getInstance().getSignatureAlgorithm(algorithm);
                signatureAlgorithm.engineInitVerify(publicKey);
                this.signerOutputStream = new SignerOutputStream(signatureAlgorithm);
                this.bufferedSignerOutputStream = new UnsynchronizedBufferedOutputStream(this.signerOutputStream);
                CanonicalizationMethodType canonicalizationMethod = signatureType.getSignedInfo().getCanonicalizationMethod();
                InclusiveNamespaces inclusiveNamespaces = (InclusiveNamespaces) XMLSecurityUtils.getQNameType(canonicalizationMethod.getContent(), XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
                HashMap hashMap = null;
                if (inclusiveNamespaces != null) {
                    hashMap = new HashMap();
                    hashMap.put(Canonicalizer20010315_Excl.INCLUSIVE_NAMESPACES_PREFIX_LIST, inclusiveNamespaces.getPrefixList());
                }
                this.transformer = XMLSecurityUtils.getTransformer(null, this.bufferedSignerOutputStream, hashMap, canonicalizationMethod.getAlgorithm(), XMLSecurityConstants.DIRECTION.IN);
            } catch (NoSuchAlgorithmException e) {
                throw new XMLSecurityException(e);
            } catch (NoSuchProviderException e2) {
                throw new XMLSecurityException(e2);
            }
        }

        protected void processEvent(XMLSecEvent xMLSecEvent) throws XMLStreamException {
            this.transformer.transform(xMLSecEvent);
        }

        protected void doFinal() throws XMLSecurityException {
            try {
                this.transformer.doFinal();
                this.bufferedSignerOutputStream.close();
                if (!this.signerOutputStream.verify(this.signatureType.getSignatureValue().getValue())) {
                    throw new XMLSecurityException("errorMessages.InvalidSignatureValueException");
                }
            } catch (IOException e) {
                throw new XMLSecurityException(e);
            } catch (XMLStreamException e2) {
                throw new XMLSecurityException(e2);
            }
        }
    }

    @Override // org.apache.xml.security.stax.ext.XMLSecurityHeaderHandler
    public void handle(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, Integer num) throws XMLSecurityException {
        SignatureType signatureType = (SignatureType) ((JAXBElement) parseStructure(deque, num.intValue(), xMLSecurityProperties)).getValue();
        if (signatureType.getSignedInfo() == null) {
            throw new XMLSecurityException("stax.signature.signedInfoMissing");
        }
        if (signatureType.getSignedInfo().getSignatureMethod() == null) {
            throw new XMLSecurityException("stax.signature.signatureMethodMissing");
        }
        if (signatureType.getSignedInfo().getCanonicalizationMethod() == null) {
            throw new XMLSecurityException("stax.signature.canonicalizationMethodMissing");
        }
        if (signatureType.getSignatureValue() == null) {
            throw new XMLSecurityException("stax.signature.signatureValueMissing");
        }
        if (signatureType.getId() == null) {
            signatureType.setId(IDGenerator.generateID(null));
        }
        addSignatureReferenceInputProcessorToChain(inputProcessorChain, xMLSecurityProperties, signatureType, verifySignedInfo(inputProcessorChain, xMLSecurityProperties, signatureType, deque, num.intValue()));
    }

    protected abstract void addSignatureReferenceInputProcessorToChain(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, SignatureType signatureType, InboundSecurityToken inboundSecurityToken) throws XMLSecurityException;

    /* JADX WARN: Failed to find 'out' block for switch in B:19:0x00a7. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:28:0x00fe. Please report as an issue. */
    protected InboundSecurityToken verifySignedInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, SignatureType signatureType, Deque<XMLSecEvent> deque, int i) throws XMLSecurityException {
        Iterator<XMLSecEvent> descendingIterator;
        String algorithm = signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm();
        if ("http://www.w3.org/TR/2001/REC-xml-c14n-20010315".equals(algorithm) || "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments".equals(algorithm) || "http://www.w3.org/2001/10/xml-exc-c14n#".equals(algorithm) || "http://www.w3.org/2001/10/xml-exc-c14n#WithComments".equals(algorithm) || "http://www.w3.org/2006/12/xml-c14n11".equals(algorithm) || "http://www.w3.org/2006/12/xml-c14n11#WithComments".equals(algorithm)) {
            descendingIterator = deque.descendingIterator();
            for (int i2 = 0; i2 < i; i2++) {
                descendingIterator.next();
            }
        } else {
            descendingIterator = reparseSignedInfo(inputProcessorChain, xMLSecurityProperties, signatureType, deque, i).descendingIterator();
        }
        SignatureVerifier newSignatureVerifier = newSignatureVerifier(inputProcessorChain, xMLSecurityProperties, signatureType);
        while (true) {
            try {
                if (descendingIterator.hasNext()) {
                    XMLSecEvent next = descendingIterator.next();
                    switch (next.getEventType()) {
                        case 1:
                            if (next.asStartElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
                                newSignatureVerifier.processEvent(next);
                                break;
                            }
                    }
                }
            } catch (XMLStreamException e) {
                throw new XMLSecurityException(e);
            }
        }
        while (descendingIterator.hasNext()) {
            XMLSecEvent next2 = descendingIterator.next();
            newSignatureVerifier.processEvent(next2);
            switch (next2.getEventType()) {
                case 2:
                    if (next2.asEndElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
                        newSignatureVerifier.doFinal();
                        return newSignatureVerifier.getInboundSecurityToken();
                    }
            }
        }
        newSignatureVerifier.doFinal();
        return newSignatureVerifier.getInboundSecurityToken();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:18:0x00c2. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:9:0x0066. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:26:0x0121 A[Catch: XMLStreamException -> 0x0159, LOOP:3: B:24:0x0117->B:26:0x0121, LOOP_END, TryCatch #0 {XMLStreamException -> 0x0159, blocks: (B:6:0x0049, B:8:0x0053, B:9:0x0066, B:10:0x0078, B:13:0x008d, B:15:0x009c, B:17:0x00a6, B:18:0x00c2, B:19:0x00d4, B:23:0x00ef, B:24:0x0117, B:26:0x0121, B:28:0x013d), top: B:5:0x0049 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected java.util.Deque<org.apache.xml.security.stax.ext.stax.XMLSecEvent> reparseSignedInfo(org.apache.xml.security.stax.ext.InputProcessorChain r7, org.apache.xml.security.stax.ext.XMLSecurityProperties r8, org.apache.xml.security.binding.xmldsig.SignatureType r9, java.util.Deque<org.apache.xml.security.stax.ext.stax.XMLSecEvent> r10, int r11) throws org.apache.xml.security.exceptions.XMLSecurityException {
        /*
            Method dump skipped, instructions count: 357
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.xml.security.stax.impl.processor.input.AbstractSignatureInputHandler.reparseSignedInfo(org.apache.xml.security.stax.ext.InputProcessorChain, org.apache.xml.security.stax.ext.XMLSecurityProperties, org.apache.xml.security.binding.xmldsig.SignatureType, java.util.Deque, int):java.util.Deque");
    }

    protected abstract SignatureVerifier newSignatureVerifier(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, SignatureType signatureType) throws XMLSecurityException;
}
