package org.apache.wss4j.dom.action;

import java.util.ArrayList;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.crypto.dsig.Reference;
import org.apache.wss4j.common.SecurityActionToken;
import org.apache.wss4j.common.SignatureActionToken;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandler;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-476.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-dom-2.1.7.jar:org/apache/wss4j/dom/action/SignatureAction.class */
public class SignatureAction implements Action {
    @Override // org.apache.wss4j.dom.action.Action
    public void execute(WSHandler wSHandler, SecurityActionToken securityActionToken, Document document, RequestData requestData) throws WSSecurityException {
        CallbackHandler callbackHandler = requestData.getCallbackHandler();
        if (callbackHandler == null) {
            callbackHandler = wSHandler.getPasswordCallbackHandler(requestData);
        }
        SignatureActionToken signatureActionToken = securityActionToken instanceof SignatureActionToken ? (SignatureActionToken) securityActionToken : null;
        if (signatureActionToken == null) {
            signatureActionToken = requestData.getSignatureToken();
        }
        WSPasswordCallback passwordCB = wSHandler.getPasswordCB(signatureActionToken.getUser(), 2, callbackHandler, requestData);
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setIdAllocator(requestData.getWssConfig().getIdAllocator());
        wSSecSignature.setAddInclusivePrefixes(requestData.isAddInclusivePrefixes());
        if (signatureActionToken.getKeyIdentifierId() != 0) {
            wSSecSignature.setKeyIdentifierType(signatureActionToken.getKeyIdentifierId());
        }
        if (signatureActionToken.getSignatureAlgorithm() != null) {
            wSSecSignature.setSignatureAlgorithm(signatureActionToken.getSignatureAlgorithm());
        }
        if (signatureActionToken.getDigestAlgorithm() != null) {
            wSSecSignature.setDigestAlgo(signatureActionToken.getDigestAlgorithm());
        }
        if (signatureActionToken.getC14nAlgorithm() != null) {
            wSSecSignature.setSigCanonicalization(signatureActionToken.getC14nAlgorithm());
        }
        wSSecSignature.setIncludeSignatureToken(signatureActionToken.isIncludeToken());
        wSSecSignature.setUserInfo(signatureActionToken.getUser(), passwordCB.getPassword());
        wSSecSignature.setUseSingleCertificate(signatureActionToken.isUseSingleCert());
        if (passwordCB.getKey() != null) {
            wSSecSignature.setSecretKey(passwordCB.getKey());
        } else if (signatureActionToken.getKey() != null) {
            wSSecSignature.setSecretKey(signatureActionToken.getKey());
        } else if (signatureActionToken.getUser() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSignatureUser");
        }
        if (signatureActionToken.getTokenId() != null) {
            wSSecSignature.setCustomTokenId(signatureActionToken.getTokenId());
        }
        if (signatureActionToken.getTokenType() != null) {
            wSSecSignature.setCustomTokenValueType(signatureActionToken.getTokenType());
        }
        if (signatureActionToken.getSha1Value() != null) {
            wSSecSignature.setEncrKeySha1value(signatureActionToken.getSha1Value());
        }
        wSSecSignature.setAttachmentCallbackHandler(requestData.getAttachmentCallbackHandler());
        wSSecSignature.setStoreBytesInAttachment(requestData.isStoreBytesInAttachment());
        try {
            wSSecSignature.prepare(document, signatureActionToken.getCrypto(), requestData.getSecHeader());
            Element element = null;
            boolean z = false;
            for (WSEncryptionPart wSEncryptionPart : signatureActionToken.getParts()) {
                if ("STRTransform".equals(wSEncryptionPart.getName()) && wSEncryptionPart.getId() == null) {
                    wSEncryptionPart.setId(wSSecSignature.getSecurityTokenReferenceURI());
                } else if (requestData.isAppendSignatureAfterTimestamp() && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd".equals(wSEncryptionPart.getNamespace()) && "Timestamp".equals(wSEncryptionPart.getName())) {
                    int originalSignatureActionPosition = requestData.getOriginalSignatureActionPosition();
                    if (originalSignatureActionPosition > 0) {
                        Node lastChild = requestData.getSecHeader().getSecurityHeader().getLastChild();
                        for (int i = 0; lastChild != null && i < originalSignatureActionPosition; i++) {
                            while (lastChild != null && lastChild.getNodeType() != 1) {
                                lastChild = lastChild.getPreviousSibling();
                            }
                        }
                        if (lastChild instanceof Element) {
                            element = (Element) lastChild;
                        }
                    }
                } else if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(wSEncryptionPart.getNamespace()) && "BinarySecurityToken".equals(wSEncryptionPart.getName())) {
                    z = true;
                }
            }
            if (z) {
                wSSecSignature.prependBSTElementToHeader(requestData.getSecHeader());
            }
            List<WSEncryptionPart> parts = signatureActionToken.getParts();
            if (parts == null || parts.isEmpty()) {
                parts = new ArrayList(1);
                parts.add(WSSecurityUtil.getDefaultEncryptionPart(document));
            }
            List<Reference> addReferencesToSign = wSSecSignature.addReferencesToSign(parts, requestData.getSecHeader());
            if (z || (requestData.isAppendSignatureAfterTimestamp() && element == null)) {
                wSSecSignature.computeSignature(addReferencesToSign, false, null);
            } else {
                wSSecSignature.computeSignature(addReferencesToSign, true, element);
            }
            if (!z) {
                wSSecSignature.prependBSTElementToHeader(requestData.getSecHeader());
            }
            requestData.getSignatureValues().add(wSSecSignature.getSignatureValue());
        } catch (WSSecurityException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "empty", new Object[]{"Error during Signature: "});
        }
    }
}
