package org.apache.wss4j.dom.message;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.Attachment;
import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.callback.DOMCallbackLookup;
import org.apache.wss4j.dom.transform.AttachmentTransformParameterSpec;
import org.apache.wss4j.dom.util.SignatureUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.jboss.resteasy.plugins.providers.multipart.ContentIDUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/wss4j-ws-security-dom-2.2.2.redhat-00002.jar:org/apache/wss4j/dom/message/WSSecSignatureBase.class */
public class WSSecSignatureBase extends WSSecBase {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) WSSecSignatureBase.class);
    private List<Element> clonedElements;

    public WSSecSignatureBase(WSSecHeader wSSecHeader) {
        super(wSSecHeader);
        this.clonedElements = new ArrayList();
    }

    public WSSecSignatureBase(Document document) {
        super(document);
        this.clonedElements = new ArrayList();
    }

    public List<Reference> addReferencesToSign(Document document, List<WSEncryptionPart> list, WSDocInfo wSDocInfo, XMLSignatureFactory xMLSignatureFactory, boolean z, String str) throws WSSecurityException {
        Transform newTransform;
        List<Element> findElements;
        try {
            DigestMethod newDigestMethod = xMLSignatureFactory.newDigestMethod(str, (DigestMethodParameterSpec) null);
            List<Reference> list2 = null;
            ArrayList arrayList = new ArrayList();
            for (WSEncryptionPart wSEncryptionPart : list) {
                String id = wSEncryptionPart.getId();
                String name = wSEncryptionPart.getName();
                Element element = wSEncryptionPart.getElement();
                try {
                    if ("cid:Attachments".equals(id) && list2 == null) {
                        list2 = addAttachmentReferences(wSEncryptionPart, newDigestMethod, xMLSignatureFactory);
                    } else if (id != null) {
                        if ("STRTransform".equals(name)) {
                            newTransform = xMLSignatureFactory.newTransform("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform", new DOMStructure(createSTRParameter(document)));
                        } else {
                            ExcC14NParameterSpec excC14NParameterSpec = null;
                            if (element == null) {
                                if (this.callbackLookup == null) {
                                    this.callbackLookup = new DOMCallbackLookup(document);
                                }
                                element = this.callbackLookup.getElement(id, null, false);
                            }
                            if (z) {
                                List<String> inclusivePrefixes = getInclusivePrefixes(element);
                                if (!inclusivePrefixes.isEmpty()) {
                                    excC14NParameterSpec = new ExcC14NParameterSpec(inclusivePrefixes);
                                }
                            }
                            newTransform = xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", excC14NParameterSpec);
                        }
                        if (element != null) {
                            cloneElement(element);
                            wSDocInfo.addTokenElement(element, false);
                        } else if (!wSEncryptionPart.isRequired()) {
                        }
                        arrayList.add(xMLSignatureFactory.newReference("#" + id, newDigestMethod, Collections.singletonList(newTransform), (String) null, (String) null));
                    } else {
                        String namespace = wSEncryptionPart.getNamespace();
                        if (element != null) {
                            findElements = Collections.singletonList(element);
                        } else {
                            if (this.callbackLookup == null) {
                                this.callbackLookup = new DOMCallbackLookup(document);
                            }
                            findElements = WSSecurityUtil.findElements(wSEncryptionPart, this.callbackLookup, document);
                        }
                        if (findElements == null || findElements.isEmpty()) {
                            if (wSEncryptionPart.isRequired()) {
                                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noEncElement", new Object[]{namespace + ", " + name});
                            }
                        } else {
                            for (Element element2 : findElements) {
                                String wsuId = setWsuId(element2);
                                cloneElement(element2);
                                ExcC14NParameterSpec excC14NParameterSpec2 = null;
                                if (z) {
                                    List<String> inclusivePrefixes2 = getInclusivePrefixes(element2);
                                    if (!inclusivePrefixes2.isEmpty()) {
                                        excC14NParameterSpec2 = new ExcC14NParameterSpec(inclusivePrefixes2);
                                    }
                                }
                                arrayList.add(xMLSignatureFactory.newReference("#" + wsuId, newDigestMethod, Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", excC14NParameterSpec2)), (String) null, (String) null));
                                wSDocInfo.addTokenElement(element2, false);
                            }
                        }
                    }
                } catch (Exception e) {
                    LOG.error("", (Throwable) e);
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e, "noXMLSig");
                }
            }
            if (list2 != null) {
                arrayList.addAll(list2);
            }
            return arrayList;
        } catch (Exception e2) {
            LOG.error("", (Throwable) e2);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e2, "noXMLSig");
        }
    }

    private void cloneElement(Element element) throws WSSecurityException {
        List<Element> findElements;
        if (!this.expandXopInclude || (findElements = XMLUtils.findElements(element.getFirstChild(), "Include", "http://www.w3.org/2004/08/xop/include")) == null || findElements.isEmpty()) {
            return;
        }
        this.clonedElements.add(element);
        element.getParentNode().appendChild(WSSecurityUtil.cloneElement(getSecurityHeader().getSecurityHeaderDoc(), element));
        WSSecurityUtil.inlineAttachments(findElements, this.attachmentCallbackHandler, false);
    }

    private List<Reference> addAttachmentReferences(WSEncryptionPart wSEncryptionPart, DigestMethod digestMethod, XMLSignatureFactory xMLSignatureFactory) throws WSSecurityException {
        if (this.attachmentCallbackHandler == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"no attachment callbackhandler supplied"});
        }
        AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
        attachmentRequestCallback.setAttachmentId(wSEncryptionPart.getId().substring(4));
        try {
            this.attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
            ArrayList arrayList = new ArrayList();
            if (attachmentRequestCallback.getAttachments() != null) {
                for (Attachment attachment : attachmentRequestCallback.getAttachments()) {
                    try {
                        ArrayList arrayList2 = new ArrayList();
                        AttachmentTransformParameterSpec attachmentTransformParameterSpec = new AttachmentTransformParameterSpec(this.attachmentCallbackHandler, attachment);
                        String str = "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform";
                        if ("Element".equals(wSEncryptionPart.getEncModifier())) {
                            str = "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform";
                        }
                        arrayList2.add(xMLSignatureFactory.newTransform(str, attachmentTransformParameterSpec));
                        arrayList.add(xMLSignatureFactory.newReference(ContentIDUtils.CID_URL_SCHEME + attachment.getId(), digestMethod, arrayList2, (String) null, (String) null));
                    } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
                    }
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2);
        }
    }

    public List<String> getInclusivePrefixes(Element element) {
        return getInclusivePrefixes(element, true);
    }

    public List<String> getInclusivePrefixes(Element element, boolean z) {
        return SignatureUtils.getInclusivePrefixes(element, z);
    }

    public Element createSTRParameter(Document document) {
        Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:TransformationParameters");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod");
        createElementNS2.setAttributeNS(null, "Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanup() {
        if (this.clonedElements.isEmpty()) {
            return;
        }
        for (Element element : this.clonedElements) {
            element.getParentNode().removeChild(element);
        }
        this.clonedElements.clear();
    }
}
