package org.apache.ws.security.message;

import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.tika.parser.chm.core.ChmConstants;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.PKIPathSecurity;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.springframework.extensions.directives.DirectiveConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/wss4j-1.5.12.jar:org/apache/ws/security/message/WSSignEnvelope.class */
public class WSSignEnvelope extends WSBaseMessage {
    private static Log log;
    private static Log tlog;
    protected boolean useSingleCert;
    protected String sigAlgo;
    protected String canonAlgo;
    protected WSSAddUsernameToken usernameToken;
    protected byte[] signatureValue;
    static Class class$org$apache$ws$security$message$WSSignEnvelope;

    public WSSignEnvelope() {
        this.useSingleCert = true;
        this.sigAlgo = null;
        this.canonAlgo = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.usernameToken = null;
        this.signatureValue = null;
    }

    public WSSignEnvelope(String str) {
        super(str);
        this.useSingleCert = true;
        this.sigAlgo = null;
        this.canonAlgo = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.usernameToken = null;
        this.signatureValue = null;
    }

    public WSSignEnvelope(String str, boolean z) {
        super(str, z);
        this.useSingleCert = true;
        this.sigAlgo = null;
        this.canonAlgo = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.usernameToken = null;
        this.signatureValue = null;
    }

    public void setUseSingleCertificate(boolean z) {
        this.useSingleCert = z;
    }

    public boolean isUseSingleCertificate() {
        return this.useSingleCert;
    }

    public void setSignatureAlgorithm(String str) {
        this.sigAlgo = str;
    }

    public String getSignatureAlgorithm() {
        return this.sigAlgo;
    }

    public void setSigCanonicalization(String str) {
        this.canonAlgo = str;
    }

    public String getSigCanonicalization() {
        return this.canonAlgo;
    }

    public void setUsernameToken(WSSAddUsernameToken wSSAddUsernameToken) {
        this.usernameToken = wSSAddUsernameToken;
    }

    public byte[] getSignatureValue() {
        return this.signatureValue;
    }

    public Document build(Document document, Crypto crypto) throws WSSecurityException {
        XMLSignature xMLSignature;
        BinarySecurity x509Security;
        this.doDebug = log.isDebugEnabled();
        long currentTimeMillis = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        if (this.doDebug) {
            log.debug("Beginning signing...");
        }
        WSDocInfo wSDocInfo = new WSDocInfo(document);
        wSDocInfo.setCrypto(crypto);
        Element documentElement = document.getDocumentElement();
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(documentElement);
        Element insertSecurityHeader = insertSecurityHeader(document);
        String str = null;
        X509Certificate[] x509CertificateArr = null;
        if (this.keyIdentifierType != 7) {
            x509CertificateArr = crypto.getCertificates(this.user);
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                throw new WSSecurityException(0, "noUserCertsFound", new Object[]{this.user, "signature"});
            }
            str = this.wssConfig.getIdAllocator().createSecureId("CertId-", x509CertificateArr[0]);
            if (this.sigAlgo == null) {
                String algorithm = x509CertificateArr[0].getPublicKey().getAlgorithm();
                log.debug(new StringBuffer().append("automatic sig algo detection: ").append(algorithm).toString());
                if (algorithm.equalsIgnoreCase("DSA")) {
                    this.sigAlgo = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
                } else {
                    if (!algorithm.equalsIgnoreCase("RSA")) {
                        throw new WSSecurityException(0, "unknownSignatureAlgorithm", new Object[]{algorithm});
                    }
                    this.sigAlgo = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
                }
            }
        }
        if (this.canonAlgo.equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
            Element createElementInSignatureSpace = XMLUtils.createElementInSignatureSpace(document, Constants._TAG_CANONICALIZATIONMETHOD);
            createElementInSignatureSpace.setAttributeNS(null, "Algorithm", this.canonAlgo);
            if (this.wssConfig.isWsiBSPCompliant()) {
                createElementInSignatureSpace.appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(insertSecurityHeader, false)).getElement());
            }
            try {
                xMLSignature = new XMLSignature(document, (String) null, new SignatureAlgorithm(document, this.sigAlgo).getElement(), createElementInSignatureSpace);
            } catch (XMLSecurityException e) {
                log.error("", e);
                throw new WSSecurityException(10, "noXMLSig", null, e);
            }
        } else {
            try {
                xMLSignature = new XMLSignature(document, (String) null, this.sigAlgo, this.canonAlgo);
            } catch (XMLSecurityException e2) {
                log.error("", e2);
                throw new WSSecurityException(10, "noXMLSig", null, e2);
            }
        }
        KeyInfo keyInfo = xMLSignature.getKeyInfo();
        String createSecureId = this.wssConfig.getIdAllocator().createSecureId("KeyId-", keyInfo);
        keyInfo.setId(createSecureId);
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
        String createSecureId2 = this.wssConfig.getIdAllocator().createSecureId("STRId-", keyInfo);
        securityTokenReference.setID(createSecureId2);
        long currentTimeMillis2 = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        if (this.parts == null) {
            this.parts = new Vector();
            this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), ChmConstants.CONTENT));
        }
        for (int i = 0; i < this.parts.size(); i++) {
            WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) this.parts.get(i);
            String id = wSEncryptionPart.getId();
            String name = wSEncryptionPart.getName();
            String namespace = wSEncryptionPart.getNamespace();
            if (id != null) {
                try {
                    Element findElementById = WSSecurityUtil.findElementById(document.getDocumentElement(), id, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                    if (findElementById == null) {
                        findElementById = WSSecurityUtil.findElementById(document.getDocumentElement(), id, null);
                    }
                    Transforms transforms = new Transforms(document);
                    transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms.item(0).getElement().appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(findElementById)).getElement());
                    }
                    xMLSignature.addDocument(new StringBuffer().append("#").append(id).toString(), transforms);
                } catch (XMLSignatureException e3) {
                    throw new WSSecurityException(10, "noXMLSig", null, e3);
                } catch (TransformationException e4) {
                    throw new WSSecurityException(10, "noXMLSig", null, e4);
                }
            } else if (name.equals("Token")) {
                Transforms transforms2 = new Transforms(document);
                transforms2.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                if (this.keyIdentifierType == 1) {
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms2.item(0).getElement().appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(insertSecurityHeader)).getElement());
                    }
                    xMLSignature.addDocument(new StringBuffer().append("#").append(str).toString(), transforms2);
                } else {
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms2.item(0).getElement().appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(keyInfo.getElement())).getElement());
                    }
                    xMLSignature.addDocument(new StringBuffer().append("#").append(createSecureId).toString(), transforms2);
                }
            } else if (name.equals("STRTransform")) {
                Element createSTRParameter = createSTRParameter(document);
                Transforms transforms3 = new Transforms(document);
                transforms3.addTransform("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform", createSTRParameter);
                xMLSignature.addDocument(new StringBuffer().append("#").append(createSecureId2).toString(), transforms3);
            } else if (name.equals(WSConstants.ASSERTION_LN)) {
                String assertionId = SAMLUtil.getAssertionId(documentElement, name, namespace);
                Element element = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                if (element == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{new StringBuffer().append(namespace).append(DirectiveConstants.COMMA).append(name).toString()});
                }
                Transforms transforms4 = new Transforms(document);
                transforms4.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                if (this.wssConfig.isWsiBSPCompliant()) {
                    transforms4.item(0).getElement().appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(element)).getElement());
                }
                element.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", new StringBuffer().append(WSSecurityUtil.setNamespace(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu")).append(":Id").toString(), assertionId);
                xMLSignature.addDocument(new StringBuffer().append("#").append(assertionId).toString(), transforms4);
            } else {
                Element element2 = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                if (element2 == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{new StringBuffer().append(namespace).append(DirectiveConstants.COMMA).append(name).toString()});
                }
                Transforms transforms5 = new Transforms(document);
                transforms5.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                if (this.wssConfig.isWsiBSPCompliant()) {
                    transforms5.item(0).getElement().appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(element2)).getElement());
                }
                xMLSignature.addDocument(new StringBuffer().append("#").append(setWsuId(element2)).toString(), transforms5);
            }
        }
        xMLSignature.addResourceResolver(new EnvelopeIdResolver(wSDocInfo));
        WSSecurityUtil.prependChildElement(insertSecurityHeader, xMLSignature.getElement());
        long currentTimeMillis3 = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        byte[] bArr = null;
        switch (this.keyIdentifierType) {
            case 1:
                Reference reference = new Reference(document);
                reference.setURI(new StringBuffer().append("#").append(str).toString());
                if (this.useSingleCert) {
                    x509Security = new X509Security(document);
                    ((X509Security) x509Security).setX509Certificate(x509CertificateArr[0]);
                } else {
                    x509Security = new PKIPathSecurity(document);
                    ((PKIPathSecurity) x509Security).setX509Certificates(x509CertificateArr, false, crypto);
                }
                reference.setValueType(x509Security.getValueType());
                securityTokenReference.setReference(reference);
                x509Security.setID(str);
                WSSecurityUtil.prependChildElement(insertSecurityHeader, x509Security.getElement());
                wSDocInfo.setBst(x509Security.getElement());
                break;
            case 2:
                XMLX509IssuerSerial xMLX509IssuerSerial = new XMLX509IssuerSerial(document, x509CertificateArr[0]);
                X509Data x509Data = new X509Data(document);
                x509Data.add(xMLX509IssuerSerial);
                securityTokenReference.setX509IssuerSerial(x509Data);
                break;
            case 3:
                securityTokenReference.setKeyIdentifier(x509CertificateArr[0]);
                break;
            case 4:
                securityTokenReference.setKeyIdentifierSKI(x509CertificateArr[0], crypto);
                break;
            case 5:
            case 6:
            default:
                throw new WSSecurityException(0, "unsupportedKeyId");
            case 7:
                Reference reference2 = new Reference(document);
                reference2.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
                String id2 = this.usernameToken.getId();
                if (id2 == null) {
                    id2 = this.wssConfig.getIdAllocator().createId("usernameTokenId-", this.usernameToken);
                    this.usernameToken.setId(id2);
                }
                reference2.setURI(new StringBuffer().append("#").append(id2).toString());
                securityTokenReference.setReference(reference2);
                bArr = this.usernameToken.getSecretKey();
                break;
            case 8:
                securityTokenReference.setKeyIdentifierThumb(x509CertificateArr[0]);
                break;
        }
        long currentTimeMillis4 = tlog.isDebugEnabled() ? System.currentTimeMillis() : 0L;
        keyInfo.addUnknownElement(securityTokenReference.getElement());
        boolean store = WSDocInfoStore.store(wSDocInfo);
        try {
            try {
                if (this.keyIdentifierType == 7) {
                    xMLSignature.sign(xMLSignature.createSecretKey(bArr));
                } else {
                    xMLSignature.sign(crypto.getPrivateKey(this.user, this.password));
                }
                this.signatureValue = xMLSignature.getSignatureValue();
                if (store) {
                    WSDocInfoStore.delete(wSDocInfo);
                }
                if (tlog.isDebugEnabled()) {
                    tlog.debug(new StringBuffer().append("SignEnvelope: cre-Sig= ").append(currentTimeMillis2 - currentTimeMillis).append(" set transform= ").append(currentTimeMillis3 - currentTimeMillis2).append(" sec-ref= ").append(currentTimeMillis4 - currentTimeMillis3).append(" signature= ").append(System.currentTimeMillis() - currentTimeMillis4).toString());
                }
                if (this.doDebug) {
                    log.debug("Signing complete.");
                }
                return document;
            } catch (Throwable th) {
                if (store) {
                    WSDocInfoStore.delete(wSDocInfo);
                }
                throw th;
            }
        } catch (XMLSignatureException e5) {
            throw new WSSecurityException(10, null, null, e5);
        } catch (Exception e6) {
            throw new WSSecurityException(10, null, null, e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element createSTRParameter(Document document) {
        Element createElementNS = document.createElementNS(WSConstants.WSSE_NS, "wsse:TransformationParameters");
        WSSecurityUtil.setNamespace(createElementNS, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod");
        WSSecurityUtil.setNamespace(createElementNS2, "http://www.w3.org/2000/09/xmldsig#", WSConstants.SIG_PREFIX);
        createElementNS2.setAttributeNS(null, "Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    protected Set getInclusivePrefixes(Element element) {
        return getInclusivePrefixes(element, true);
    }

    protected Set getInclusivePrefixes(Element element, boolean z) {
        HashSet hashSet = new HashSet();
        Element element2 = element;
        while (!(element2.getParentNode() instanceof Document)) {
            element2 = element2.getParentNode();
            NamedNodeMap attributes = element2.getAttributes();
            for (int i = 0; i < attributes.getLength(); i++) {
                Node item = attributes.item(i);
                if (item.getNamespaceURI() != null && item.getNamespaceURI().equals("http://www.w3.org/2000/xmlns/")) {
                    if (item.getNodeName().equals("xmlns")) {
                        hashSet.add("#default");
                    } else {
                        hashSet.add(item.getLocalName());
                    }
                }
            }
        }
        if (z) {
            NamedNodeMap attributes2 = element.getAttributes();
            for (int i2 = 0; i2 < attributes2.getLength(); i2++) {
                Node item2 = attributes2.item(i2);
                if (item2.getNamespaceURI() != null && item2.getNamespaceURI().equals("http://www.w3.org/2000/xmlns/")) {
                    if (item2.getNodeName().equals("xmlns")) {
                        hashSet.remove("#default");
                    } else {
                        hashSet.remove(item2.getLocalName());
                    }
                }
                if (item2.getPrefix() != null) {
                    hashSet.remove(item2.getPrefix());
                }
            }
            if (element.getPrefix() == null) {
                hashSet.remove("#default");
            } else {
                hashSet.remove(element.getPrefix());
            }
        }
        return hashSet;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$message$WSSignEnvelope == null) {
            cls = class$("org.apache.ws.security.message.WSSignEnvelope");
            class$org$apache$ws$security$message$WSSignEnvelope = cls;
        } else {
            cls = class$org$apache$ws$security$message$WSSignEnvelope;
        }
        log = LogFactory.getLog(cls.getName());
        tlog = LogFactory.getLog("org.apache.ws.security.TIME");
    }
}
