package com.ibm.xml.soapsec.dsig;

import com.ibm.uddi.v3.client.apilayer.marshaler.UDDIV3Names;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.ws.wssecurity.xss4j.dsig.ResourceShower;
import com.ibm.ws.wssecurity.xss4j.dsig.SignatureContext;
import com.ibm.ws.wssecurity.xss4j.dsig.Validity;
import com.ibm.ws.wssecurity.xss4j.dsig.XSignatureException;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.xml.soapsec.Constants;
import com.ibm.xml.soapsec.Result;
import com.ibm.xml.soapsec.ResultPool;
import com.ibm.xml.soapsec.SoapSecurityComponent;
import com.ibm.xml.soapsec.token.BinaryTokenReceiver;
import com.ibm.xml.soapsec.token.TokenReceiverConfig;
import com.ibm.xml.soapsec.token.TokenResult;
import com.ibm.xml.soapsec.util.CertificateUtil;
import com.ibm.xml.soapsec.util.DOMUtil;
import com.ibm.xml.soapsec.util.IdUtil;
import com.ibm.xml.soapsec.util.NamespaceUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.io.IOException;
import java.security.Key;
import java.security.Provider;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.faces.validator.BeanValidator;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:lib/com.ibm.ws.webservices.thinclient_8.5.0.jar:com/ibm/xml/soapsec/dsig/SignatureReceiver.class */
public class SignatureReceiver implements SoapSecurityComponent {
    SignatureReceiverConfig config;
    TokenReceiverConfig tconfig;
    private IdUtil idResolver;
    private static final String comp = "security.wssecurity";
    private static final String[] ELEMENTS_TO_BE_CHECKED = {UDDIV3Names.kELTNAME_CANONMETHOD, UDDIV3Names.kELTNAME_SIGNATUREMETHOD, UDDIV3Names.kELTNAME_DIGESTMETHOD, UDDIV3Names.kELTNAME_TRANSFORM};
    private static final TraceComponent tc = Tr.register(SignatureReceiver.class, Constants.TR_GROUP, "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = SignatureReceiver.class.getName();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.ws.webservices.thinclient_8.5.0.jar:com/ibm/xml/soapsec/dsig/SignatureReceiver$ShowerImpl.class */
    public static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        public void showSignedResource(Element element, int i, String str, String str2, byte[] bArr, String str3) {
            String str4 = null;
            try {
                str4 = str3 == null ? new String(bArr, "UTF-8") : new String(bArr, str3);
            } catch (Exception e) {
                Tr.debug(SignatureReceiver.tc, "WARNING: An exception occured while the content is encoded with [" + str3 + "].");
            }
            if (i < 0) {
                Tr.debug(SignatureReceiver.tc, "ResourceShower logs verify-SignedInfo: " + str4);
            } else if (str == null || str.length() == 0) {
                Tr.debug(SignatureReceiver.tc, "ResourceShower logs verify-resource_" + i + ": " + str4);
            } else {
                Tr.debug(SignatureReceiver.tc, "ResourceShower logs verify-" + str + ": " + str4);
            }
        }

        static /* synthetic */ ShowerImpl access$000() {
            return getInstance();
        }
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void init(Map map) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(" + map + ")");
        }
        this.config = (SignatureReceiverConfig) map.get(SignatureReceiverConfig.class);
        this.tconfig = (TokenReceiverConfig) map.get(TokenReceiverConfig.class);
        this.idResolver = IdUtil.getInstance();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void invoke(Document document, Element element, Map map) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(" + document + BeanValidator.VALIDATION_GROUPS_DELIMITER + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + ")");
        }
        boolean z = false;
        Exception exc = null;
        Iterator it = this.config.getVerificationSettingsList().iterator();
        while (it.hasNext()) {
            try {
                invoke0(document, element, map, (VerificationSettings) it.next());
                z = true;
                break;
            } catch (Exception e) {
                Tr.processException(e, clsName + ".invoke", "104", this);
                exc = e;
            }
        }
        if (!z) {
            throw SoapSecurityException.format("security.wssecurity.SignatureReceiver.dsig21", exc);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Document doc, Element target, Map context)");
        }
    }

    private void invoke0(Document document, Element element, Map map, VerificationSettings verificationSettings) throws Exception {
        VerificationResult verificationResult;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke0(" + document + BeanValidator.VALIDATION_GROUPS_DELIMITER + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + BeanValidator.VALIDATION_GROUPS_DELIMITER + verificationSettings + ")");
        }
        try {
            verificationResult = new VerificationResult(map, element, verify(element, map, verificationSettings));
        } catch (SoapSecurityException e) {
            Tr.processException((Throwable) e, clsName + ".invoke", "126", (Object) this);
            Tr.error(tc, "security.wssecurity.SignatureReceiver.invoke", e);
            verificationResult = new VerificationResult(map, element, e);
        }
        callVerificationResultHandlers(verificationResult);
        if (!verificationResult.getResult()) {
            throw verificationResult.getReason();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke0(Document doc, Element target, Map context, VerificationSettings settings)");
        }
    }

    private void callVerificationResultHandlers(VerificationResult verificationResult) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "callVerificationResultHandlers(" + verificationResult + ")");
        }
        List verificationResultHandlers = this.config.getVerificationResultHandlers();
        if (verificationResultHandlers.isEmpty()) {
            SoapSecurityException reason = verificationResult.getReason();
            if (reason != null) {
                throw reason;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "callVerificationResultHandlers(VerificationResult result)");
                return;
            }
            return;
        }
        Iterator it = verificationResultHandlers.iterator();
        while (it.hasNext()) {
            ((VerificationResultHandler) it.next()).verificationDone(verificationResult);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "callVerificationResultHandlers(VerificationResult result)");
        }
    }

    private X509Certificate verify(Element element, Map map, VerificationSettings verificationSettings) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verify(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + verificationSettings + ")");
        }
        checkAlgorithms(element, verificationSettings, map);
        Set checkCertpathValidity = checkCertpathValidity(element, map, verificationSettings);
        SignatureResult analyzeSignedParts = analyzeSignedParts(element, verificationSettings);
        X509Certificate checkCoreValidity = checkCoreValidity(element, checkCertpathValidity);
        if (checkCoreValidity != null) {
            analyzeSignedParts.setCertificate(checkCoreValidity);
            ResultPool.add(map, analyzeSignedParts);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "verify(Element sig, Map context, VerificationSettings settings) returns " + checkCoreValidity);
        }
        return checkCoreValidity;
    }

    private SignatureResult analyzeSignedParts(Element element, VerificationSettings verificationSettings) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "analyzeSignedParts(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + verificationSettings + ")");
        }
        SignatureResult signatureResult = new SignatureResult();
        Element element2 = null;
        Element firstElement = DOMUtil.getFirstElement(element, Constants.NS_DSIG, UDDIV3Names.kELTNAME_SIGNEDINFO);
        if (firstElement != null) {
            element2 = DOMUtil.getFirstElement(firstElement);
        }
        while (element2 != null) {
            if (Constants.NS_DSIG.equals(element2.getNamespaceURI()) && UDDIV3Names.kELTNAME_REFERENCE.equals(element2.getLocalName())) {
                String attribute = element2.getAttribute(UDDIV3Names.kATTRNAME_URI);
                if (element2.getAttributeNode(UDDIV3Names.kATTRNAME_URI) == null) {
                    throw SoapSecurityException.format("security.wssecurity.SignatureReceiver.dsig03");
                }
                if (attribute.equals("")) {
                    Element firstElement2 = DOMUtil.getFirstElement(element2, Constants.NS_DSIG, UDDIV3Names.kELTNAME_TRANSFORMS);
                    if (firstElement2 == null) {
                        Tr.error(tc, "security.wssecurity.SignatureReceiver.dsig04", attribute);
                    } else {
                        Element firstElement3 = DOMUtil.getFirstElement(firstElement2);
                        if (firstElement3 == null) {
                            Tr.error(tc, "security.wssecurity.SignatureReceiver.dsig04", attribute);
                        } else {
                            String attribute2 = firstElement3.getAttribute(UDDIV3Names.kATTRNAME_ALGORITHM);
                            if (attribute2.equals(Constants.DSIG_XPATH)) {
                                String stringValue = DOMUtil.getStringValue(DOMUtil.getFirstElement(firstElement3, Constants.NS_DSIG, "XPath"));
                                if (stringValue.equals("count(/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::node() | /*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::*/@* | /*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::*/namespace::*) = count(/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::node() | /*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::*/@* | /*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::*/namespace::* | .)")) {
                                    Element nextElement = DOMUtil.getNextElement(firstElement3);
                                    if (nextElement == null || verificationSettings.getC14nMethod().equals(nextElement.getAttribute(UDDIV3Names.kATTRNAME_ALGORITHM))) {
                                        signatureResult.setBodySigned(true);
                                    } else {
                                        Tr.error(tc, "security.wssecurity.SignatureReceiver.dsig05", new Object[]{attribute, attribute2});
                                    }
                                } else {
                                    Tr.error(tc, "security.wssecurity.SignatureReceiver.dsig06", stringValue);
                                }
                            } else {
                                Tr.error(tc, "security.wssecurity.SignatureReceiver.dsig05", new Object[]{attribute, attribute2});
                            }
                        }
                    }
                } else if (attribute.length() < 2 || attribute.charAt(0) != '#') {
                    Tr.error(tc, "security.wssecurity.SignatureReceiver.dsig07", attribute);
                } else {
                    boolean z = true;
                    Element element3 = null;
                    Element firstElement4 = DOMUtil.getFirstElement(element2, Constants.NS_DSIG, UDDIV3Names.kELTNAME_TRANSFORMS);
                    if (firstElement4 != null) {
                        element3 = DOMUtil.getFirstElement(firstElement4);
                    }
                    while (true) {
                        if (element3 == null) {
                            break;
                        }
                        if (Constants.NS_DSIG.equals(element3.getNamespaceURI()) && UDDIV3Names.kELTNAME_TRANSFORM.equals(element3.getLocalName()) && !verificationSettings.getC14nMethod().equals(element3.getAttribute(UDDIV3Names.kATTRNAME_ALGORITHM))) {
                            z = false;
                            break;
                        }
                        element3 = DOMUtil.getNextElement(element3);
                    }
                    if (z) {
                        signatureResult.addSignedId(attribute.substring(1));
                    }
                }
            }
            element2 = DOMUtil.getNextElement(element2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "analyzeSignedParts(Element sig, VerificationSettings settings) returns " + signatureResult);
        }
        return signatureResult;
    }

    private X509Certificate checkCoreValidity(Element element, Set set) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCoreValidity(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + set + ")");
        }
        Element searchForKeyInfo = KeyInfo.searchForKeyInfo(element);
        Iterator it = this.config.getKeyInfoResolvers().iterator();
        while (it.hasNext()) {
            ((KeyInfoResolver) it.next()).resolve(searchForKeyInfo);
        }
        Iterator it2 = set.iterator();
        String str = null;
        while (it2.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it2.next();
            str = verify(element, x509Certificate.getPublicKey());
            if (str == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkCoreValidity(Element sig, Set certs) returns " + x509Certificate);
                }
                return x509Certificate;
            }
        }
        throw SoapSecurityException.format("security.wssecurity.SignatureReceiver.dsig22", str);
    }

    private String verify(Element element, Key key) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verify(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + key + ")");
        }
        SignatureContext signatureContext = new SignatureContext();
        if (tc.isDebugEnabled()) {
            signatureContext.setResourceShower(ShowerImpl.access$000());
        }
        if (this.idResolver != null) {
            signatureContext.setIDResolver(this.idResolver);
        }
        Validity verify = signatureContext.verify(element, key);
        boolean coreValidity = verify.getCoreValidity();
        String str = null;
        if (!coreValidity || tc.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("Core validity=");
            stringBuffer.append(coreValidity);
            stringBuffer.append(" Signed info validity=");
            stringBuffer.append(verify.getSignedInfoValidity());
            stringBuffer.append(" Signed info message='");
            stringBuffer.append(verify.getSignedInfoMessage());
            stringBuffer.append("'");
            int numberOfReferences = verify.getNumberOfReferences();
            for (int i = 0; i < numberOfReferences; i++) {
                stringBuffer.append(" Ref[");
                stringBuffer.append(i);
                stringBuffer.append("](validity=");
                stringBuffer.append(verify.getReferenceValidity(i));
                stringBuffer.append(" message='");
                stringBuffer.append(verify.getReferenceMessage(i));
                stringBuffer.append("' uri='");
                stringBuffer.append(verify.getReferenceURI(i));
                stringBuffer.append("' type='");
                stringBuffer.append(verify.getReferenceType(i));
                stringBuffer.append("')");
            }
            str = stringBuffer.toString();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, str);
            }
            if (coreValidity) {
                str = null;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "verify(Element sig, Key key) returns " + str);
        }
        return str;
    }

    private void parseTokenReference(Set set, Node node, Map map, VerificationSettings verificationSettings) throws SoapSecurityException {
        Element firstChildWsseElement;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseTokenReference(" + set + BeanValidator.VALIDATION_GROUPS_DELIMITER + node + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + BeanValidator.VALIDATION_GROUPS_DELIMITER + verificationSettings + ")");
        }
        Element firstElement = DOMUtil.getFirstElement(node);
        while (true) {
            Element element = firstElement;
            if (element == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "parseTokenReference(Set certs, Node tokenref, Map context, VerificationSettings settings)");
                    return;
                }
                return;
            }
            String str = null;
            TokenResult.X509 x509 = null;
            if (NamespaceUtil.isWsse(element.getNamespaceURI())) {
                if (UDDIV3Names.kELTNAME_REFERENCE.equals(element.getLocalName())) {
                    String attribute = element.getAttribute(UDDIV3Names.kATTRNAME_URI);
                    if (attribute != null && attribute.length() >= 1) {
                        if (!attribute.startsWith("#")) {
                            throw SoapSecurityException.format(Constants.getQName(Constants.getWSSENS(map), Constants.SECURITY_TOKEN_UNAVAILABLE_QNAME), "security.wssecurity.SignatureReceiver.dsig09", attribute);
                        }
                        str = attribute.substring(1);
                    }
                } else if ("Embedded".equals(element.getLocalName()) && (firstChildWsseElement = NamespaceUtil.getFirstChildWsseElement(element, "BinarySecurityToken")) != null) {
                    new BinaryTokenReceiver(this.tconfig).invoke(firstChildWsseElement.getOwnerDocument(), firstChildWsseElement, map);
                }
                for (Result result : ResultPool.get(map, TokenResult.X509.class)) {
                    x509 = (TokenResult.X509) result;
                    String trustAnchorRef = verificationSettings.getTrustAnchorRef();
                    String certStoreRef = verificationSettings.getCertStoreRef();
                    String trustAnchorRef2 = x509.getTrustAnchorRef();
                    String certStoreRef2 = x509.getCertStoreRef();
                    boolean z = verificationSettings.getTrustAnyCertificate() && x509.getTrustAnyCertificate();
                    boolean z2 = trustAnchorRef != null && trustAnchorRef.equals(trustAnchorRef2);
                    boolean z3 = (certStoreRef != null && certStoreRef.equals(certStoreRef2)) || (certStoreRef == null && certStoreRef2 == null);
                    if ((str == null || str.equals(x509.getIdName())) && (z || (z2 && z3))) {
                        break;
                    }
                    x509 = null;
                }
                if (x509 == null) {
                    throw SoapSecurityException.format(Constants.getQName(Constants.getWSSENS(map), Constants.SECURITY_TOKEN_UNAVAILABLE_QNAME), "security.wssecurity.SignatureReceiver.dsig10", str == null ? "<Embedded>" : str);
                }
                x509.setUsed(true);
                set.add(x509.getCertificate());
            }
            firstElement = DOMUtil.getNextElement(element);
        }
    }

    private Set checkCertpathValidity(Element element, Map map, VerificationSettings verificationSettings) throws SoapSecurityException {
        CertificateUtil.X509DataUtil[] x509DataUtilArr;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCertpathValidity(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + BeanValidator.VALIDATION_GROUPS_DELIMITER + verificationSettings + ")");
        }
        HashSet hashSet = new HashSet();
        Element searchForKeyInfo = KeyInfo.searchForKeyInfo(element);
        if (searchForKeyInfo != null) {
            NodeList wsseElementsByTagName = NamespaceUtil.getWsseElementsByTagName(searchForKeyInfo, "SecurityTokenReference");
            for (int i = 0; i < wsseElementsByTagName.getLength(); i++) {
                parseTokenReference(hashSet, wsseElementsByTagName.item(i), map, verificationSettings);
            }
        }
        if (verificationSettings.getTrustAnyCertificate()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkCertpathValidity(Element sig, Map context)");
            }
            return hashSet;
        }
        try {
            x509DataUtilArr = CertificateUtil.getX509Data(element);
        } catch (XSignatureException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to retreive valid X.509 data (should be embedded in BST) from Signature element.", new Object[]{e});
            }
            x509DataUtilArr = new CertificateUtil.X509DataUtil[0];
        }
        if (x509DataUtilArr.length > 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Calling CertificateUtil.verify()");
            }
            PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) verificationSettings.getPKIXBuilderParameters().clone();
            HashSet eeCerts = verificationSettings.getEeCerts();
            if (eeCerts == null) {
                eeCerts = new HashSet();
            }
            Provider certPathProvider = verificationSettings.getCertPathProvider();
            try {
                pKIXBuilderParameters.addCertStore(certPathProvider == null ? CertStore.getInstance("Collection", new CollectionCertStoreParameters(eeCerts)) : CertStore.getInstance("Collection", new CollectionCertStoreParameters(eeCerts), certPathProvider));
                for (int i2 = 0; i2 < x509DataUtilArr.length; i2++) {
                    try {
                        X509CertSelector createSelector = x509DataUtilArr[i2].createSelector();
                        Date date = new Date();
                        createSelector.setCertificateValid(date);
                        pKIXBuilderParameters.setDate(date);
                        pKIXBuilderParameters.setTargetCertConstraints(createSelector);
                        hashSet.add(x509DataUtilArr[i2].validateAndGetCert(pKIXBuilderParameters));
                    } catch (XSignatureException e2) {
                        Tr.processException((Throwable) e2, clsName + ".checkCertpathValidity", "503", (Object) this);
                        Tr.error(tc, "security.wssecurity.SignatureReceiver.exception", e2);
                    } catch (IOException e3) {
                        Tr.processException(e3, clsName + ".checkCertpathValidity", "507", this);
                        Tr.error(tc, "security.wssecurity.SignatureReceiver.exception", e3);
                    }
                }
            } catch (Exception e4) {
                throw new SoapSecurityException(e4);
            }
        }
        if (hashSet.isEmpty()) {
            throw SoapSecurityException.format("security.wssecurity.SignatureReceiver.s28", new Exception());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCertpathValidity(Element sig, Map context, VerificationSettings settings) returns " + hashSet);
        }
        return hashSet;
    }

    private void checkAlgorithms(Element element, VerificationSettings verificationSettings, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAlgorithms(" + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + verificationSettings + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + ")");
        }
        for (int i = 0; i < ELEMENTS_TO_BE_CHECKED.length; i++) {
            checkAlgorithm(element, i, verificationSettings, map);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkAlgorithms(Element, VerificationSettings, Map");
        }
    }

    private void checkAlgorithm(Element element, int i, VerificationSettings verificationSettings, Map map) throws SoapSecurityException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(Constants.NS_DSIG, ELEMENTS_TO_BE_CHECKED[i]);
        int length = elementsByTagNameNS.getLength();
        for (int i2 = 0; i2 < length; i2++) {
            String attribute = ((Element) elementsByTagNameNS.item(i2)).getAttribute(UDDIV3Names.kATTRNAME_ALGORITHM);
            boolean z = false;
            if (i == 0) {
                if (!verificationSettings.getC14nMethod().equals(attribute)) {
                    z = true;
                }
            } else if (i == 1) {
                if (!verificationSettings.getSignatureMethod().equals(attribute)) {
                    z = true;
                }
            } else if (i == 2) {
                if (!verificationSettings.getDigestMethod().equals(attribute)) {
                    z = true;
                }
            } else if (i == 3 && !this.config.getAllowedTransforms().contains(attribute)) {
                z = true;
            }
            if (z) {
                throw SoapSecurityException.format(Constants.getQName(Constants.getWSSENS(map), Constants.UNSUPPORTED_ALGORITHM_QNAME), "security.wssecurity.SignatureReceiver.s26", attribute, ELEMENTS_TO_BE_CHECKED[i]);
            }
        }
    }
}
