package com.ibm.xml.soapsec.dsig;

import com.ibm.uddi.v3.client.apilayer.marshaler.UDDIV3Names;
import com.ibm.ws.wssecurity.xss4j.domutil.XPathCanonicalizer;
import com.ibm.ws.wssecurity.xss4j.dsig.Reference;
import com.ibm.ws.wssecurity.xss4j.dsig.ResourceShower;
import com.ibm.ws.wssecurity.xss4j.dsig.SignatureContext;
import com.ibm.ws.wssecurity.xss4j.dsig.TemplateGenerator;
import com.ibm.ws.wssecurity.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.config.KeyLocator;
import com.ibm.xml.soapsec.Constants;
import com.ibm.xml.soapsec.Request;
import com.ibm.xml.soapsec.RequestPool;
import com.ibm.xml.soapsec.SenderConfig;
import com.ibm.xml.soapsec.SoapSecurityComponent;
import com.ibm.xml.soapsec.token.TokenRequest;
import com.ibm.xml.soapsec.util.DOMUtil;
import com.ibm.xml.soapsec.util.IdUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.faces.validator.BeanValidator;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:lib/com.ibm.ws.webservices.thinclient_8.5.0.jar:com/ibm/xml/soapsec/dsig/SignatureSender.class */
public class SignatureSender implements SoapSecurityComponent {
    private static final String SIGNATURE_PREFIX = "ds";
    private static final String comp = "security.wssecurity";
    SenderConfig gconfig;
    SignatureSenderConfig config;
    private IdUtil idResolver;
    private static final String BODY = "/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']";
    static final String BODY_XPATH = "count(/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::node() | /*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::*/@* | /*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::*/namespace::*) = count(/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::node() | /*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::*/@* | /*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/descendant::*/namespace::* | .)";
    static boolean USE_XPATH = false;
    static boolean USE_EMBEDDED = false;
    private static final TraceComponent tc = Tr.register(SignatureSender.class, Constants.TR_GROUP, "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");

    /* loaded from: input_file:lib/com.ibm.ws.webservices.thinclient_8.5.0.jar:com/ibm/xml/soapsec/dsig/SignatureSender$ShowerImpl.class */
    private static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        public void showSignedResource(Element element, int i, String str, String str2, byte[] bArr, String str3) {
            String str4 = null;
            try {
                str4 = str3 == null ? new String(bArr, "UTF-8") : new String(bArr, str3);
            } catch (Exception e) {
                Tr.debug(SignatureSender.tc, "WARNING: An exception occured while the content is encoded with [" + str3 + "].");
            }
            if (i < 0) {
                Tr.debug(SignatureSender.tc, "ResourceShower logs sign-SignedInfo: " + str4);
            } else if (str == null || str.length() == 0) {
                Tr.debug(SignatureSender.tc, "ResourceShower logs sign-resource_" + i + ": " + str4);
            } else {
                Tr.debug(SignatureSender.tc, "ResourceShower logs sign-" + str + ": " + str4);
            }
        }

        static /* synthetic */ ShowerImpl access$000() {
            return getInstance();
        }
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void init(Map map) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(" + map + ")");
        }
        this.gconfig = (SenderConfig) map.get(SenderConfig.class);
        this.config = (SignatureSenderConfig) map.get(SignatureSenderConfig.class);
        this.idResolver = IdUtil.getInstance();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    private static boolean matchClass(Class cls, String str) {
        if (cls.getName().equals(str)) {
            return true;
        }
        Class superclass = cls.getSuperclass();
        if (superclass != null && matchClass(superclass, str)) {
            return true;
        }
        for (Class<?> cls2 : cls.getInterfaces()) {
            if (matchClass(cls2, str)) {
                return true;
            }
        }
        return false;
    }

    private static boolean instanceOf(Object obj, String str) {
        return matchClass(obj.getClass(), str);
    }

    private static void addReferenceForBody(TemplateGenerator templateGenerator, Document document, SignatureSenderConfig signatureSenderConfig, String str) {
        Reference createReference;
        if (USE_XPATH) {
            createReference = templateGenerator.createReference("");
            createReference.addXPathTransform(BODY_XPATH);
            createReference.addTransform(signatureSenderConfig.getCanonicalizationMethod());
        } else {
            Element firstElement = DOMUtil.getFirstElement(document.getDocumentElement(), "http://schemas.xmlsoap.org/soap/envelope/", "Body");
            String idAttributeName = IdUtil.getInstance().getIdAttributeName(firstElement);
            String attribute = idAttributeName != null ? firstElement.getAttribute(idAttributeName) : null;
            if (attribute == null || attribute.length() == 0) {
                attribute = IdUtil.getInstance().makeUniqueId(document, "wssecurity_body_id_");
                firstElement.setAttributeNS(str, "wsu:Id", attribute);
                firstElement.setAttributeNS(Constants.NS_XMLNS, "xmlns:wsu", str);
            }
            createReference = templateGenerator.createReference("#" + attribute);
            String canonicalizationMethod = signatureSenderConfig.getCanonicalizationMethod();
            if (Constants.DSIG_EXCLUSIVE.equals(canonicalizationMethod) || "http://www.w3.org/2001/10/xml-exc-c14n#WithComments".equals(canonicalizationMethod)) {
                HashSet hashSet = new HashSet();
                for (Element element = firstElement; element != null && element.getNodeType() == 1; element = element.getParentNode()) {
                    NamedNodeMap attributes = element.getAttributes();
                    int length = attributes == null ? 0 : attributes.getLength();
                    for (int i = 0; i < length; i++) {
                        String nodeName = attributes.item(i).getNodeName();
                        if (nodeName.equals("xmlns")) {
                            hashSet.add("#default");
                        } else if (nodeName.startsWith("xmlns:")) {
                            hashSet.add(nodeName.substring(6));
                        }
                    }
                }
                scanNamespaceDecls(firstElement, hashSet);
                Element createElementNS = document.createElementNS(Constants.NS_DSIG, UDDIV3Names.kELTNAME_TRANSFORM);
                createElementNS.setAttributeNS(null, UDDIV3Names.kATTRNAME_ALGORITHM, canonicalizationMethod);
                if (hashSet.size() > 0) {
                    StringBuffer stringBuffer = new StringBuffer();
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        stringBuffer.append(it.next());
                        stringBuffer.append(" ");
                    }
                    Element createElementNS2 = document.createElementNS(Constants.DSIG_EXCLUSIVE, "ec:InclusiveNamespaces");
                    createElementNS2.setAttributeNS(Constants.NS_XMLNS, "xmlns:ec", Constants.DSIG_EXCLUSIVE);
                    createElementNS2.setAttributeNS(null, "PrefixList", new String(stringBuffer));
                    createElementNS.appendChild(createElementNS2);
                }
                createReference.addTransform(createElementNS);
            } else {
                createReference.addTransform(canonicalizationMethod);
            }
        }
        templateGenerator.addReference(createReference);
    }

    private static void scanNamespaceDecls(Node node, Set set) {
        NamedNodeMap attributes = node.getAttributes();
        int length = attributes == null ? 0 : attributes.getLength();
        for (int i = 0; i < length; i++) {
            String nodeName = attributes.item(i).getNodeName();
            if (nodeName.equals("xmlns")) {
                set.add("#default");
            } else if (nodeName.startsWith("xmlns:")) {
                set.add(nodeName.substring(6));
            }
        }
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return;
            }
            if (node2.getNodeType() == 1) {
                scanNamespaceDecls(node2, set);
            }
            firstChild = node2.getNextSibling();
        }
    }

    @Override // com.ibm.xml.soapsec.SoapSecurityComponent
    public void invoke(Document document, Element element, Map map) throws Exception {
        Key signingKey;
        X509Certificate x509Certificate;
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(" + document + BeanValidator.VALIDATION_GROUPS_DELIMITER + element + BeanValidator.VALIDATION_GROUPS_DELIMITER + map + ")");
        }
        String signatureMethod = this.config.getSignatureMethod();
        String keyName = this.config.getKeyName();
        KeyLocator keyLocator = this.config.getKeyLocator();
        Request[] requestArr = RequestPool.get(map, SignerRequest.class);
        if (requestArr.length == 0) {
            signingKey = keyLocator.getSigningKey(keyName);
            x509Certificate = (X509Certificate) keyLocator.getCertificate(keyName);
        } else {
            if (requestArr.length > 1 && tc.isDebugEnabled()) {
                Tr.debug(tc, requestArr.length + " SignerRequests. Using the first one");
            }
            SignerRequest signerRequest = (SignerRequest) requestArr[0];
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Switch signer to: " + signerRequest.getAlias());
            }
            signingKey = keyLocator.getSigningKey(signerRequest.getAlias());
            x509Certificate = (X509Certificate) keyLocator.getCertificate(signerRequest.getAlias());
        }
        if (signatureMethod == null) {
            if (instanceOf(signingKey, "java.security.interfaces.DSAPrivateKey")) {
                signatureMethod = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
            } else if (instanceOf(signingKey, "java.security.interfaces.RSAPrivateKey")) {
                signatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            } else {
                Tr.warning(tc, "security.wssecurity.SignatureSender.unknownKey", signingKey.getClass().getName());
            }
        }
        TemplateGenerator templateGenerator = new TemplateGenerator(document, this.config.getDigestMethod(), this.config.getCanonicalizationMethod(), signatureMethod);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Examining signing parts.");
        }
        Iterator it = this.config.getIntegralParts().iterator();
        String wsuns = Constants.getWSUNS(map);
        while (it.hasNext()) {
            if (((String) it.next()).equals("body")) {
                addReferenceForBody(templateGenerator, document, this.config, wsuns);
                z = true;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Examining RequestPool.");
        }
        for (Request request : RequestPool.get(map, SignatureRequest.class)) {
            SignatureRequest signatureRequest = (SignatureRequest) request;
            if (signatureRequest.isBodyRequest()) {
                throw SoapSecurityException.format("security.wssecurity.SignatureSender.dsig02");
            }
            Reference createReference = templateGenerator.createReference("#" + signatureRequest.getIdName());
            createReference.addTransform(this.config.getCanonicalizationMethod());
            templateGenerator.addReference(createReference);
            z = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Generating a template.");
        }
        if (!z) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke(Document doc, Element security, Map context)");
                return;
            }
            return;
        }
        Element signatureElement = templateGenerator.getSignatureElement();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Apply TemplateModifiers.");
        }
        Iterator it2 = this.config.getTemplateModifiers().iterator();
        while (it2.hasNext()) {
            ((TemplateModifier) it2.next()).modifyTemplate(signatureElement);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Starting to Sign.");
        }
        String str = null;
        element.insertBefore(signatureElement, element.getFirstChild());
        if (this.config.getPreC14n()) {
            preC14n(document, signatureElement);
        }
        if (this.gconfig.doIndentation()) {
            element.insertBefore(document.createTextNode("\n      "), signatureElement);
        } else {
            DOMUtil.removeIndentation(element);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Template: " + new String(XPathCanonicalizer.serializeSubset(signatureElement, true)));
        }
        String canonicalizationMethod = this.config.getCanonicalizationMethod();
        if (this.config.addInclusiveNamespaces() && (Constants.DSIG_EXCLUSIVE.equals(canonicalizationMethod) || "http://www.w3.org/2001/10/xml-exc-c14n#WithComments".equals(canonicalizationMethod))) {
            Element oneElement = DOMUtil.getOneElement(signatureElement, Constants.NS_DSIG, UDDIV3Names.kELTNAME_CANONMETHOD);
            HashSet hashSet = new HashSet();
            for (Element element2 = oneElement; element2 != null && element2.getNodeType() == 1; element2 = element2.getParentNode()) {
                NamedNodeMap attributes = element2.getAttributes();
                int length = attributes == null ? 0 : attributes.getLength();
                for (int i = 0; i < length; i++) {
                    String nodeName = attributes.item(i).getNodeName();
                    if (nodeName.equals("xmlns")) {
                        hashSet.add("#default");
                    } else if (nodeName.startsWith("xmlns:")) {
                        hashSet.add(nodeName.substring(6));
                    }
                }
            }
            scanNamespaceDecls(oneElement, hashSet);
            if (hashSet.size() > 0) {
                StringBuffer stringBuffer = new StringBuffer();
                Iterator it3 = hashSet.iterator();
                while (it3.hasNext()) {
                    stringBuffer.append(it3.next());
                    stringBuffer.append(" ");
                }
                Element createElementNS = document.createElementNS(Constants.DSIG_EXCLUSIVE, "ec:InclusiveNamespaces");
                createElementNS.setAttributeNS(Constants.NS_XMLNS, "xmlns:ec", Constants.DSIG_EXCLUSIVE);
                createElementNS.setAttributeNS(null, "PrefixList", new String(stringBuffer));
                oneElement.appendChild(createElementNS);
            }
        }
        SignatureContext signatureContext = new SignatureContext();
        if (tc.isDebugEnabled()) {
            signatureContext.setResourceShower(ShowerImpl.access$000());
        }
        signatureContext.setIDResolver(this.idResolver);
        String wssens = Constants.getWSSENS(map);
        if (USE_EMBEDDED) {
            insertEmbedded(signatureElement, x509Certificate.getEncoded(), wssens);
        } else {
            str = IdUtil.getInstance().makeUniqueId(document, "wssecurity_binary_security_token_id_");
            insertTokenReference(signatureElement, str, wssens);
        }
        if (this.gconfig.doIndentation()) {
            DOMUtil.indent(signatureElement, 6, 2);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Signing started.");
        }
        signatureContext.sign(signatureElement, signingKey);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Signing done.");
        }
        if (!USE_EMBEDDED) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Requesting a BinarySecurityToken for the signer certificate");
            }
            RequestPool.add(map, new TokenRequest.Binary(Constants.getQName(wssens, Constants.X509V3_SENT_QNAME), x509Certificate.getEncoded(), str, null));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Document doc, Element security, Map context)");
        }
    }

    private static void insertTokenReference(Element element, String str, String str2) {
        Element createElementNS = element.getOwnerDocument().createElementNS(str2, "wsse:Reference");
        createElementNS.setAttribute(UDDIV3Names.kATTRNAME_URI, "#" + str);
        insertSTR(element, str2).appendChild(createElementNS);
    }

    private static void insertEmbedded(Element element, byte[] bArr, String str) throws SoapSecurityException {
        Document ownerDocument = element.getOwnerDocument();
        Element createElementNS = ownerDocument.createElementNS(str, "wsse:BinarySecurityToken");
        createElementNS.appendChild(ownerDocument.createTextNode(Base64.encode(bArr)));
        Element createElementNS2 = ownerDocument.createElementNS(str, "wsse:Embedded");
        createElementNS2.appendChild(createElementNS);
        insertSTR(element, str).appendChild(createElementNS2);
        DOMUtil.setQNameAttr(createElementNS, null, "ValueType", Constants.getQName(str, Constants.X509V3_SENT_QNAME));
        DOMUtil.setQNameAttr(createElementNS, null, "EncodingType", Constants.getQName(str, Constants.BASE64_BINARY_SENT_QNAME));
    }

    private static Element insertSTR(Element element, String str) {
        Document ownerDocument = element.getOwnerDocument();
        Element createElementNS = ownerDocument.createElementNS(str, "wsse:SecurityTokenReference");
        createElementNS.setAttributeNS(Constants.NS_XMLNS, "xmlns:wsse", str);
        String str2 = UDDIV3Names.kELTNAME_KEYINFO;
        if (element.getPrefix() != null) {
            str2 = element.getPrefix() + ":KeyInfo";
        }
        Element createElementNS2 = ownerDocument.createElementNS(Constants.NS_DSIG, str2);
        createElementNS2.setAttributeNS(Constants.NS_XMLNS, element.getPrefix() != null ? "xmlns:" + element.getPrefix() : "xmlns", Constants.NS_DSIG);
        createElementNS2.appendChild(createElementNS);
        element.appendChild(createElementNS2);
        return createElementNS;
    }

    private static void preC14n(Document document, Element element) {
        Element firstElement = DOMUtil.getFirstElement(document.getDocumentElement(), "http://schemas.xmlsoap.org/soap/envelope/", "Body");
        setPrefix(firstElement, firstElement.getPrefix(), "S");
        firstElement.setAttributeNS(Constants.NS_XMLNS, "xmlns:S", "http://schemas.xmlsoap.org/soap/envelope/");
        element.removeAttribute(element.getPrefix() != null ? "xmlns:" + element.getPrefix() : "xmlns");
        setPrefix(element, element.getPrefix(), SIGNATURE_PREFIX);
        element.setAttributeNS(Constants.NS_XMLNS, SIGNATURE_PREFIX != 0 ? "xmlns:ds" : "xmlns", Constants.NS_DSIG);
        Element firstElement2 = DOMUtil.getFirstElement(element, Constants.NS_DSIG, UDDIV3Names.kELTNAME_SIGNEDINFO);
        setPrefix(firstElement2, firstElement2.getPrefix(), "Sig");
        firstElement2.setAttributeNS(Constants.NS_XMLNS, "xmlns:Sig", Constants.NS_DSIG);
    }

    static void setPrefix(Element element, String str, String str2) {
        if (element.getPrefix() == null) {
            if (str == null) {
                element.setPrefix(str2);
            }
        } else if (element.getPrefix().equals(str)) {
            element.setPrefix(str2);
        }
        if (str != null) {
            NamedNodeMap attributes = element.getAttributes();
            for (int i = 0; i < attributes.getLength(); i++) {
                Attr attr = (Attr) attributes.item(i);
                if (attr.getPrefix() != null && attr.getPrefix().equals(str)) {
                    attr.setPrefix(str2);
                }
            }
        }
        Node firstChild2 = DOMUtil.getFirstChild2(element);
        while (true) {
            Node node = firstChild2;
            if (node == null) {
                return;
            }
            switch (node.getNodeType()) {
                case 1:
                    setPrefix((Element) node, str, str2);
                    break;
            }
            firstChild2 = DOMUtil.getNextSibling2(node);
        }
    }
}
