package com.sun.identity.wss.security;

import com.sun.identity.shared.xml.XMLUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.cert.X509Certificate;
import javax.xml.parsers.ParserConfigurationException;
import org.forgerock.openam.sdk.org.apache.xml.security.c14n.CanonicalizationException;
import org.forgerock.openam.sdk.org.apache.xml.security.c14n.Canonicalizer;
import org.forgerock.openam.sdk.org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.forgerock.openam.sdk.org.apache.xml.security.signature.XMLSignatureInput;
import org.forgerock.openam.sdk.org.apache.xml.security.transforms.Transform;
import org.forgerock.openam.sdk.org.apache.xml.security.transforms.TransformSpi;
import org.forgerock.openam.sdk.org.apache.xml.security.transforms.TransformationException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/sun/identity/wss/security/STRTransform.class */
public class STRTransform extends TransformSpi {
    public static final String STR_TRANSFORM_URI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";
    private static String XMLNS = "xmlns=";

    protected String engineGetURI() {
        return STR_TRANSFORM_URI;
    }

    protected XMLSignatureInput enginePerformTransform(XMLSignatureInput xMLSignatureInput, OutputStream outputStream, Element element, String str, boolean z) throws IOException, CanonicalizationException, InvalidCanonicalizerException, TransformationException, ParserConfigurationException, SAXException {
        WSSUtils.debug.message("STRTransform.enginePerformTransform:: Start");
        if (!xMLSignatureInput.isElement()) {
            WSSUtils.debug.error("STRTransform.enginePerformTransform:: Input is not an element");
            throw new CanonicalizationException(WSSUtils.bundle.getString("invalidElement"));
        }
        if (!"SecurityTokenReference".equals(element.getLocalName())) {
            WSSUtils.debug.error("STRTransform.enginePerformTransform:: input must be security token reference");
            throw new IOException(WSSUtils.bundle.getString("invalidElement"));
        }
        try {
            new SecurityTokenReference(element);
            Canonicalizer canonicalizer = Canonicalizer.getInstance(str);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            canonicalizer.canonicalizeSubtree(element, "#default", byteArrayOutputStream);
            StringBuffer stringBuffer = new StringBuffer(new String(byteArrayOutputStream.toByteArray()));
            String stringBuffer2 = stringBuffer.toString();
            stringBuffer2.indexOf("<");
            int indexOf = stringBuffer2.indexOf(">");
            int indexOf2 = stringBuffer2.indexOf(XMLNS);
            if (indexOf2 < 0 || indexOf2 > indexOf) {
                stringBuffer.insert(stringBuffer2.indexOf(" ") + 1, "xmlns=\"\" ");
                stringBuffer2 = stringBuffer.toString();
            }
            return new XMLSignatureInput(stringBuffer2.getBytes());
        } catch (SecurityException e) {
            WSSUtils.debug.error("STRTransform.enginePerformTransform:: error", e);
            throw new TransformationException(WSSUtils.bundle.getString("transformfailed"));
        }
    }

    protected XMLSignatureInput enginePerformTransform(XMLSignatureInput xMLSignatureInput, Transform transform) throws IOException, CanonicalizationException, InvalidCanonicalizerException, TransformationException {
        WSSUtils.debug.message("STRTransform.enginePerformTransform:: Start");
        Document document = transform.getDocument();
        if (!xMLSignatureInput.isElement()) {
            WSSUtils.debug.error("STRTransform.enginePerformTransform:: Input is not an element");
            throw new CanonicalizationException(WSSUtils.bundle.getString("invalidElement"));
        }
        Element element = (Element) xMLSignatureInput.getSubNode();
        if (!"SecurityTokenReference".equals(element.getLocalName())) {
            WSSUtils.debug.error("STRTransform.enginePerformTransform:: input must be security token reference");
            throw new IOException(WSSUtils.bundle.getString("invalidElement"));
        }
        try {
            Element dereferenceSTR = dereferenceSTR(document, new SecurityTokenReference(element));
            Canonicalizer canonicalizer = Canonicalizer.getInstance(getCanonicalizationAlgo(transform));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            canonicalizer.canonicalizeSubtree(dereferenceSTR, "#default", byteArrayOutputStream);
            StringBuffer stringBuffer = new StringBuffer(new String(byteArrayOutputStream.toByteArray()));
            String stringBuffer2 = stringBuffer.toString();
            stringBuffer2.indexOf("<");
            int indexOf = stringBuffer2.indexOf(">");
            int indexOf2 = stringBuffer2.indexOf(XMLNS);
            if (indexOf2 < 0 || indexOf2 > indexOf) {
                stringBuffer.insert(stringBuffer2.indexOf(" ") + 1, "xmlns=\"\" ");
                stringBuffer2 = stringBuffer.toString();
            }
            return new XMLSignatureInput(stringBuffer2.getBytes());
        } catch (SecurityException e) {
            WSSUtils.debug.error("STRTransform.enginePerformTransform:: error", e);
            throw new TransformationException(WSSUtils.bundle.getString("transformfailed"));
        }
    }

    private Element dereferenceSTR(Document document, SecurityTokenReference securityTokenReference) throws SecurityException {
        WSSUtils.debug.message("STRTransform.deferenceSTR:: start");
        Element element = null;
        String referenceType = securityTokenReference.getReferenceType();
        if ("DirectReference".equals(referenceType)) {
            WSSUtils.debug.message("STRTRansform.deferenceSTR:: Direct reference");
            element = securityTokenReference.getTokenElement(document);
        } else if ("X509IssuerSerialRef".equals(referenceType)) {
            WSSUtils.debug.message("STRTRansform.deferenceSTR:: X509 data reference");
            element = createBinaryToken(document, AMTokenProvider.getX509Certificate(securityTokenReference.getX509IssuerSerial()));
        } else if ("KeyIdentifierRef".equals(referenceType)) {
            WSSUtils.debug.message("STRTRansform.deferenceSTR:: keyidentifier reference");
            KeyIdentifier keyIdentifier = securityTokenReference.getKeyIdentifier();
            String valueType = keyIdentifier.getValueType();
            element = ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(valueType) || WSSConstants.SAML2_ASSERTION_VALUE_TYPE.equals(valueType)) ? keyIdentifier.getTokenElement(document) : createBinaryToken(document, keyIdentifier.getX509Certificate());
        }
        return element;
    }

    private Element createBinaryToken(Document document, X509Certificate x509Certificate) throws SecurityException {
        Element documentElement = new BinarySecurityToken(x509Certificate, BinarySecurityToken.X509V3, BinarySecurityToken.BASE64BINARY).toDocumentElement();
        document.importNode(documentElement, true);
        return documentElement;
    }

    private String getCanonicalizationAlgo(Transform transform) {
        String str = null;
        if (transform.length("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", WSSConstants.TRANSFORMATION_PARAMETERS) == 1) {
            str = ((Element) WSSUtils.getDirectChild(XMLUtils.getChildNode(transform.getElement(), "wsse:TransformationParameters"), "CanonicalizationMethod", "http://www.w3.org/2000/09/xmldsig#")).getAttribute("Algorithm");
        }
        return str;
    }

    public boolean wantsOctetStream() {
        return true;
    }

    public boolean wantsNodeSet() {
        return true;
    }

    public boolean returnsOctetStream() {
        return true;
    }

    public boolean returnsNodeSet() {
        return false;
    }

    static {
        try {
            Transform.register(STR_TRANSFORM_URI, STRTransform.class.getName());
        } catch (Exception e) {
        }
    }
}
