package com.sun.identity.wss.xmlsig;

import com.iplanet.security.x509.CertUtils;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.AMSignatureProvider;
import com.sun.identity.saml.xmlsig.OfflineResolver;
import com.sun.identity.saml.xmlsig.XMLSignatureException;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.wss.security.BinarySecurityToken;
import com.sun.identity.wss.security.STRTransform;
import com.sun.identity.wss.security.WSSConstants;
import com.sun.identity.wss.security.WSSUtils;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.xml.transform.TransformerException;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.KeyInfo;
import org.forgerock.openam.sdk.org.apache.xml.security.signature.XMLSignature;
import org.forgerock.openam.sdk.org.apache.xml.security.transforms.Transform;
import org.forgerock.openam.sdk.org.apache.xml.security.transforms.Transforms;
import org.forgerock.openam.sdk.org.apache.xml.security.utils.ElementProxy;
import org.forgerock.openam.sdk.org.apache.xpath.XPathAPI;
import org.forgerock.openam.sdk.org.forgerock.http.swagger.SwaggerApiProducer;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/sun/identity/wss/xmlsig/WSSSignatureProvider.class */
public class WSSSignatureProvider extends AMSignatureProvider {
    private static final String USE_STR_TRANSFORMATION = "com.sun.identity.wss.signature.usestrtransformation";
    private boolean isSTRTransformRegistered = false;
    private boolean useSTRTransformation;

    public WSSSignatureProvider() {
        this.useSTRTransformation = true;
        this.useSTRTransformation = Boolean.valueOf(SystemConfigurationUtil.getProperty(USE_STR_TRANSFORMATION, "true")).booleanValue();
    }

    private synchronized void registerSTRTransform() {
        try {
            Transform.register(STRTransform.STR_TRANSFORM_URI, STRTransform.class.getName());
            this.isSTRTransformRegistered = true;
        } catch (Exception e) {
            if (WSSUtils.debug.messageEnabled()) {
                WSSUtils.debug.message("WSSSignatureProvider.constructor: STR Transform is already registered");
            }
        }
    }

    @Override // com.sun.identity.saml.xmlsig.AMSignatureProvider, com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signWithSAMLToken(Document document, Certificate certificate, String str, String str2, List list) throws XMLSignatureException {
        return signWithSAMLToken(document, this.keystore.getPrivateKey(this.keystore.getCertificateAlias(certificate)), false, certificate, null, str, str2, list);
    }

    @Override // com.sun.identity.saml.xmlsig.AMSignatureProvider, com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signWithSAMLToken(Document document, Key key, boolean z, Certificate certificate, Certificate certificate2, String str, String str2, List list) throws XMLSignatureException {
        if (this.useSTRTransformation && !this.isSTRTransformRegistered) {
            registerSTRTransform();
        }
        if (document == null) {
            WSSUtils.debug.error("WSSSignatureProvider.signWithSAMLToken: document is null.");
            throw new XMLSignatureException(WSSUtils.bundle.getString("nullInput"));
        }
        boolean z2 = ((Element) document.getDocumentElement().getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion").item(0)) != null;
        if (str == null) {
            WSSUtils.debug.error("WSSSignatureProvider.signWithSAMLToken: Certificate is null");
            throw new XMLSignatureException(WSSUtils.bundle.getString("nullInput"));
        }
        Element element = (Element) document.getDocumentElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security").item(0);
        Element element2 = (Element) document.getDocumentElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", WSSConstants.TIME_STAMP).item(0);
        try {
            ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            if (z) {
                str2 = SAMLConstants.ALGO_ID_MAC_HMAC_SHA1;
            } else {
                if (str2 == null || str2.length() == 0) {
                    str2 = getAlgorithmURI(getPublicKey((X509Certificate) certificate).getAlgorithm());
                }
                if (!isValidAlgorithm(str2)) {
                    throw new XMLSignatureException(WSSUtils.bundle.getString("invalidalgorithm"));
                }
            }
            NodeList selectNodeList = XPathAPI.selectNodeList(document, "//*[@wsu:Id]", AMSignatureProvider.createDSctx(document, "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"));
            if (selectNodeList != null && selectNodeList.getLength() != 0) {
                for (int i = 0; i < selectNodeList.getLength(); i++) {
                    Element element3 = (Element) selectNodeList.item(i);
                    String attributeNS = element3.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                    if (attributeNS != null && attributeNS.length() != 0) {
                        element3.setIdAttribute(attributeNS, true);
                    }
                }
            }
            XMLSignature xMLSignature = new XMLSignature(document, (String) null, str2, "http://www.w3.org/2001/10/xml-exc-c14n#");
            Element element4 = xMLSignature.getElement();
            document.importNode(element4, true);
            element4.setPrefix("ds");
            element.insertBefore(element4, element2);
            element.insertBefore(document.createTextNode("\n"), element4);
            Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:TransformationParameters");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            Element createElementNS2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod");
            createElementNS2.setAttributeNS(null, "Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
            createElementNS.appendChild(createElementNS2);
            Element createElementNS3 = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference");
            createElementNS3.setPrefix("wsse");
            createElementNS3.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            createElementNS3.setAttributeNS("http://www.w3.org/2000/xmlns/", WSSConstants.TAG_XML_WSSE11, WSSConstants.WSSE11_NS);
            String generateID = SAMLUtils.generateID();
            createElementNS3.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", generateID);
            if (z2) {
                createElementNS3.setAttributeNS(WSSConstants.WSSE11_NS, WSSConstants.TOKEN_TYPE, WSSConstants.SAML2_TOKEN_TYPE);
            } else {
                createElementNS3.setAttributeNS(WSSConstants.WSSE11_NS, WSSConstants.TOKEN_TYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
            }
            KeyInfo keyInfo = xMLSignature.getKeyInfo();
            keyInfo.addUnknownElement(createElementNS3);
            if (!z || certificate2 == null) {
                xMLSignature.addKeyInfo((X509Certificate) certificate);
            } else {
                keyInfo.add(WSSUtils.encryptKey(document, key.getEncoded(), (X509Certificate) certificate2, null));
            }
            createElementNS3.setIdAttribute(generateID, true);
            int size = list.size();
            for (int i2 = 0; i2 < size; i2++) {
                Transforms transforms = new Transforms(document);
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                String str3 = (String) list.get(i2);
                if (WSSUtils.debug.messageEnabled()) {
                    WSSUtils.debug.message("id = " + str3);
                }
                xMLSignature.addDocument(SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + str3, transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            }
            if (this.useSTRTransformation) {
                Transforms transforms2 = new Transforms(document);
                transforms2.addTransform(STRTransform.STR_TRANSFORM_URI, createElementNS);
                xMLSignature.addDocument(SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + generateID, transforms2, "http://www.w3.org/2000/09/xmldsig#sha1");
            }
            Element createElementNS4 = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "KeyIdentifier");
            createElementNS4.setPrefix("wsse");
            createElementNS4.setAttribute("wsu:Id", SAMLUtils.generateID());
            createElementNS4.appendChild(document.createTextNode(str));
            if (z2) {
                createElementNS4.setAttributeNS(null, "ValueType", WSSConstants.SAML2_ASSERTION_VALUE_TYPE);
            } else {
                createElementNS4.setAttributeNS(null, "ValueType", "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
            }
            createElementNS3.appendChild(createElementNS4);
            xMLSignature.sign(key);
            if (WSSUtils.debug.messageEnabled()) {
                WSSUtils.debug.message("WSSSignatureProvider.signWithSAMLTokenSigned document" + XMLUtils.print(document.getDocumentElement()));
            }
            return xMLSignature.getElement();
        } catch (Exception e) {
            WSSUtils.debug.error("WSSSignatureProvider.signWithSAMLToken Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.AMSignatureProvider, com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signWithUserNameToken(Document document, Certificate certificate, String str, List list) throws XMLSignatureException {
        return signWithBinarySecurityToken(document, certificate, str, list, "UsernameToken", null);
    }

    @Override // com.sun.identity.saml.xmlsig.AMSignatureProvider, com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signWithBinarySecurityToken(Document document, Certificate certificate, String str, List list, String str2) throws XMLSignatureException {
        return signWithBinarySecurityToken(document, certificate, str, list, "BinarySecurityToken", str2);
    }

    private Element signWithBinarySecurityToken(Document document, Certificate certificate, String str, List list, String str2, String str3) throws XMLSignatureException {
        if (this.useSTRTransformation && !this.isSTRTransformRegistered) {
            registerSTRTransform();
        }
        if (document == null) {
            SAMLUtils.debug.error("WSSSignatureProvider.signWithBinarySecurityToken:: XML doc is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("WSSSignatureProvider.signWithWSSToken: Document to be signed : " + XMLUtils.print(document.getDocumentElement()));
        }
        Element element = (Element) document.getDocumentElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security").item(0);
        try {
            ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            PrivateKey privateKey = this.keystore.getPrivateKey(this.keystore.getCertificateAlias(certificate));
            if (privateKey == null) {
                SAMLUtils.debug.error("WSSSignatureProvider.signWithWSSToken: private key is null");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullprivatekey"));
            }
            if (str == null || str.length() == 0) {
                str = getAlgorithmURI(getPublicKey((X509Certificate) certificate).getAlgorithm());
            }
            if (!isValidAlgorithm(str)) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidalgorithm"));
            }
            NodeList selectNodeList = XPathAPI.selectNodeList(document, "//*[@wsu:Id]", AMSignatureProvider.createDSctx(document, "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"));
            if (selectNodeList != null && selectNodeList.getLength() != 0) {
                for (int i = 0; i < selectNodeList.getLength(); i++) {
                    Element element2 = (Element) selectNodeList.item(i);
                    String attributeNS = element2.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                    if (attributeNS != null && attributeNS.length() != 0) {
                        element2.setIdAttribute(attributeNS, true);
                    }
                }
            }
            XMLSignature xMLSignature = new XMLSignature(document, "", str, "http://www.w3.org/2001/10/xml-exc-c14n#");
            element.appendChild(xMLSignature.getElement());
            Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:TransformationParameters");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            Element createElementNS2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod");
            createElementNS2.setAttributeNS(null, "Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
            createElementNS.appendChild(createElementNS2);
            Element createElementNS3 = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:SecurityTokenReference");
            createElementNS3.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            createElementNS3.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            String generateID = SAMLUtils.generateID();
            createElementNS3.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", generateID);
            xMLSignature.getKeyInfo().addUnknownElement(createElementNS3);
            createElementNS3.setIdAttribute(generateID, true);
            int size = list.size();
            for (int i2 = 0; i2 < size; i2++) {
                Transforms transforms = new Transforms(document);
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                String str4 = (String) list.get(i2);
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("id = " + str4);
                }
                xMLSignature.addDocument(SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + str4, transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            }
            if (((Element) element.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", str2).item(0)) != null && this.useSTRTransformation) {
                Transforms transforms2 = new Transforms(document);
                transforms2.addTransform(STRTransform.STR_TRANSFORM_URI, createElementNS);
                xMLSignature.addDocument(SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + generateID, transforms2, "http://www.w3.org/2000/09/xmldsig#sha1");
            }
            if (str3 == null || str3.equals("DirectReference")) {
                Element createElementNS4 = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Reference");
                createElementNS4.setPrefix("wsse");
                createElementNS3.appendChild(createElementNS4);
                Element element3 = (Element) element.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", str2).item(0);
                if (element3 != null) {
                    createElementNS4.setAttributeNS(null, "URI", SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + element3.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id"));
                }
                if ("BinarySecurityToken".equals(str2)) {
                    createElementNS4.setAttributeNS(null, "ValueType", BinarySecurityToken.X509V3);
                } else if ("UsernameToken".equals(str2)) {
                    createElementNS4.setAttributeNS(null, "ValueType", WSSConstants.TAG_USERNAME_VALUE_TYPE);
                    xMLSignature.addKeyInfo((X509Certificate) certificate);
                }
            } else if ("KeyIdentifierRef".equals(str3)) {
                if (createKeyIdentifierReference(document, certificate) == null) {
                    throw new XMLSignatureException(WSSUtils.bundle.getString("noSubjectKeyIdentifier"));
                }
                createElementNS3.appendChild(createKeyIdentifierReference(document, certificate));
            } else if ("X509IssuerSerialRef".equals(str3)) {
                createElementNS3.appendChild(createX509DataReference(document, certificate));
            }
            xMLSignature.sign(privateKey);
            return xMLSignature.getElement();
        } catch (Exception e) {
            SAMLUtils.debug.error("WSSSignatureProvider: signWithBinaryTokenProfile Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.AMSignatureProvider, com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyWSSSignature(Document document, String str) throws XMLSignatureException {
        if (this.useSTRTransformation && !this.isSTRTransformRegistered) {
            registerSTRTransform();
        }
        if (document == null) {
            WSSUtils.debug.error("WSSSignatureProvider.verifyWSSSignature: document is null.");
            throw new XMLSignatureException(WSSUtils.bundle.getString("nullInput"));
        }
        try {
            NodeList selectNodeList = XPathAPI.selectNodeList(document, "//*[@wsu:Id]", AMSignatureProvider.createDSctx(document, "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"));
            if (selectNodeList != null && selectNodeList.getLength() != 0) {
                for (int i = 0; i < selectNodeList.getLength(); i++) {
                    Element element = (Element) selectNodeList.item(i);
                    String attributeNS = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                    if (attributeNS != null && attributeNS.length() != 0) {
                        element.setIdAttribute(attributeNS, true);
                    }
                }
            }
            NodeList selectNodeList2 = XPathAPI.selectNodeList(document, "//*[@AssertionID]");
            if (selectNodeList2 != null && selectNodeList2.getLength() != 0) {
                int length = selectNodeList2.getLength();
                for (int i2 = 0; i2 < length; i2++) {
                    Element element2 = (Element) selectNodeList2.item(i2);
                    String attribute = element2.getAttribute("AssertionID");
                    if (attribute != null && attribute.length() != 0) {
                        element2.setIdAttribute(attribute, true);
                    }
                }
            }
            Element createDSctx = AMSignatureProvider.createDSctx(document, "ds", "http://www.w3.org/2000/09/xmldsig#");
            NodeList selectNodeList3 = XPathAPI.selectNodeList(document, "//ds:Signature", createDSctx);
            int length2 = selectNodeList3.getLength();
            if (WSSUtils.debug.messageEnabled()) {
                WSSUtils.debug.message("WSSSignatureProvider.verifyWSSSignature: sigElements size = " + selectNodeList3.getLength());
            }
            if (length2 == 0) {
                return false;
            }
            X509Certificate x509Certificate = this.keystore.getX509Certificate(str);
            PublicKey publicKey = this.keystore.getPublicKey(str);
            for (int i3 = 0; i3 < selectNodeList3.getLength(); i3++) {
                Element element3 = (Element) selectNodeList3.item(i3);
                if (WSSUtils.debug.messageEnabled()) {
                    WSSUtils.debug.message("Sig(" + i3 + ") = " + XMLUtils.print(element3));
                }
                try {
                    String attribute2 = ((Element) XPathAPI.selectSingleNode(element3, "//ds:Reference[1]", createDSctx)).getAttribute("URI");
                    String attribute3 = ((Element) element3.getParentNode()).getAttribute("AssertionID");
                    if (attribute2 == null || attribute3 == null || !attribute2.substring(1).equals(attribute3)) {
                        WSSUtils.debug.error("Signature reference ID does not match with element ID");
                        throw new XMLSignatureException(WSSUtils.bundle.getString("uriNoMatchWithId"));
                    }
                    XMLSignature xMLSignature = new XMLSignature(element3, "");
                    xMLSignature.addResourceResolver(new OfflineResolver());
                    KeyInfo keyInfo = xMLSignature.getKeyInfo();
                    if (keyInfo.itemEncryptedKey(0) != null) {
                        return xMLSignature.checkSignatureValue(WSSUtils.getXMLEncryptionManager().decryptKey(keyInfo.getElement(), str));
                    }
                    PublicKey x509PublicKey = getX509PublicKey(document, keyInfo);
                    if (x509PublicKey != null) {
                        if (!xMLSignature.checkSignatureValue(x509PublicKey)) {
                            if (!WSSUtils.debug.messageEnabled()) {
                                return false;
                            }
                            WSSUtils.debug.message("verifyWSSSignature: Signature Verfication failed");
                            return false;
                        }
                        if (WSSUtils.debug.messageEnabled()) {
                            WSSUtils.debug.message("verifyWSSSignature: Signature " + i3 + " verified");
                        }
                    } else {
                        if (str == null || str.equals("")) {
                            if (!WSSUtils.debug.messageEnabled()) {
                                return false;
                            }
                            WSSUtils.debug.message("verifyWSSSignature:Certificate Alias is null");
                            return false;
                        }
                        if (WSSUtils.debug.messageEnabled()) {
                            WSSUtils.debug.message("Could not find a KeyInfo, try to use certAlias");
                        }
                        if (x509Certificate != null) {
                            if (!xMLSignature.checkSignatureValue(x509Certificate)) {
                                return false;
                            }
                            if (WSSUtils.debug.messageEnabled()) {
                                WSSUtils.debug.message("verifyWSSSignature: Signature " + i3 + " verified");
                            }
                        } else {
                            if (publicKey == null) {
                                WSSUtils.debug.error("Could not find public key based on certAlias to verify signature");
                                return false;
                            }
                            if (!xMLSignature.checkSignatureValue(publicKey)) {
                                return false;
                            }
                            if (WSSUtils.debug.messageEnabled()) {
                                WSSUtils.debug.message("verifyWSSSignature: Signature " + i3 + " verified");
                            }
                        }
                    }
                } catch (TransformerException e) {
                    throw new XMLSignatureException(e);
                }
            }
            return true;
        } catch (Exception e2) {
            WSSUtils.debug.error("WSSSignatureProvider: verifyWSSSignature Exception: ", e2);
            throw new XMLSignatureException(e2.getMessage());
        }
    }

    private PublicKey getPublicKeyFromWSSToken(Document document) {
        Element element;
        PublicKey publicKey = null;
        try {
            element = (Element) document.getDocumentElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security").item(0);
        } catch (Exception e) {
            SAMLUtils.debug.error("WSSSignatureProvider:getPublicKeyFromWSSToken Exception: ", e);
        }
        if (element == null) {
            return null;
        }
        Element element2 = (Element) ((Element) XPathAPI.selectSingleNode(element, "ds:Signature[1]", AMSignatureProvider.createDSctx(document, "ds", "http://www.w3.org/2000/09/xmldsig#"))).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo").item(0);
        Element element3 = (Element) element2.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Reference").item(0);
        if (element3 != null) {
            String substring = element3.getAttribute("URI").substring(1);
            Node selectSingleNode = XPathAPI.selectSingleNode(document, "//*[@wsu:Id=\"" + substring + "\"]", AMSignatureProvider.createDSctx(document, "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"));
            if (selectSingleNode != null) {
                SAMLUtils.debug.message("X509 Token");
                publicKey = getPublicKey(getCertificate(selectSingleNode.getChildNodes().item(0).getNodeValue().trim(), ((Element) selectSingleNode).getAttribute("ValueType")));
            } else {
                SAMLUtils.debug.message("SAML Token");
                Element element4 = (Element) ((Element) XPathAPI.selectSingleNode(document, "//*[@AssertionID=\"" + substring + "\"]")).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo").item(0);
                if (element4 == null) {
                    throw new Exception(SAMLUtils.bundle.getString("nullKeyInfo"));
                }
                Element element5 = (Element) element4.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Data").item(0);
                if (element5 != null) {
                    String nodeValue = element5.getChildNodes().item(0).getChildNodes().item(0).getNodeValue();
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("certString = " + nodeValue);
                    }
                    return getPublicKey(getCertificate(nodeValue, null));
                }
                publicKey = getPublicKeybyDSARSAkeyValue(document, element4);
            }
        } else {
            SAMLUtils.debug.error("WSSSignatureProvider:getPublicKeyFromWSSToken: unknow Security Token Reference");
        }
        return publicKey;
    }

    @Override // com.sun.identity.saml.xmlsig.AMSignatureProvider, com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signWithKerberosToken(Document document, Key key, String str, List list) throws XMLSignatureException {
        if (document == null) {
            SAMLUtils.debug.error("WSSSignatureProvider.signWithKerberosToken:: XML doc is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("WSSSignatureProvider.signWithKerberosToken:Document to be signed : " + XMLUtils.print(document.getDocumentElement()));
        }
        Element element = (Element) document.getDocumentElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security").item(0);
        try {
            ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            if (!isValidAlgorithm(str)) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidalgorithm"));
            }
            NodeList selectNodeList = XPathAPI.selectNodeList(document, "//*[@wsu:Id]", AMSignatureProvider.createDSctx(document, "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"));
            if (selectNodeList != null && selectNodeList.getLength() != 0) {
                for (int i = 0; i < selectNodeList.getLength(); i++) {
                    Element element2 = (Element) selectNodeList.item(i);
                    String attributeNS = element2.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                    if (attributeNS != null && attributeNS.length() != 0) {
                        element2.setIdAttribute(attributeNS, true);
                    }
                }
            }
            XMLSignature xMLSignature = new XMLSignature(document, "", str, "http://www.w3.org/2001/10/xml-exc-c14n#");
            element.appendChild(xMLSignature.getElement());
            Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:TransformationParameters");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            Element createElementNS2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod");
            createElementNS2.setAttributeNS(null, "Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
            createElementNS.appendChild(createElementNS2);
            Element createElementNS3 = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:SecurityTokenReference");
            createElementNS3.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            createElementNS3.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            String generateID = SAMLUtils.generateID();
            createElementNS3.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", generateID);
            xMLSignature.getKeyInfo().addUnknownElement(createElementNS3);
            createElementNS3.setIdAttribute(generateID, true);
            int size = list.size();
            for (int i2 = 0; i2 < size; i2++) {
                Transforms transforms = new Transforms(document);
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                String str2 = (String) list.get(i2);
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("id = " + str2);
                }
                xMLSignature.addDocument(SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + str2, transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            }
            Element createElementNS4 = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Reference");
            createElementNS3.appendChild(createElementNS4);
            createElementNS4.setAttributeNS(null, "URI", SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER + ((Element) element.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken").item(0)).getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id"));
            createElementNS4.setAttributeNS(null, "ValueType", WSSConstants.KERBEROS_VALUE_TYPE);
            xMLSignature.sign(key);
            return xMLSignature.getElement();
        } catch (Exception e) {
            SAMLUtils.debug.error("WSSSignatureProvider: signWithBinaryTokenProfile Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.AMSignatureProvider, com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyWSSSignature(Document document, Key key) throws XMLSignatureException {
        return verifyWSSSignature(document, key, null, null);
    }

    @Override // com.sun.identity.saml.xmlsig.AMSignatureProvider, com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyWSSSignature(Document document, Key key, String str, String str2) throws XMLSignatureException {
        throw new UnsupportedOperationException("Enveloping and detached XML signatures are no longer supported");
    }

    private Element createKeyIdentifierReference(Document document, Certificate certificate) {
        Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "KeyIdentifier");
        createElementNS.setPrefix("wsse");
        createElementNS.setAttribute("wsu:Id", SAMLUtils.generateID());
        byte[] extensionValue = ((X509Certificate) certificate).getExtensionValue("2.5.29.14");
        if (extensionValue == null) {
            return null;
        }
        createElementNS.appendChild(document.createTextNode(Base64.encode(extensionValue)));
        createElementNS.setAttributeNS(null, "ValueType", WSSConstants.KEY_IDENTIFIER_VALUE_TYPE);
        createElementNS.setAttributeNS(null, WSSConstants.TAG_ENCODING_TYPE, BinarySecurityToken.BASE64BINARY);
        return createElementNS;
    }

    private Element createX509DataReference(Document document, Certificate certificate) {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Element createElementNS = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "X509Data");
        createElementNS.setPrefix("ds");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", WSSConstants.TAG_X509_ISSUERSERIAL);
        Element createElementNS3 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", WSSConstants.TAG_X509_ISSUERNAME);
        createElementNS3.appendChild(document.createTextNode(CertUtils.getIssuerName(x509Certificate)));
        Element createElementNS4 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", WSSConstants.TAG_X509_SERIALNUMBER);
        createElementNS4.appendChild(document.createTextNode(x509Certificate.getSerialNumber().toString()));
        createElementNS2.appendChild(createElementNS3);
        createElementNS2.appendChild(createElementNS4);
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }
}
