package com.sun.xml.wss.impl.dsig;

import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.SamlAssertionHeaderBlock;
import com.sun.xml.wss.core.SecurityHeader;
import com.sun.xml.wss.core.SecurityTokenReference;
import com.sun.xml.wss.core.X509SecurityToken;
import com.sun.xml.wss.core.reference.DirectReference;
import com.sun.xml.wss.core.reference.X509IssuerSerial;
import com.sun.xml.wss.core.reference.X509SubjectKeyIdentifier;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.PolicyViolationException;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.keyinfo.KeyIdentifierStrategy;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.impl.policy.mls.PrivateKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.impl.policy.verifier.SignaturePolicyVerifier;
import com.sun.xml.wss.logging.LogDomainConstants;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.crypto.Data;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.NodeSetData;
import javax.xml.crypto.OctetStreamData;
import javax.xml.crypto.URIReference;
import javax.xml.crypto.URIReferenceException;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.TransformService;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.soap.SOAPElement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com/sun/xml/wss/impl/dsig/SignatureProcessor.class */
public class SignatureProcessor {
    private static Logger logger = Logger.getLogger(LogDomainConstants.IMPL_SIGNATURE_DOMAIN, LogDomainConstants.IMPL_SIGNATURE_DOMAIN_BUNDLE);

    public static int sign(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        PrivateKey privateKey;
        KeyInfo constructKeyInfo;
        Node firstChildElement;
        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding;
        String uuid;
        try {
            SignaturePolicy signaturePolicy = (SignaturePolicy) filterProcessingContext.getSecurityPolicy();
            filterProcessingContext.getSOAPMessage();
            SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
            WSSPolicy wSSPolicy = (WSSPolicy) signaturePolicy.getKeyBinding();
            WSSPolicyConsumerImpl wSSPolicyConsumerImpl = WSSPolicyConsumerImpl.getInstance();
            SecurityHeader findOrCreateSecurityHeader = securableSoapMessage.findOrCreateSecurityHeader();
            if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy)) {
                if (filterProcessingContext.getX509CertificateBinding() != null) {
                    x509CertificateBinding = filterProcessingContext.getX509CertificateBinding();
                    filterProcessingContext.setX509CertificateBinding(null);
                } else {
                    x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy;
                }
                privateKey = ((PrivateKeyBinding) x509CertificateBinding.getKeyBinding()).getPrivateKey();
                String referenceType = x509CertificateBinding.getReferenceType();
                String strid = x509CertificateBinding.getSTRID();
                if (strid == null) {
                    strid = securableSoapMessage.generateId();
                }
                HashMap tokenCache = filterProcessingContext.getTokenCache();
                if (referenceType.equals("Direct")) {
                    String certificateIdentifier = x509CertificateBinding.getCertificateIdentifier();
                    DirectReference directReference = new DirectReference();
                    directReference.setValueType(MessageConstants.X509v3_NS);
                    X509SecurityToken x509SecurityToken = (X509SecurityToken) filterProcessingContext.getInsertedX509Cache().get(certificateIdentifier);
                    if (x509SecurityToken != null && !x509SecurityToken.getCertificate().equals(x509CertificateBinding.getX509Certificate())) {
                        x509SecurityToken = null;
                    }
                    if (x509SecurityToken != null) {
                        uuid = x509SecurityToken.getId();
                    } else {
                        uuid = wSSPolicy.getUUID();
                        if (uuid == null || uuid.equals(MessageConstants.EMPTY_STRING)) {
                            uuid = securableSoapMessage.generateId();
                        }
                    }
                    directReference.setURI(new StringBuffer().append("#").append(uuid).toString());
                    SecurityTokenReference securityTokenReference = new SecurityTokenReference();
                    securityTokenReference.setReference(directReference);
                    securityTokenReference.setWsuId(strid);
                    constructKeyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference);
                    if (x509SecurityToken == null) {
                        X509SecurityToken x509SecurityToken2 = new X509SecurityToken(securableSoapMessage.getSOAPPart(), x509CertificateBinding.getX509Certificate(), uuid);
                        securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(x509SecurityToken2);
                        filterProcessingContext.getInsertedX509Cache().put(certificateIdentifier, x509SecurityToken2);
                        firstChildElement = x509SecurityToken2.getAsSoapElement().getNextSibling();
                    } else {
                        firstChildElement = securableSoapMessage.getElementByWsuId(uuid).getNextSibling();
                    }
                } else if (referenceType.equals("Identifier")) {
                    KeyIdentifierStrategy keyIdentifierStrategy = new KeyIdentifierStrategy(x509CertificateBinding.getCertificateIdentifier(), true);
                    keyIdentifierStrategy.setCertificate(x509CertificateBinding.getX509Certificate());
                    SecurityTokenReference securityTokenReference2 = new SecurityTokenReference();
                    keyIdentifierStrategy.insertKey(securityTokenReference2, securableSoapMessage);
                    securityTokenReference2.setWsuId(strid);
                    X509SubjectKeyIdentifier x509SubjectKeyIdentifier = (X509SubjectKeyIdentifier) securityTokenReference2.getReference();
                    tokenCache.put(x509SubjectKeyIdentifier.getReferenceValue(), x509SubjectKeyIdentifier);
                    x509SubjectKeyIdentifier.setCertificate(x509CertificateBinding.getX509Certificate());
                    constructKeyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference2);
                    firstChildElement = findOrCreateSecurityHeader.getFirstChildElement();
                } else {
                    if (!referenceType.equals("IssuerSerialNumber")) {
                        throw new XWSSecurityException(new StringBuffer().append("Reference type ").append(referenceType).append("not supported").toString());
                    }
                    X509Certificate x509Certificate = x509CertificateBinding.getX509Certificate();
                    X509IssuerSerial x509IssuerSerial = new X509IssuerSerial((Document) securableSoapMessage.getSOAPPart(), x509Certificate.getIssuerDN().getName(), x509Certificate.getSerialNumber());
                    SecurityTokenReference securityTokenReference3 = new SecurityTokenReference();
                    securityTokenReference3.setReference(x509IssuerSerial);
                    securityTokenReference3.setWsuId(strid);
                    x509IssuerSerial.setCertificate(x509Certificate);
                    tokenCache.put(new StringBuffer().append(x509IssuerSerial.getIssuerName()).append(x509IssuerSerial.getSerialNumber()).toString(), x509IssuerSerial);
                    constructKeyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference3);
                    firstChildElement = findOrCreateSecurityHeader.getFirstChildElement();
                }
            } else {
                if (!PolicyTypeUtil.samlTokenPolicy(wSSPolicy)) {
                    throw new XWSSecurityException("Unsupported Key Binding for SignaturePolicy");
                }
                AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) wSSPolicy;
                PrivateKeyBinding privateKeyBinding = (PrivateKeyBinding) sAMLAssertionBinding.getKeyBinding();
                if (privateKeyBinding == null) {
                    throw new XWSSecurityException("PrivateKey binding not set for SAML Policy  by CallbackHandler");
                }
                privateKey = privateKeyBinding.getPrivateKey();
                if (privateKey == null) {
                    throw new XWSSecurityException("PrivateKey null inside PrivateKeyBinding set for SAML Policy ");
                }
                if (sAMLAssertionBinding.getReferenceType().equals("Embedded")) {
                    throw new XWSSecurityException("Embedded Reference Type for SAML Assertions not supported yet");
                }
                String assertionId = sAMLAssertionBinding.getAssertionId();
                Element assertion = sAMLAssertionBinding.getAssertion();
                Element authorityBinding = sAMLAssertionBinding.getAuthorityBinding();
                if (assertionId == null) {
                    if (assertion == null) {
                        throw new XWSSecurityException("None of SAML Assertion, SAML Assertion Id information was set into  the Policy by the CallbackHandler");
                    }
                    assertionId = assertion.getAttribute(MessageConstants.SAML_ASSERTIONID_LNAME);
                }
                SecurityTokenReference securityTokenReference4 = new SecurityTokenReference((Document) securableSoapMessage.getSOAPPart());
                String strid2 = sAMLAssertionBinding.getSTRID();
                if (strid2 == null) {
                    strid2 = securableSoapMessage.generateId();
                }
                securityTokenReference4.setWsuId(strid2);
                if (authorityBinding != null) {
                    securityTokenReference4.setSamlAuthorityBinding(authorityBinding, securableSoapMessage.getSOAPPart());
                }
                new KeyIdentifierStrategy(assertionId).insertKey(securityTokenReference4, securableSoapMessage);
                constructKeyInfo = wSSPolicyConsumerImpl.constructKeyInfo(signaturePolicy, securityTokenReference4);
                if (assertion == null || authorityBinding != null) {
                    firstChildElement = findOrCreateSecurityHeader.getFirstChildElement();
                } else {
                    SamlAssertionHeaderBlock samlAssertionHeaderBlock = new SamlAssertionHeaderBlock(assertion, securableSoapMessage.getSOAPPart());
                    securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(samlAssertionHeaderBlock);
                    firstChildElement = samlAssertionHeaderBlock.getAsSoapElement().getNextSibling();
                }
            }
            SignedInfo constructSignedInfo = WSSPolicyConsumerImpl.getInstance().constructSignedInfo(filterProcessingContext);
            DOMSignContext dOMSignContext = firstChildElement == null ? new DOMSignContext(privateKey, findOrCreateSecurityHeader.getAsSoapElement()) : new DOMSignContext(privateKey, findOrCreateSecurityHeader.getAsSoapElement(), firstChildElement);
            dOMSignContext.setURIDereferencer(DSigResolver.getInstance());
            XMLSignature constructSignature = wSSPolicyConsumerImpl.constructSignature(constructSignedInfo, constructKeyInfo);
            dOMSignContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, filterProcessingContext);
            dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            constructSignature.sign(dOMSignContext);
            return 0;
        } catch (XWSSecurityException e) {
            if (logger.getLevel() == Level.SEVERE) {
                logger.log(Level.SEVERE, "WSS1316.sign.failed", (Throwable) e);
            }
            throw e;
        } catch (Exception e2) {
            if (logger.getLevel() == Level.SEVERE) {
                logger.log(Level.SEVERE, "WSS1316.sign.failed", (Throwable) e2);
            }
            throw new XWSSecurityException(e2);
        }
    }

    public static int verify(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        try {
            try {
                WSSPolicyConsumerImpl wSSPolicyConsumerImpl = WSSPolicyConsumerImpl.getInstance();
                SOAPElement currentHeaderElement = filterProcessingContext.getSecurableSoapMessage().findSecurityHeader().getCurrentHeaderElement();
                if (currentHeaderElement == null || currentHeaderElement.getLocalName() == null || !"Signature".equals(currentHeaderElement.getLocalName())) {
                    filterProcessingContext.setPVE(new PolicyViolationException(new StringBuffer().append("Expected Signature Element as per receiver requirements, found  ").append(currentHeaderElement.getLocalName()).toString()));
                    filterProcessingContext.isPrimaryPolicyViolation(true);
                    filterProcessingContext.setInferredPolicy(null);
                    return 0;
                }
                DOMValidateContext dOMValidateContext = new DOMValidateContext(KeySelectorImpl.getInstance(), currentHeaderElement);
                XMLSignature unmarshalXMLSignature = WSSPolicyConsumerImpl.getInstance().getSignatureFactory().unmarshalXMLSignature(dOMValidateContext);
                dOMValidateContext.setURIDereferencer(DSigResolver.getInstance());
                dOMValidateContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, filterProcessingContext);
                SignaturePolicy signaturePolicy = null;
                if (filterProcessingContext.getMode() == 1 || filterProcessingContext.getMode() == 0) {
                    signaturePolicy = new SignaturePolicy();
                    filterProcessingContext.setInferredPolicy(signaturePolicy);
                }
                boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
                SecurityPolicy securityPolicy = filterProcessingContext.getSecurityPolicy();
                boolean isBSP = securityPolicy != null ? PolicyTypeUtil.messagePolicy(securityPolicy) ? ((MessagePolicy) securityPolicy).isBSP() : ((WSSPolicy) securityPolicy).isBSP() : false;
                if (!validate) {
                    if (logger.getLevel() == Level.FINEST) {
                        logger.log(Level.FINEST, "Signature failed core validation");
                        logger.log(Level.FINEST, new StringBuffer().append("Signature validation status: ").append(unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext)).toString());
                        int i = 0;
                        for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                            logger.log(Level.FINEST, new StringBuffer().append("Reference ID ").append(reference.getId()).toString());
                            logger.log(Level.FINEST, new StringBuffer().append("Reference URI ").append(reference.getURI()).toString());
                            logger.log(Level.FINEST, new StringBuffer().append("Reference[").append(i).append("] validity status: ").append(reference.validate(dOMValidateContext)).toString());
                            i++;
                        }
                    }
                    if (logger.getLevel() == Level.SEVERE) {
                        logger.log(Level.SEVERE, "WSS1315.signature.verification.failed");
                    }
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_CHECK, "Signature verification failed ", new XWSSecurityException("Signature verification failed"));
                }
                if (logger.getLevel() == Level.FINEST) {
                    logger.log(Level.FINE, "Signature Passed Core Validation");
                }
                SignedInfo signedInfo = unmarshalXMLSignature.getSignedInfo();
                if (isBSP) {
                    Iterator it = signedInfo.getReferences().iterator();
                    int i2 = 0;
                    while (it.hasNext()) {
                        int i3 = 0;
                        for (Transform transform : ((Reference) it.next()).getTransforms()) {
                            if ("http://www.w3.org/2000/09/xmldsig#enveloped-signature".equals(transform.getAlgorithm())) {
                                throw new XWSSecurityException("Enveloped signatures not permitted by BSP");
                            }
                            if (MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equals(transform.getAlgorithm()) && transform.getParameterSpec() != null && transform.getParameterSpec().getPrefixList().isEmpty()) {
                                throw new XWSSecurityException("Prefix List cannot be empty: violation of BSP 5407");
                            }
                            i3++;
                        }
                        i2++;
                    }
                }
                if (filterProcessingContext.getMode() == 1) {
                    MessagePolicy messagePolicy = (MessagePolicy) filterProcessingContext.getSecurityPolicy();
                    wSSPolicyConsumerImpl.constructSignaturePolicy(signedInfo, messagePolicy.isBSP(), signaturePolicy);
                    messagePolicy.append(signaturePolicy);
                }
                if (filterProcessingContext.getMode() == 0) {
                    verifyRequirements(filterProcessingContext, unmarshalXMLSignature, dOMValidateContext);
                    SignaturePolicy signaturePolicy2 = (SignaturePolicy) filterProcessingContext.getSecurityPolicy();
                    wSSPolicyConsumerImpl.constructSignaturePolicy(signedInfo, signaturePolicy2.isBSP(), signaturePolicy);
                    new SignaturePolicyVerifier().verifyPolicy(signaturePolicy2, signaturePolicy);
                    if (logger.getLevel() == Level.FINEST) {
                        logger.log(Level.FINE, "Reciever Requirements  are met");
                    }
                }
                return 0;
            } catch (Exception e) {
                if (logger.getLevel() == Level.FINEST) {
                    logger.log(Level.FINEST, new StringBuffer().append("Error occurred during signatureverification ").append(e.getMessage()).toString());
                }
                throw new XWSSecurityException(e);
            } catch (XMLSignatureException e2) {
                Throwable cause = e2.getCause();
                if (cause == null) {
                    throw new XWSSecurityException((Throwable) e2);
                }
                if (!(cause instanceof KeySelectorException) && !(cause instanceof URIReferenceException)) {
                    throw new XWSSecurityException((Throwable) e2);
                }
                Throwable cause2 = cause.getCause();
                if (cause2 == null || !(cause2 instanceof WssSoapFaultException)) {
                    throw new XWSSecurityException((Exception) cause);
                }
                throw ((WssSoapFaultException) cause2);
            } catch (XWSSecurityException e3) {
                throw e3;
            }
        } finally {
            filterProcessingContext.setInferredPolicy(null);
        }
    }

    public static void verifyRequirements(FilterProcessingContext filterProcessingContext, XMLSignature xMLSignature, DOMValidateContext dOMValidateContext) throws Exception {
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) ((SignaturePolicy) filterProcessingContext.getSecurityPolicy()).getFeatureBinding();
        WSSPolicyConsumerImpl wSSPolicyConsumerImpl = WSSPolicyConsumerImpl.getInstance();
        ArrayList targetBindings = featureBinding.getTargetBindings();
        if (targetBindings == null || targetBindings.size() == 0) {
            return;
        }
        ListIterator listIterator = xMLSignature.getSignedInfo().getReferences().listIterator();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        while (listIterator.hasNext()) {
            Reference reference = (Reference) listIterator.next();
            arrayList.add(new DataWrapper(getData(reference, dOMValidateContext)));
            arrayList2.add(reference);
        }
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        ArrayList arrayList5 = new ArrayList();
        ArrayList arrayList6 = new ArrayList();
        ArrayList arrayList7 = new ArrayList();
        Iterator it = targetBindings.iterator();
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        while (it.hasNext()) {
            SignatureTarget signatureTarget = (SignatureTarget) it.next();
            boolean enforce = signatureTarget.getEnforce();
            List list = null;
            if (enforce) {
                try {
                    list = wSSPolicyConsumerImpl.generateReferenceList(Collections.singletonList(signatureTarget), securableSoapMessage, filterProcessingContext, true);
                } catch (Exception e) {
                    logger.log(Level.SEVERE, "WSS1302.reflist_error", (Throwable) e);
                    if (enforce) {
                        throw new XWSSecurityException(new StringBuffer().append("Receiver requirement for SignatureTarget ").append(signatureTarget.getValue()).append(" is not met").toString());
                    }
                }
            } else {
                arrayList3.add(signatureTarget);
            }
            if (enforce) {
                if (list.size() <= 0) {
                    throw new XWSSecurityException(new StringBuffer().append("Receiver requirement for SignatureTarget ").append(signatureTarget.getValue()).append(" is not met").toString());
                }
                boolean z = signatureTarget.getValue().startsWith(MessageConstants.PROCESS_ALL_ATTACHMENTS);
                for (int i = 0; i < list.size(); i++) {
                    Reference reference2 = (Reference) list.get(i);
                    try {
                        Data data = getData(reference2, dOMValidateContext);
                        if (enforce && data != null) {
                            DataWrapper dataWrapper = new DataWrapper(data);
                            dataWrapper.setTarget(signatureTarget);
                            arrayList4.add(dataWrapper);
                            arrayList5.add(reference2);
                        }
                    } catch (Exception e2) {
                        if (enforce) {
                            throw new XWSSecurityException(new StringBuffer().append("Receiver requirement for SignatureTarget ").append(signatureTarget.getValue()).append(" is not met").toString());
                        }
                    }
                    if (!z) {
                        break;
                    }
                }
            }
        }
        if (arrayList3.size() == 0 && arrayList5.size() != arrayList2.size()) {
            throw new XWSSecurityException("Number of Signature Targets in the message dont match number of Targets in receiver requirements");
        }
        if (arrayList4.size() == 0) {
            if (logger.isLoggable(Level.FINER)) {
                logger.log(Level.FINER, "No mandatory receiver requirements were provided");
                return;
            }
            return;
        }
        for (int i2 = 0; i2 < arrayList4.size(); i2++) {
            DataWrapper dataWrapper2 = (DataWrapper) arrayList4.get(i2);
            boolean z2 = false;
            int i3 = 0;
            while (true) {
                if (i3 >= arrayList.size()) {
                    break;
                }
                if (isEqual(dataWrapper2, (DataWrapper) arrayList.get(i3), (Reference) arrayList5.get(i2), (Reference) arrayList2.get(i3))) {
                    arrayList.remove(i3);
                    arrayList2.remove(i3);
                    z2 = true;
                    break;
                }
                i3++;
            }
            if (!z2) {
                throw new XWSSecurityException(new StringBuffer().append("Receiver requirement for SignatureTarget having ").append(dataWrapper2.getTarget().getType()).append(" type and value ").append(dataWrapper2.getTarget().getValue()).append(" is not met").toString());
            }
        }
        if (arrayList.size() == 0) {
            if (logger.getLevel() == Level.FINEST) {
                logger.log(Level.FINEST, "All receiver requirements are met");
                return;
            }
            return;
        }
        List list2 = null;
        for (int i4 = 0; i4 < arrayList3.size(); i4++) {
            SignatureTarget signatureTarget2 = (SignatureTarget) arrayList3.get(i4);
            try {
                list2 = wSSPolicyConsumerImpl.generateReferenceList(Collections.singletonList(signatureTarget2), securableSoapMessage, filterProcessingContext, true);
            } catch (Exception e3) {
                if (logger.getLevel() == Level.FINE) {
                    logger.log(Level.FINE, "Optional Target not found in the message ", (Throwable) e3);
                }
            }
            if (list2 != null && list2.size() > 0) {
                Reference reference3 = (Reference) list2.get(0);
                Data data2 = null;
                try {
                    data2 = getData(reference3, dOMValidateContext);
                } catch (Exception e4) {
                }
                if (data2 != null) {
                    DataWrapper dataWrapper3 = new DataWrapper(data2);
                    dataWrapper3.setTarget(signatureTarget2);
                    arrayList6.add(dataWrapper3);
                    arrayList7.add(reference3);
                }
            }
        }
        for (int i5 = 0; i5 < arrayList.size(); i5++) {
            DataWrapper dataWrapper4 = (DataWrapper) arrayList.get(i5);
            boolean z3 = false;
            int i6 = 0;
            while (true) {
                if (i6 >= arrayList6.size()) {
                    break;
                }
                if (isEqual((DataWrapper) arrayList6.get(i6), dataWrapper4, (Reference) arrayList7.get(i6), (Reference) arrayList2.get(i5))) {
                    arrayList6.remove(i6);
                    arrayList7.remove(i6);
                    z3 = true;
                    break;
                }
                i6++;
            }
            if (!z3) {
                throw new XWSSecurityException(new StringBuffer().append("SingatureTarget in the message with URI ").append(((Reference) arrayList2.get(i5)).getURI()).append(" has not met receiver requirements").toString());
            }
        }
        if (logger.getLevel() == Level.FINEST) {
            logger.log(Level.FINEST, "All receiver requirements are met");
        }
    }

    private static boolean isEqual(DataWrapper dataWrapper, DataWrapper dataWrapper2, Reference reference, Reference reference2) throws XWSSecurityException {
        if (dataWrapper.isNodesetData() && dataWrapper2.isNodesetData()) {
            org.jcp.xml.dsig.internal.dom.DOMSubTreeData dOMSubTreeData = (NodeSetData) dataWrapper.getData();
            org.jcp.xml.dsig.internal.dom.DOMSubTreeData dOMSubTreeData2 = (NodeSetData) dataWrapper2.getData();
            Node root = dOMSubTreeData instanceof org.jcp.xml.dsig.internal.dom.DOMSubTreeData ? dOMSubTreeData.getRoot() : null;
            Node root2 = dOMSubTreeData2 instanceof org.jcp.xml.dsig.internal.dom.DOMSubTreeData ? dOMSubTreeData2.getRoot() : null;
            if (root == null || root2 == null) {
                return false;
            }
            return root.isSameNode(root2) || root.isEqualNode(root2);
        }
        if (!dataWrapper.isOctectData() || !dataWrapper2.isOctectData()) {
            if (!dataWrapper.isAttachmentData() || !dataWrapper2.isAttachmentData()) {
                return false;
            }
            AttachmentData attachmentData = (AttachmentData) dataWrapper.getData();
            AttachmentData attachmentData2 = (AttachmentData) dataWrapper2.getData();
            String contentId = attachmentData.getAttachmentPart().getContentId();
            String contentId2 = attachmentData2.getAttachmentPart().getContentId();
            if (contentId == null || !contentId.equals(contentId2)) {
                return false;
            }
            return isTransformsEqual(reference, reference2);
        }
        OctetStreamData data = dataWrapper.getData();
        OctetStreamData data2 = dataWrapper2.getData();
        InputStream octetStream = data.getOctetStream();
        InputStream octetStream2 = data2.getOctetStream();
        byte[] bArr = new byte[128];
        byte[] bArr2 = new byte[128];
        while (true) {
            try {
                int read = octetStream.read(bArr);
                int read2 = octetStream2.read(bArr2);
                if (read == -1 && read2 == -1) {
                    return true;
                }
                if (read != read2) {
                    return false;
                }
                for (int i = 0; i < read; i++) {
                    if (bArr[i] != bArr2[i]) {
                        return false;
                    }
                }
            } catch (IOException e) {
                if (logger.getLevel() != Level.FINEST) {
                    return false;
                }
                logger.log(Level.FINEST, new StringBuffer().append("Error occurred whilecomparing OctetStreamData objects ").append(e.getMessage()).toString());
                return false;
            }
        }
    }

    private static boolean isTransformsEqual(Reference reference, Reference reference2) throws XWSSecurityException {
        List transforms = reference.getTransforms();
        List transforms2 = reference2.getTransforms();
        if (transforms.size() != transforms2.size()) {
            throw new XWSSecurityException("Receiver Requirements for the transforms are not met");
        }
        int i = 0;
        while (i < transforms.size()) {
            Transform transform = (Transform) transforms.get(i);
            Transform transform2 = (Transform) transforms2.get(i);
            String algorithm = transform.getAlgorithm();
            String algorithm2 = transform2.getAlgorithm();
            i++;
            if (algorithm != algorithm2 && (algorithm == null || !algorithm.equals(algorithm2))) {
                throw new XWSSecurityException("Receiver Requirements for the transforms are not met");
            }
        }
        return true;
    }

    private static Data getData(Reference reference, DOMValidateContext dOMValidateContext) throws Exception {
        Data dereference = DSigResolver.getInstance().dereference(new URIReference(reference.getURI()) { // from class: com.sun.xml.wss.impl.dsig.SignatureProcessor.1
            private final String val$uri;

            {
                this.val$uri = r4;
            }

            public String getURI() {
                return this.val$uri;
            }

            public String getType() {
                return null;
            }
        }, dOMValidateContext);
        if (dereference instanceof AttachmentData) {
            return dereference;
        }
        Iterator it = reference.getTransforms().iterator();
        while (it.hasNext()) {
            dereference = getData((Transform) it.next(), dereference, dOMValidateContext);
        }
        return dereference;
    }

    private static Data getData(Transform transform, Data data, DOMValidateContext dOMValidateContext) throws Exception {
        String algorithm = transform.getAlgorithm();
        if (algorithm != "http://www.w3.org/TR/1999/REC-xpath-19991116" && algorithm != MessageConstants.TRANSFORM_FILTER2 && algorithm != "http://www.w3.org/TR/1999/REC-xslt-19991116") {
            return data;
        }
        TransformService transformService = TransformService.getInstance(algorithm, "DOM");
        transformService.init(transform.getParameterSpec());
        return transformService.transform(data, dOMValidateContext);
    }

    public static boolean verifySignature(Element element, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        try {
            DOMValidateContext dOMValidateContext = new DOMValidateContext(KeySelectorImpl.getInstance(), element);
            XMLSignature unmarshalXMLSignature = WSSPolicyConsumerImpl.getInstance().getSignatureFactory().unmarshalXMLSignature(dOMValidateContext);
            dOMValidateContext.setURIDereferencer(DSigResolver.getInstance());
            dOMValidateContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, filterProcessingContext);
            boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
            if (!validate && logger.getLevel() == Level.FINEST) {
                logger.log(Level.FINEST, "Signature failed core validation");
                logger.log(Level.FINEST, new StringBuffer().append("Signature validation status: ").append(unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext)).toString());
                int i = 0;
                for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                    logger.log(Level.FINEST, new StringBuffer().append("Reference ID ").append(reference.getId()).toString());
                    logger.log(Level.FINEST, new StringBuffer().append("Reference URI ").append(reference.getURI()).toString());
                    logger.log(Level.FINEST, new StringBuffer().append("Reference[").append(i).append("] validity status: ").append(reference.validate(dOMValidateContext)).toString());
                    i++;
                }
            }
            return validate;
        } catch (Exception e) {
            logger.log(Level.FINEST, new StringBuffer().append("Exception occurred during signature verification").append(e.getMessage()).toString());
            throw new XWSSecurityException(e);
        }
    }
}
