package org.opensaml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/opensaml1-1.1.jar:org/opensaml/SAMLSignedObject.class
  input_file:WEB-INF/lib/wss4j-1.5.11-wso2v19.jar:opensaml1-1.1.jar:org/opensaml/SAMLSignedObject.class
 */
/* loaded from: input_file:WEB-INF/lib/opensaml-2.6.6.wso2v3.jar:org/opensaml/SAMLSignedObject.class */
public abstract class SAMLSignedObject extends SAMLObject implements Cloneable {
    private XMLSignature sig = null;
    private boolean sig_from_parse = false;

    public Object getNativeSignature() {
        return this.sig;
    }

    public abstract String getId();

    @Override // org.opensaml.SAMLObject
    public void fromDOM(Element element) throws SAMLException {
        super.fromDOM(element);
        Element firstChildElement = XML.getFirstChildElement(element, "http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (firstChildElement != null) {
            try {
                this.sig = new XMLSignature(firstChildElement, "");
                this.sig_from_parse = true;
            } catch (XMLSecurityException e) {
                throw new InvalidCryptoException(new StringBuffer().append("SAMLSignedObject.fromDOM() detected an XML security exception: ").append(e.getMessage()).toString(), e);
            }
        }
    }

    @Override // org.opensaml.SAMLObject
    public Node toDOM(boolean z) throws SAMLException {
        return (this.root != null || this.sig == null) ? super.toDOM(z) : toDOM(this.sig.getDocument(), z);
    }

    protected abstract void insertSignature() throws SAMLException;

    /* JADX INFO: Access modifiers changed from: protected */
    public Element getSignatureElement() {
        if (this.sig != null) {
            return this.sig.getElement();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.SAMLObject
    public void setDirty(boolean z) {
        if (z) {
            unsign();
        }
        super.setDirty(z);
    }

    public void unsign() {
        if (this.sig != null && this.sig.getElement().getParentNode() != null) {
            this.sig.getElement().getParentNode().removeChild(this.sig.getElement());
        }
        this.sig = null;
    }

    public void sign(String str, Key key, Collection collection) throws SAMLException {
        sign(str, null, key, collection);
    }

    public void sign(String str, String str2, Key key, Collection collection) throws SAMLException {
        unsign();
        toDOM();
        plantRoot();
        try {
            this.sig = new XMLSignature(this.root.getOwnerDocument(), "", str, "http://www.w3.org/2001/10/xml-exc-c14n#");
            insertSignature();
            Transforms transforms = new Transforms(this.sig.getDocument());
            transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
            transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
            transforms.item(1).getElement().appendChild(new InclusiveNamespaces(this.root.getOwnerDocument(), this.config.getProperty("org.opensaml.inclusive-namespace-prefixes")).getElement());
            if (this.config.getBooleanProperty("org.opensaml.compatibility-mode")) {
                this.sig.addDocument("", transforms, str2 != null ? str2 : "http://www.w3.org/2000/09/xmldsig#sha1");
            } else {
                this.sig.addDocument(new StringBuffer().append("#").append(getId()).toString(), transforms, str2 != null ? str2 : "http://www.w3.org/2000/09/xmldsig#sha1");
            }
            X509Data x509Data = new X509Data(this.root.getOwnerDocument());
            if (collection != null) {
                int i = 0;
                Iterator it = collection.iterator();
                while (it.hasNext()) {
                    Object next = it.next();
                    if (next instanceof X509Certificate) {
                        if (!it.hasNext() && i > 0 && ((X509Certificate) next).getSubjectDN().equals(((X509Certificate) next).getIssuerDN())) {
                            break;
                        } else {
                            x509Data.addCertificate((X509Certificate) next);
                        }
                    }
                    i++;
                }
            }
            if (x509Data.lengthCertificate() > 0) {
                KeyInfo keyInfo = new KeyInfo(this.root.getOwnerDocument());
                keyInfo.add(x509Data);
                this.sig.getElement().appendChild(keyInfo.getElement());
            }
            this.sig.sign(key);
        } catch (XMLSecurityException e) {
            unsign();
            throw new InvalidCryptoException(new StringBuffer().append("SAMLSignedObject.sign() detected an XML security exception: ").append(e.getMessage()).toString(), e);
        }
    }

    public void verify() throws SAMLException {
        verify((Key) null);
    }

    public void verify(Certificate certificate) throws SAMLException {
        verify(certificate.getPublicKey());
    }

    public void verify(Key key) throws SAMLException {
        if (!isSigned()) {
            throw new InvalidCryptoException("SAMLSignedObject.verify() can't verify unsigned object");
        }
        try {
            boolean z = false;
            SignedInfo signedInfo = this.sig.getSignedInfo();
            if (signedInfo.getLength() == 1) {
                Reference item = signedInfo.item(0);
                if (item.getURI() == null || item.getURI().equals("") || item.getURI().equals(new StringBuffer().append("#").append(getId()).toString())) {
                    Transforms transforms = item.getTransforms();
                    int i = 0;
                    while (true) {
                        if (i >= transforms.getLength()) {
                            break;
                        }
                        if (transforms.item(i).getURI().equals("http://www.w3.org/2000/09/xmldsig#enveloped-signature")) {
                            z = true;
                        } else if (!transforms.item(i).getURI().equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
                            z = false;
                            break;
                        }
                        i++;
                    }
                }
            }
            if (!z) {
                throw new InvalidCryptoException("SAMLSignedObject.verify() detected an invalid signature profile");
            }
            if (key == null) {
                if (this.sig_from_parse) {
                    key = this.sig.getKeyInfo().getPublicKey();
                } else {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byteArrayOutputStream.write(Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315").canonicalizeSubtree(this.sig.getElement().getLastChild()));
                    key = new KeyInfo(XML.parserPool.parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).getDocumentElement(), "").getPublicKey();
                }
            }
            if (!this.sig.checkSignatureValue(key)) {
                throw new InvalidCryptoException("SAMLSignedObject.verify() failed to validate signature value");
            }
        } catch (IOException e) {
            throw new InvalidCryptoException(new StringBuffer().append("SAMLSignedObject.verify() detected an I/O exception: ").append(e.getMessage()).toString(), e);
        } catch (XMLSecurityException e2) {
            throw new InvalidCryptoException(new StringBuffer().append("SAMLSignedObject.verify() detected an XML security exception: ").append(e2.getMessage()).toString(), e2);
        } catch (SAXException e3) {
            throw new InvalidCryptoException(new StringBuffer().append("SAMLSignedObject.verify() detected a XML parsing exception: ").append(e3.getMessage()).toString(), e3);
        }
    }

    public Iterator getX509Certificates() throws SAMLException {
        if (!isSigned()) {
            throw new InvalidCryptoException("SAMLSignedObject.getX509Certificates() can't examine unsigned object");
        }
        KeyInfo keyInfo = this.sig.getKeyInfo();
        if (keyInfo != null && keyInfo.containsX509Data()) {
            for (int i = 0; i < keyInfo.lengthX509Data(); i++) {
                try {
                    X509Data itemX509Data = keyInfo.itemX509Data(i);
                    if (itemX509Data.containsCertificate()) {
                        ArrayList arrayList = new ArrayList(itemX509Data.lengthCertificate());
                        for (int i2 = 0; i2 < itemX509Data.lengthCertificate(); i2++) {
                            arrayList.add(itemX509Data.itemCertificate(i2).getX509Certificate());
                        }
                        return arrayList.iterator();
                    }
                } catch (XMLSecurityException e) {
                    throw new InvalidCryptoException(new StringBuffer().append("SAMLSignedObject.getX509Certificates() detected an XML security exception: ").append(e.getMessage()).toString(), e);
                }
            }
        }
        throw new InvalidCryptoException("SAMLSignedObject.getX509Certificates() can't find any X.509 certificates in signature");
    }

    public String getSignatureAlgorithm() throws SAMLException {
        if (isSigned()) {
            return this.sig.getSignedInfo().getSignatureMethodURI();
        }
        throw new InvalidCryptoException("SAMLSignedObject.getSignatureAlgorithm() can't examine unsigned object");
    }

    public String getDigestAlgorithm() throws SAMLException {
        if (isSigned()) {
            SignedInfo signedInfo = this.sig.getSignedInfo();
            if (signedInfo.getLength() == 1) {
                try {
                    return signedInfo.item(0).getMessageDigestAlgorithm().getAlgorithmURI();
                } catch (XMLSecurityException e) {
                    throw new InvalidCryptoException(new StringBuffer().append("SAMLSignedObject.getDigestAlgorithm() detected an XML security exception: ").append(e.getMessage()).toString(), e);
                }
            }
        }
        throw new InvalidCryptoException("SAMLSignedObject.getDigestAlgorithm() can't examine unsigned or improperly signed object");
    }

    public boolean isSigned() {
        return this.sig != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.SAMLObject
    public Object clone() throws CloneNotSupportedException {
        SAMLSignedObject sAMLSignedObject = (SAMLSignedObject) super.clone();
        sAMLSignedObject.sig = null;
        return sAMLSignedObject;
    }
}
