package org.apache.ws.security.message;

import java.util.HashSet;
import java.util.Set;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:lib/wss4j-1.5.11-wso2v20.jar:org/apache/ws/security/message/WSSecDKSign.class */
public class WSSecDKSign extends WSSecDerivedKeyBase {
    private static final Log log = LogFactory.getLog(WSSecDKSign.class.getName());
    protected String sigAlgo = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
    protected String canonAlgo = "http://www.w3.org/2001/10/xml-exc-c14n#";
    protected byte[] signatureValue = null;
    private XMLSignature sig = null;
    private KeyInfo keyInfo = null;
    private String keyInfoUri = null;
    private SecurityTokenReference secRef = null;
    private String strUri = null;
    private WSDocInfo wsDocInfo;

    public Document build(Document document, WSSecHeader wSSecHeader) throws WSSecurityException, ConversationException {
        prepare(document, wSSecHeader);
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(document.getDocumentElement());
        if (this.parts == null) {
            this.parts = new Vector();
            this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        }
        addReferencesToSign(this.parts, wSSecHeader);
        computeSignature();
        prependSigToHeader(wSSecHeader);
        prependDKElementToHeader(wSSecHeader);
        return document;
    }

    public void prepare(Document document, WSSecHeader wSSecHeader) throws WSSecurityException, ConversationException {
        super.prepare(document);
        this.wsDocInfo = new WSDocInfo(document);
        if (this.canonAlgo.equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
            Element createElementInSignatureSpace = XMLUtils.createElementInSignatureSpace(document, Constants._TAG_CANONICALIZATIONMETHOD);
            createElementInSignatureSpace.setAttributeNS(null, "Algorithm", this.canonAlgo);
            if (this.wssConfig.isWsiBSPCompliant()) {
                createElementInSignatureSpace.appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(wSSecHeader.getSecurityHeader(), false)).getElement());
            }
            try {
                this.sig = new XMLSignature(document, (String) null, new SignatureAlgorithm(document, this.sigAlgo).getElement(), createElementInSignatureSpace);
            } catch (XMLSecurityException e) {
                log.error("", e);
                throw new WSSecurityException(10, "noXMLSig", null, e);
            }
        } else {
            try {
                this.sig = new XMLSignature(document, (String) null, this.sigAlgo, this.canonAlgo);
            } catch (XMLSecurityException e2) {
                log.error("", e2);
                throw new WSSecurityException(10, "noXMLSig", null, e2);
            }
        }
        this.sig.addResourceResolver(EnvelopeIdResolver.getInstance());
        this.sig.setId(this.wssConfig.getIdAllocator().createId("Signature-", this.sig));
        this.keyInfo = this.sig.getKeyInfo();
        this.keyInfoUri = this.wssConfig.getIdAllocator().createSecureId("KeyId-", this.keyInfo);
        this.keyInfo.setId(this.keyInfoUri);
        this.secRef = new SecurityTokenReference(document);
        this.strUri = this.wssConfig.getIdAllocator().createSecureId("STRId-", this.secRef);
        this.secRef.setID(this.strUri);
        Reference reference = new Reference(this.document);
        reference.setURI("#" + this.dktId);
        this.secRef.setReference(reference);
        this.keyInfo.addUnknownElement(this.secRef.getElement());
    }

    protected Set getInclusivePrefixes(Element element) {
        return getInclusivePrefixes(element, true);
    }

    protected Set getInclusivePrefixes(Element element, boolean z) {
        HashSet hashSet = new HashSet();
        Element element2 = element;
        while (!(element2.getParentNode() instanceof Document)) {
            element2 = element2.getParentNode();
            NamedNodeMap attributes = element2.getAttributes();
            for (int i = 0; i < attributes.getLength(); i++) {
                Node item = attributes.item(i);
                if (item.getNamespaceURI() != null && item.getNamespaceURI().equals("http://www.w3.org/2000/xmlns/")) {
                    if (item.getNodeName().equals("xmlns")) {
                        hashSet.add("#default");
                    } else {
                        hashSet.add(item.getLocalName());
                    }
                }
            }
        }
        if (z) {
            NamedNodeMap attributes2 = element.getAttributes();
            for (int i2 = 0; i2 < attributes2.getLength(); i2++) {
                Node item2 = attributes2.item(i2);
                if (item2.getNamespaceURI() != null && item2.getNamespaceURI().equals("http://www.w3.org/2000/xmlns/")) {
                    if (item2.getNodeName().equals("xmlns")) {
                        hashSet.remove("#default");
                    } else {
                        hashSet.remove(item2.getLocalName());
                    }
                }
                if (item2.getPrefix() != null) {
                    hashSet.remove(item2.getPrefix());
                }
            }
            if (element.getPrefix() == null) {
                hashSet.remove("#default");
            } else {
                hashSet.remove(element.getPrefix());
            }
        }
        return hashSet;
    }

    public void addReferencesToSign(Vector vector, WSSecHeader wSSecHeader) throws WSSecurityException {
        Element documentElement = this.document.getDocumentElement();
        for (int i = 0; i < vector.size(); i++) {
            WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) vector.get(i);
            String id = wSEncryptionPart.getId();
            String name = wSEncryptionPart.getName();
            String namespace = wSEncryptionPart.getNamespace();
            Transforms transforms = new Transforms(this.document);
            if (id != null) {
                try {
                    Element findElementById = WSSecurityUtil.findElementById(this.document.getDocumentElement(), id, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                    if (findElementById == null) {
                        findElementById = WSSecurityUtil.findElementById(this.document.getDocumentElement(), id, null);
                    }
                    transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(findElementById)).getElement());
                    }
                    this.sig.addDocument("#" + id, transforms);
                } catch (XMLSignatureException e) {
                    throw new WSSecurityException(10, "noXMLSig", null, e);
                } catch (TransformationException e2) {
                    throw new WSSecurityException(10, "noXMLSig", null, e2);
                }
            } else if (name.equals("Token")) {
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                if (this.wssConfig.isWsiBSPCompliant()) {
                    transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(this.keyInfo.getElement())).getElement());
                }
                this.sig.addDocument("#" + this.keyInfoUri, transforms);
            } else if (name.equals("STRTransform")) {
                transforms.addTransform("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform", createSTRParameter(this.document));
                this.sig.addDocument("#" + this.strUri, transforms);
            } else if (name.equals("Assertion")) {
                String assertionId = SAMLUtil.getAssertionId(documentElement, name, namespace);
                Element element = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                if (element == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{namespace + ", " + name});
                }
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                if (this.wssConfig.isWsiBSPCompliant()) {
                    transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(element)).getElement());
                }
                element.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", WSSecurityUtil.setNamespace(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu") + ":Id", assertionId);
                this.sig.addDocument("#" + assertionId, transforms);
            } else {
                Element element2 = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                if (element2 == null) {
                    throw new WSSecurityException(0, "noEncElement", new Object[]{namespace + ", " + name});
                }
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                if (this.wssConfig.isWsiBSPCompliant()) {
                    transforms.item(0).getElement().appendChild(new InclusiveNamespaces(this.document, getInclusivePrefixes(element2)).getElement());
                }
                this.sig.addDocument("#" + setWsuId(element2), transforms);
            }
        }
    }

    protected Element createSTRParameter(Document document) {
        Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:TransformationParameters");
        WSSecurityUtil.setNamespace(createElementNS, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
        Element createElementNS2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod");
        WSSecurityUtil.setNamespace(createElementNS2, "http://www.w3.org/2000/09/xmldsig#", "ds");
        createElementNS2.setAttributeNS(null, "Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    public void prependSigToHeader(WSSecHeader wSSecHeader) {
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.sig.getElement());
    }

    public void appendSigToHeader(WSSecHeader wSSecHeader) {
        wSSecHeader.getSecurityHeader().appendChild(this.sig.getElement());
    }

    public Element getSignatureElement() {
        return this.sig.getElement();
    }

    public void computeSignature() throws WSSecurityException {
        boolean store = WSDocInfoStore.store(this.wsDocInfo);
        try {
            try {
                this.sig.sign(this.sig.createSecretKey(this.derivedKeyBytes));
                this.signatureValue = this.sig.getSignatureValue();
                if (store) {
                    WSDocInfoStore.delete(this.wsDocInfo);
                }
            } catch (XMLSignatureException e) {
                throw new WSSecurityException(10, null, null, e);
            } catch (Exception e2) {
                throw new WSSecurityException(10, null, null, e2);
            }
        } catch (Throwable th) {
            if (store) {
                WSDocInfoStore.delete(this.wsDocInfo);
            }
            throw th;
        }
    }

    @Override // org.apache.ws.security.message.WSSecDerivedKeyBase
    protected int getDerivedKeyLength() throws WSSecurityException {
        return this.derivedKeyLength > 0 ? this.derivedKeyLength : WSSecurityUtil.getKeyLength(this.sigAlgo);
    }

    public void setSignatureAlgorithm(String str) {
        this.sigAlgo = str;
    }

    public byte[] getSignatureValue() {
        return this.signatureValue;
    }

    public void setSigCanonicalization(String str) {
        this.canonAlgo = str;
    }

    public String getSigCanonicalization() {
        return this.canonAlgo;
    }
}
