package com.sun.identity.saml.xmlsig;

import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.common.XMLUtils;
import java.io.ByteArrayOutputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import netscape.ldap.LDAPCache;
import org.apache.xml.security.Init;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* JADX WARN: Classes with same name are omitted:
  input_file:117586-17/SUNWamclt/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/xmlsig/AMSignatureProvider.class
 */
/* loaded from: input_file:117586-17/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/xmlsig/AMSignatureProvider.class */
public class AMSignatureProvider implements SignatureProvider {
    private KeyProvider keystore;
    private String c14nMethod;
    private String transformAlg;

    public AMSignatureProvider() {
        this.keystore = null;
        this.c14nMethod = null;
        this.transformAlg = null;
        Init.init();
        try {
            this.keystore = (KeyProvider) Class.forName(SAMLUtils.bundle.getString("keyproviderimplclass")).newInstance();
        } catch (Exception e) {
            SAMLUtils.debug.error("AMSignatureProvider:constructor error", e);
        }
        try {
            this.c14nMethod = SAMLUtils.bundle.getString("canonicalizationMethod");
            if (this.c14nMethod != null) {
                this.c14nMethod = this.c14nMethod.trim();
            }
        } catch (Exception e2) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AMSignatureProvider", e2);
            }
            this.c14nMethod = null;
        }
        try {
            this.transformAlg = SAMLUtils.bundle.getString("transformAlgorithm");
            if (this.transformAlg != null) {
                this.transformAlg = this.transformAlg.trim();
            }
        } catch (Exception e3) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AMSignatureProvider", e3);
            }
            this.transformAlg = null;
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public void initialize(KeyProvider keyProvider) {
        if (keyProvider == null) {
            SAMLUtils.debug.error("Key Provider is null");
        } else {
            this.keystore = keyProvider;
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str) throws XMLSignatureException {
        return signXML(document, str, SAMLUtils.bundle.getString("xmlsigalgorithm"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2) throws XMLSignatureException {
        XMLSignature xMLSignature;
        if (document == null) {
            SAMLUtils.debug.error("signXML: doc is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Constants.setSignatureSpecNSprefix("");
            if (this.keystore == null) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullkeystore"));
            }
            PrivateKey privateKey = this.keystore.getPrivateKey(str);
            if (privateKey == null) {
                SAMLUtils.debug.error("private key is null");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullprivatekey"));
            }
            Element documentElement = document.getDocumentElement();
            if (str2 == null || str2.equals("")) {
                str2 = SAMLUtils.bundle.getString("xmlsigalgorithm");
            }
            if (!isValidAlgorithm(str2)) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidalgorithm"));
            }
            if (this.c14nMethod == null || this.c14nMethod.equals("")) {
                xMLSignature = new XMLSignature(document, "", str2);
            } else {
                if (!isValidCanonicalizationMethod(this.c14nMethod)) {
                    throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidCanonicalizationMethod"));
                }
                xMLSignature = new XMLSignature(document, "", str2, this.c14nMethod);
            }
            documentElement.appendChild(xMLSignature.getElement());
            xMLSignature.getSignedInfo().addResourceResolver(new OfflineResolver());
            Transforms transforms = new Transforms(document);
            transforms.addTransform(SAMLConstants.TRANSFORM_ENVELOPED_SIGNATURE);
            if (this.transformAlg != null && !this.transformAlg.equals("")) {
                if (!isValidTransformAlgorithm(this.transformAlg)) {
                    throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidTransformAlgorithm"));
                }
                transforms.addTransform(this.transformAlg);
            }
            xMLSignature.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            xMLSignature.addKeyInfo(this.keystore.getX509Certificate(str));
            xMLSignature.sign(privateKey);
            return xMLSignature.getElement();
        } catch (Exception e) {
            SAMLUtils.debug.error("AMSignatureProvider::signXML", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public String signXML(String str, String str2) throws XMLSignatureException {
        return signXML(str, str2, SAMLUtils.bundle.getString("xmlsigalgorithm"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public String signXML(String str, String str2, String str3) throws XMLSignatureException {
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: xmlString is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str2 == null || str2.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Element signXML = signXML(XMLUtils.toDOMDocument(str), str2, str3);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2000);
            org.apache.xml.security.utils.XMLUtils.outputDOM(signXML, byteArrayOutputStream);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            SAMLUtils.debug.error("AMSignatureProvider::signXML", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2, String str3) throws XMLSignatureException {
        return signXML(document, str, str2, str3, null);
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2, String str3, String str4) throws XMLSignatureException {
        if (document == null) {
            SAMLUtils.debug.error("signXML: doc is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Constants.setSignatureSpecNSprefix("");
            PrivateKey privateKey = this.keystore.getPrivateKey(str);
            if (privateKey == null) {
                SAMLUtils.debug.error("private key is null");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullprivatekey"));
            }
            Element element = (Element) XPathAPI.selectSingleNode(document, new StringBuffer().append("//*[@id=\"").append(str3).append("\"]").toString());
            if (element == null) {
                SAMLUtils.debug.error("signXML: could not resolv id attribute");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidIDAttribute"));
            }
            if (str2 == null || str2.equals("")) {
                str2 = SAMLUtils.bundle.getString("xmlsigalgorithm");
            }
            if (!isValidAlgorithm(str2)) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidalgorithm"));
            }
            XMLSignature xMLSignature = new XMLSignature(document, "", str2, "http://www.w3.org/2001/10/xml-exc-c14n#");
            if (str4 == null) {
                element.appendChild(xMLSignature.getElement());
            } else {
                element.insertBefore(xMLSignature.getElement(), XPathAPI.selectSingleNode(document, str4));
            }
            xMLSignature.getSignedInfo().addResourceResolver(new OfflineResolver());
            Transforms transforms = new Transforms(document);
            transforms.addTransform(SAMLConstants.TRANSFORM_ENVELOPED_SIGNATURE);
            transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
            xMLSignature.addDocument(new StringBuffer().append(LDAPCache.DELIM).append(str3).toString(), transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            xMLSignature.sign(privateKey);
            return xMLSignature.getElement();
        } catch (Exception e) {
            SAMLUtils.debug.error("AMSignatureProvider::signXML", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public String signXML(String str, String str2, String str3, String str4) throws XMLSignatureException {
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: xmlString is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str2 == null || str2.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Element signXML = signXML(XMLUtils.toDOMDocument(str), str2, str3, str4);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2000);
            org.apache.xml.security.utils.XMLUtils.outputDOM(signXML, byteArrayOutputStream);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            SAMLUtils.debug.error("AMSignatureProvider::signXML", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Document document, String str) throws XMLSignatureException {
        if (document == null) {
            SAMLUtils.debug.error("verifyXMLSignature: document is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            NodeList selectNodeList = XPathAPI.selectNodeList(document, "//ds:Signature", org.apache.xml.security.utils.XMLUtils.createDSctx(document, "ds", "http://www.w3.org/2000/09/xmldsig#"));
            X509Certificate x509Certificate = this.keystore.getX509Certificate(str);
            PublicKey publicKey = this.keystore.getPublicKey(str);
            for (int i = 0; i < selectNodeList.getLength(); i++) {
                XMLSignature xMLSignature = new XMLSignature((Element) selectNodeList.item(i), "");
                xMLSignature.addResourceResolver(new OfflineResolver());
                KeyInfo keyInfo = xMLSignature.getKeyInfo();
                X509Certificate x509Certificate2 = getX509Certificate(keyInfo);
                if (keyInfo == null || x509Certificate2 == null) {
                    if (str == null || str.equals("")) {
                        return false;
                    }
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Could not find a KeyInfo, try to use certAlias");
                    }
                    if (x509Certificate != null) {
                        if (!xMLSignature.checkSignatureValue(x509Certificate)) {
                            return false;
                        }
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message(new StringBuffer().append("verifyXMLSignature: Signature ").append(i).append(" verified").toString());
                        }
                    } else {
                        if (publicKey == null) {
                            SAMLUtils.debug.error("Could not find public key based on certAlias to verify signature");
                            return false;
                        }
                        if (!xMLSignature.checkSignatureValue(publicKey)) {
                            return false;
                        }
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message(new StringBuffer().append("verifyXMLSignature: Signature ").append(i).append(" verified").toString());
                        }
                    }
                } else {
                    String certificateAlias = this.keystore.getCertificateAlias(x509Certificate2);
                    if (certificateAlias == null) {
                        SAMLUtils.debug.error("verifyXMLSignature: certificate is not trusted.");
                        throw new XMLSignatureException(SAMLUtils.bundle.getString("untrustedCertificate"));
                    }
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("Found CERT. Cert alias name is ").append(certificateAlias).toString());
                    }
                    PublicKey publicKey2 = getPublicKey(keyInfo);
                    if (publicKey2 == null) {
                        SAMLUtils.debug.error("Could not find public key from KeyInfo to verify signature");
                        return false;
                    }
                    if (!xMLSignature.checkSignatureValue(publicKey2)) {
                        return false;
                    }
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("verifyXMLSignature: Signature ").append(i).append(" verified").toString());
                    }
                }
            }
            return true;
        } catch (Exception e) {
            SAMLUtils.debug.error("verifyXMLSignature Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Document document) throws XMLSignatureException {
        if (document != null) {
            return verifyXMLSignature(document, (String) null);
        }
        SAMLUtils.debug.error("verifyXMLSignature: document is null.");
        throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Element element) throws XMLSignatureException {
        if (element != null) {
            return verifyXMLSignature(XMLUtils.print(element));
        }
        SAMLUtils.debug.error("signXML: element is null.");
        throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Element element, String str) throws XMLSignatureException {
        if (element != null) {
            return verifyXMLSignature(XMLUtils.print(element), str);
        }
        SAMLUtils.debug.error("signXML: element is null.");
        throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(String str) throws XMLSignatureException {
        return verifyXMLSignature(str, (String) null);
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(String str, String str2) throws XMLSignatureException {
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: xmlString is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Document dOMDocument = XMLUtils.toDOMDocument(str);
            XMLSignature xMLSignature = new XMLSignature((Element) XPathAPI.selectSingleNode(dOMDocument, "//ds:Signature[1]", org.apache.xml.security.utils.XMLUtils.createDSctx(dOMDocument, "ds", "http://www.w3.org/2000/09/xmldsig#")), "");
            xMLSignature.addResourceResolver(new OfflineResolver());
            KeyInfo keyInfo = xMLSignature.getKeyInfo();
            X509Certificate x509Certificate = getX509Certificate(keyInfo);
            if (keyInfo != null && x509Certificate != null) {
                String certificateAlias = this.keystore.getCertificateAlias(x509Certificate);
                if (certificateAlias == null) {
                    SAMLUtils.debug.error("verifyXMLSignature: certificate is not trusted.");
                    throw new XMLSignatureException(SAMLUtils.bundle.getString("untrustedCertificate"));
                }
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("Found CERT. Cert alias name is ").append(certificateAlias).toString());
                }
                PublicKey publicKey = getPublicKey(keyInfo);
                if (publicKey != null) {
                    return xMLSignature.checkSignatureValue(publicKey);
                }
                SAMLUtils.debug.error("Could not find public key from KeyInfo to verify signature");
                return false;
            }
            if (str2 == null || str2.equals("")) {
                return false;
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("Could not find a KeyInfo, try to use certAlias");
            }
            X509Certificate x509Certificate2 = this.keystore.getX509Certificate(str2);
            if (x509Certificate2 != null) {
                return xMLSignature.checkSignatureValue(x509Certificate2);
            }
            PublicKey publicKey2 = this.keystore.getPublicKey(str2);
            if (publicKey2 != null) {
                return xMLSignature.checkSignatureValue(publicKey2);
            }
            SAMLUtils.debug.error("Could not find public key based on certAlias to verify signature");
            return false;
        } catch (Exception e) {
            SAMLUtils.debug.error(new StringBuffer().append("verifyXMLSignature Exception: ").append(e.getMessage()).toString());
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public KeyProvider getKeyProvider() {
        return this.keystore;
    }

    private X509Certificate getX509Certificate(KeyInfo keyInfo) {
        X509Certificate x509Certificate = null;
        if (keyInfo != null) {
            try {
                if (keyInfo.containsX509Data()) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Could find a X509Data element in the KeyInfo");
                    }
                    x509Certificate = keyInfo.getX509Certificate();
                }
            } catch (Exception e) {
                SAMLUtils.debug.error(new StringBuffer().append("getX509Certificate(KeyInfo) Exception: ").append(e.getMessage()).toString());
                return null;
            }
        }
        return x509Certificate;
    }

    private PublicKey getPublicKey(KeyInfo keyInfo) {
        PublicKey publicKey = null;
        X509Certificate x509Certificate = getX509Certificate(keyInfo);
        if (x509Certificate != null) {
            publicKey = x509Certificate.getPublicKey();
        }
        return publicKey;
    }

    private boolean isValidAlgorithm(String str) {
        return str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_SHA1) || str.equals("http://www.w3.org/2000/09/xmldsig#dsa-sha1") || str.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1") || str.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1") || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5) || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_RSA_RIPEMD160) || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_RSA_SHA256) || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_RSA_SHA384) || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_RSA_SHA512) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_RIPEMD160) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_SHA256) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_SHA384) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_SHA512);
    }

    private boolean isValidCanonicalizationMethod(String str) {
        return str.equals(SAMLConstants.ENCODING) || str.equals(SAMLConstants.XPATH_C14N_WITH_COMMENTS) || str.equals(SAMLConstants.XPATH_C14N_OMIT_COMMENTS) || str.equals(SAMLConstants.XPATH_C14N_WITH_COMMENTS_SINGLE_NODE) || str.equals(SAMLConstants.XPATH_C14N_OMIT_COMMENTS_SINGLE_NODE) || str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315") || str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments") || str.equals("http://www.w3.org/2001/10/xml-exc-c14n#") || str.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
    }

    private boolean isValidTransformAlgorithm(String str) {
        return str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315") || str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments") || str.equals("http://www.w3.org/2001/10/xml-exc-c14n#") || str.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments") || str.equals(SAMLConstants.TRANSFORM_XSLT) || str.equals(SAMLConstants.TRANSFORM_BASE64_DECODE) || str.equals(SAMLConstants.TRANSFORM_XPATH) || str.equals(SAMLConstants.TRANSFORM_ENVELOPED_SIGNATURE) || str.equals(SAMLConstants.TRANSFORM_XPOINTER) || str.equals(SAMLConstants.TRANSFORM_XPATH2FILTER04) || str.equals(SAMLConstants.TRANSFORM_XPATH2FILTER) || str.equals(SAMLConstants.TRANSFORM_XPATHFILTERCHGP);
    }
}
