package com.sun.xml.wss.filter;

import com.sun.enterprise.management.support.WebModuleSupport;
import com.sun.org.apache.xml.security.exceptions.AlgorithmAlreadyRegisteredException;
import com.sun.org.apache.xml.security.transforms.Transform;
import com.sun.org.apache.xml.security.transforms.Transforms;
import com.sun.org.apache.xml.security.utils.Constants;
import com.sun.org.apache.xpath.internal.XPathAPI;
import com.sun.xml.wss.KeyInfoStrategy;
import com.sun.xml.wss.MessageConstants;
import com.sun.xml.wss.MessageFilter;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.SignatureHeaderBlock;
import com.sun.xml.wss.Target;
import com.sun.xml.wss.XMLUtil;
import com.sun.xml.wss.XWSSecurityException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.logging.Level;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:119166-09/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/filter/SignFilter.class */
public class SignFilter extends FilterBase implements MessageFilter {
    private String strTransformXpath;
    private boolean exportSigBlock;
    private String x509TokenId;

    public SignFilter() {
        this.exportSigBlock = true;
    }

    public SignFilter(String str, String str2) throws XWSSecurityException {
        this.exportSigBlock = true;
        if (str2 == null) {
            throw new XWSSecurityException("STR-XPath can not be null");
        }
        if (str != null) {
            this.targets = new ArrayList();
            this.targets.add(new Target("xpath", str));
        }
        this.strTransformXpath = str2;
        this.exportSigBlock = false;
    }

    public SignFilter(String str, String str2, KeyInfoStrategy keyInfoStrategy) throws XWSSecurityException {
        this.exportSigBlock = true;
        if (str == null && str2 == null) {
            throw new XWSSecurityException("Both XPath and STR-XPath can not be null");
        }
        if (null == keyInfoStrategy) {
            throw new XWSSecurityException("KeyInfoStrategy should not be null");
        }
        if (str != null) {
            this.targets = new ArrayList();
            this.targets.add(new Target("xpath", str));
        }
        this.strTransformXpath = str2;
        this.keyInfoStrategy = keyInfoStrategy;
        this.exportSigBlock = true;
    }

    public SignFilter(String str, KeyInfoStrategy keyInfoStrategy) throws XWSSecurityException {
        this.exportSigBlock = true;
        if (str == null || keyInfoStrategy == null) {
            throw new XWSSecurityException("XPath and KeyInfoStrategy can not be null");
        }
        this.targets = new ArrayList();
        this.targets.add(new Target("xpath", str));
        this.keyInfoStrategy = keyInfoStrategy;
    }

    public SignFilter(KeyInfoStrategy keyInfoStrategy) throws XWSSecurityException {
        this("//S:Body", keyInfoStrategy);
    }

    public SignFilter(ArrayList arrayList, String str, KeyInfoStrategy keyInfoStrategy) throws XWSSecurityException {
        this.exportSigBlock = true;
        if (arrayList == null && str == null) {
            throw new XWSSecurityException("Both Target List and STR-XPath can not be null");
        }
        if (null == keyInfoStrategy) {
            throw new XWSSecurityException("KeyInfoStrategy should not be null");
        }
        this.targets = arrayList;
        this.strTransformXpath = str;
        this.keyInfoStrategy = keyInfoStrategy;
        this.exportSigBlock = true;
    }

    public SignFilter(ArrayList arrayList, KeyInfoStrategy keyInfoStrategy) throws XWSSecurityException {
        this.exportSigBlock = true;
        if (arrayList == null || keyInfoStrategy == null) {
            throw new XWSSecurityException("Target List and KeyInfoStrategy can not be null");
        }
        this.targets = arrayList;
        this.keyInfoStrategy = keyInfoStrategy;
    }

    public SignFilter(ArrayList arrayList, String str) throws XWSSecurityException {
        this.exportSigBlock = true;
        if (str == null) {
            throw new XWSSecurityException("STR-XPath can not be null");
        }
        this.targets = arrayList;
        this.strTransformXpath = str;
        this.exportSigBlock = false;
    }

    @Override // com.sun.xml.wss.filter.FilterBase, com.sun.xml.wss.MessageFilter
    public void init() throws XWSSecurityException {
        if (getParameter("strtransformxpath") != null) {
            this.strTransformXpath = getParameter("strtransformxpath");
        }
        if (getParameter("exportsigblock") != null) {
            this.exportSigBlock = new Boolean(getParameter("exportsigblock")).booleanValue();
        }
        if (getParameter("x509TokenId") != null) {
            this.x509TokenId = getParameter("x509TokenId");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:73:0x01af, code lost:
    
        com.sun.xml.wss.SecurableSoapMessage.removeDocMessageAssociation(r10.getOwnerDocument());
     */
    /* JADX WARN: Code restructure failed: missing block: B:75:0x01a5, code lost:
    
        throw r17;
     */
    /* JADX WARN: Removed duplicated region for block: B:63:0x01b6 A[REMOVE] */
    @Override // com.sun.xml.wss.MessageFilter
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void process(com.sun.xml.wss.SecurableSoapMessage r9) throws com.sun.xml.wss.XWSSecurityException {
        /*
            Method dump skipped, instructions count: 441
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.xml.wss.filter.SignFilter.process(com.sun.xml.wss.SecurableSoapMessage):void");
    }

    private void addTransforms(SignatureHeaderBlock signatureHeaderBlock, SecurableSoapMessage securableSoapMessage, String str, boolean z) throws XWSSecurityException {
        try {
            NodeList selectNodeList = XPathAPI.selectNodeList(securableSoapMessage.getSOAPPart(), str, securableSoapMessage.getNSContext());
            if (selectNodeList == null || selectNodeList.getLength() == 0) {
                throw new XWSSecurityException(new StringBuffer().append("No elements exist for xpath: ").append(str).toString());
            }
            for (int i = 0; i < selectNodeList.getLength(); i++) {
                processElement(signatureHeaderBlock, securableSoapMessage, (SOAPElement) selectNodeList.item(i), createTransforms(securableSoapMessage, z));
            }
            if (z) {
                SecurableSoapMessage.setDocMessageAssociation(signatureHeaderBlock.getOwnerDocument(), securableSoapMessage);
            }
        } catch (TransformerException e) {
            throw new XWSSecurityException(e);
        }
    }

    private Transforms createTransforms(SecurableSoapMessage securableSoapMessage, boolean z) throws XWSSecurityException {
        Transforms transforms = new Transforms(securableSoapMessage.getSOAPPart());
        try {
            if (z) {
                if (!SecurableSoapMessage.isStrTransformAdded()) {
                    try {
                        Transform.register(MessageConstants.STR_TRANSFORM_URI, "com.sun.xml.wss.helpers.TransformSTR");
                        SecurableSoapMessage.setStrTransformAdded(true);
                    } catch (AlgorithmAlreadyRegisteredException e) {
                        throw new XWSSecurityException(e);
                    }
                }
                transforms.addTransform(MessageConstants.STR_TRANSFORM_URI);
                ((SOAPElement) transforms.item(0).getElement()).addChildElement("TransformationParameters", MessageConstants.WSSE_PREFIX, MessageConstants.WSSE_NS).addChildElement(Constants._TAG_CANONICALIZATIONMETHOD, "ds", "http://www.w3.org/2000/09/xmldsig#").setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
            } else {
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
            }
            return transforms;
        } catch (Exception e2) {
            throw new XWSSecurityException(e2.getMessage(), e2);
        }
    }

    private void processElement(SignatureHeaderBlock signatureHeaderBlock, SecurableSoapMessage securableSoapMessage, Element element, Transforms transforms) throws XWSSecurityException {
        if (element.getNodeType() != 1) {
            log.log(Level.SEVERE, "WSS0165.unable.to.encrypt");
            throw new XWSSecurityException("XPath does not correspond to a DOM Element");
        }
        String attributeNS = element.getAttributeNS(MessageConstants.WSU_NS, "Id");
        if (attributeNS.equals("")) {
            attributeNS = securableSoapMessage.generateId();
            XMLUtil.setWsuIdAttr(element, attributeNS);
        }
        signatureHeaderBlock.addSignedInfoReference(new StringBuffer().append("#").append(attributeNS).toString(), transforms);
    }

    private String convertToXpath(String str) {
        QName valueOf = QName.valueOf(str);
        return "".equals(valueOf.getNamespaceURI()) ? new StringBuffer().append(WebModuleSupport.VIRTUAL_SERVER_PREFIX).append(valueOf.getLocalPart()).toString() : new StringBuffer().append("//*[local-name()='").append(valueOf.getLocalPart()).append("' and namespace-uri()='").append(valueOf.getNamespaceURI()).append("']").toString();
    }

    private String convertElemToXpath(Element element) {
        return "".equals(element.getNamespaceURI()) ? new StringBuffer().append(WebModuleSupport.VIRTUAL_SERVER_PREFIX).append(element.getLocalName()).toString() : new StringBuffer().append("//*[local-name()='").append(element.getLocalName()).append("' and namespace-uri()='").append(element.getNamespaceURI()).append("']").toString();
    }

    private PrivateKey getAssociatedPrivateKey(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        String alias = this.keyInfoStrategy.getAlias();
        X509Certificate certificate = securableSoapMessage.getSecurityEnvironment().getCertificate(alias, true);
        if (certificate == null) {
            throw new XWSSecurityException("Couldn't locate the X509 certificate corresponding to this sign operation");
        }
        this.keyInfoStrategy.setCertificate(certificate);
        return securableSoapMessage.getSecurityEnvironment().getPrivateKey(alias);
    }
}
