package com.sun.identity.saml2.xmlsig;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.am.util.XMLUtils;
import com.sun.identity.saml.xmlsig.OfflineResolver;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.org.apache.xml.security.Init;
import com.sun.org.apache.xml.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.security.keys.KeyInfo;
import com.sun.org.apache.xml.security.keys.keyresolver.KeyResolverException;
import com.sun.org.apache.xml.security.signature.XMLSignature;
import com.sun.org.apache.xml.security.signature.XMLSignatureException;
import com.sun.org.apache.xml.security.transforms.TransformationException;
import com.sun.org.apache.xml.security.transforms.Transforms;
import com.sun.org.apache.xml.security.utils.Constants;
import com.sun.org.apache.xml.security.utils.IdResolver;
import com.sun.org.apache.xpath.internal.XPathAPI;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:122984-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/xmlsig/FMSigProvider.class */
public final class FMSigProvider implements SigProvider {
    private static String c14nMethod;
    private static String transformAlg;
    private static String sigAlg;
    private static boolean checkCert;

    @Override // com.sun.identity.saml2.xmlsig.SigProvider
    public Element sign(String str, String str2, PrivateKey privateKey, X509Certificate x509Certificate) throws SAML2Exception {
        Node node;
        if (str == null || str.length() == 0 || str2 == null || str2.length() == 0 || privateKey == null) {
            SAML2SDKUtils.debug.error(new StringBuffer().append("FMSigProvider.sign: ").append("Either input xml string or id value or ").append("private key is null.").toString());
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
        }
        Document dOMDocument = XMLUtils.toDOMDocument(str, SAML2SDKUtils.debug);
        if (dOMDocument == null) {
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
        }
        Element documentElement = dOMDocument.getDocumentElement();
        try {
            Constants.setSignatureSpecNSprefix("");
            IdResolver.registerElementById(documentElement, str2);
            try {
                if (sigAlg == null) {
                    if (privateKey.getAlgorithm().equalsIgnoreCase(SAML2Constants.DSA)) {
                        sigAlg = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
                    } else if (privateKey.getAlgorithm().equalsIgnoreCase(SAML2Constants.RSA)) {
                        sigAlg = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
                    }
                }
                XMLSignature xMLSignature = new XMLSignature(dOMDocument, "", sigAlg, c14nMethod);
                Node firstChild = documentElement.getFirstChild();
                while (true) {
                    node = firstChild;
                    if (node == null || (node.getLocalName() != null && node.getLocalName().equals("Issuer"))) {
                        break;
                    }
                    firstChild = node.getNextSibling();
                }
                Node node2 = null;
                if (node != null) {
                    node2 = node.getNextSibling();
                }
                if (node2 == null) {
                    documentElement.appendChild(xMLSignature.getElement());
                } else {
                    documentElement.insertBefore(xMLSignature.getElement(), node2);
                }
                xMLSignature.getSignedInfo().addResourceResolver(new OfflineResolver());
                Transforms transforms = new Transforms(dOMDocument);
                try {
                    transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
                    try {
                        transforms.addTransform(transformAlg);
                        try {
                            xMLSignature.addDocument(new StringBuffer().append("#").append(str2).toString(), transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
                            if (x509Certificate != null) {
                                try {
                                    xMLSignature.addKeyInfo(x509Certificate);
                                } catch (XMLSecurityException e) {
                                    throw new SAML2Exception((Throwable) e);
                                }
                            }
                            try {
                                xMLSignature.sign(privateKey);
                                if (SAML2SDKUtils.debug.messageEnabled()) {
                                    SAML2SDKUtils.debug.message(new StringBuffer().append("FMSigProvider.sign: ").append("Signing is successful.").toString());
                                }
                                return xMLSignature.getElement();
                            } catch (XMLSignatureException e2) {
                                throw new SAML2Exception((Throwable) e2);
                            }
                        } catch (XMLSignatureException e3) {
                            throw new SAML2Exception((Throwable) e3);
                        }
                    } catch (TransformationException e4) {
                        throw new SAML2Exception((Throwable) e4);
                    }
                } catch (TransformationException e5) {
                    throw new SAML2Exception((Throwable) e5);
                }
            } catch (XMLSecurityException e6) {
                throw new SAML2Exception((Throwable) e6);
            }
        } catch (XMLSecurityException e7) {
            throw new SAML2Exception((Throwable) e7);
        }
    }

    @Override // com.sun.identity.saml2.xmlsig.SigProvider
    public boolean verify(String str, String str2, X509Certificate x509Certificate) throws SAML2Exception {
        if (str == null || str.length() == 0 || str2 == null || str2.length() == 0) {
            SAML2SDKUtils.debug.error(new StringBuffer().append("FMSigProvider.verify: ").append("Either input xmlString or idValue is null.").toString());
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
        }
        Document dOMDocument = XMLUtils.toDOMDocument(str, SAML2SDKUtils.debug);
        if (dOMDocument == null) {
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorObtainingElement"));
        }
        try {
            Element element = (Element) XPathAPI.selectSingleNode(dOMDocument, "//ds:Signature[1]", com.sun.org.apache.xml.security.utils.XMLUtils.createDSctx(dOMDocument, "ds", "http://www.w3.org/2000/09/xmldsig#"));
            IdResolver.registerElementById(dOMDocument.getDocumentElement(), str2);
            try {
                XMLSignature xMLSignature = new XMLSignature(element, "");
                xMLSignature.addResourceResolver(new OfflineResolver());
                KeyInfo keyInfo = xMLSignature.getKeyInfo();
                X509Certificate x509Certificate2 = null;
                if (keyInfo != null && keyInfo.containsX509Data()) {
                    try {
                        x509Certificate2 = keyInfo.getX509Certificate();
                    } catch (KeyResolverException e) {
                        SAML2SDKUtils.debug.error(new StringBuffer().append("FMSigProvider.verify: ").append("Could not obtain a certificate ").append("from inside the document.").toString());
                        x509Certificate2 = null;
                    }
                    if (x509Certificate2 != null && checkCert) {
                        if (!x509Certificate2.equals(x509Certificate)) {
                            SAML2SDKUtils.debug.error(new StringBuffer().append("FMSigProvider.verify: ").append("The cert contained in the document ").append("is NOT the same as the one being ").append("passed in.").toString());
                            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalidCertificate"));
                        }
                        if (SAML2SDKUtils.debug.messageEnabled()) {
                            SAML2SDKUtils.debug.message(new StringBuffer().append("FMSigProvider.verify: ").append("The cert contained in the document ").append("is the same as the one being ").append("passed in.").toString());
                        }
                    }
                }
                if (x509Certificate2 == null) {
                    x509Certificate2 = x509Certificate;
                }
                try {
                    if (!xMLSignature.checkSignatureValue(x509Certificate2)) {
                        SAML2SDKUtils.debug.error(new StringBuffer().append("FMSigProvider.verify: ").append("Signature verification failed.").toString());
                        return false;
                    }
                    if (!SAML2SDKUtils.debug.messageEnabled()) {
                        return true;
                    }
                    SAML2SDKUtils.debug.message(new StringBuffer().append("FMSigProvider.verify: ").append("Signature verification successful.").toString());
                    return true;
                } catch (XMLSignatureException e2) {
                    throw new SAML2Exception((Throwable) e2);
                }
            } catch (XMLSecurityException e3) {
                throw new SAML2Exception((Throwable) e3);
            } catch (XMLSignatureException e4) {
                throw new SAML2Exception((Throwable) e4);
            } catch (IOException e5) {
                throw new SAML2Exception(e5);
            }
        } catch (TransformerException e6) {
            throw new SAML2Exception(e6);
        }
    }

    static {
        c14nMethod = null;
        transformAlg = null;
        sigAlg = null;
        checkCert = true;
        Init.init();
        c14nMethod = SystemProperties.get(SAML2Constants.CANONICALIZATION_METHOD, "http://www.w3.org/2001/10/xml-exc-c14n#");
        transformAlg = SystemProperties.get(SAML2Constants.TRANSFORM_ALGORITHM, "http://www.w3.org/2001/10/xml-exc-c14n#");
        sigAlg = SystemProperties.get(SAML2Constants.XMLSIG_ALGORITHM);
        String str = SystemProperties.get("com.sun.identity.saml.checkcert", "on");
        if (str == null || !str.trim().equalsIgnoreCase("off")) {
            return;
        }
        checkCert = false;
    }
}
