package weblogic.wsee.security.policy;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import weblogic.wsee.policy.framework.DOMUtils;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.security.policy.assertions.IntegrityAssertion;
import weblogic.wsee.security.policy.assertions.xbeans.IntegrityDocument;
import weblogic.wsee.security.policy.assertions.xbeans.IntegrityTargetType;
import weblogic.wsee.security.policy.assertions.xbeans.SecurityTokenType;
import weblogic.wsee.security.policy.assertions.xbeans.TransformType;
import weblogic.wsee.security.wss.SecurityPolicyException;
import weblogic.xml.crypto.dsig.api.CanonicalizationMethod;
import weblogic.xml.crypto.dsig.api.Reference;
import weblogic.xml.crypto.dsig.api.SignatureMethod;
import weblogic.xml.crypto.dsig.api.SignedInfo;
import weblogic.xml.crypto.dsig.api.XMLSignatureFactory;
import weblogic.xml.crypto.dsig.api.spec.C14NMethodParameterSpec;
import weblogic.xml.crypto.dsig.api.spec.DigestMethodParameterSpec;
import weblogic.xml.crypto.dsig.api.spec.SignatureMethodParameterSpec;
import weblogic.xml.crypto.dsig.api.spec.TransformParameterSpec;
import weblogic.xml.crypto.dsig.api.spec.XPathFilterParameterSpec;
import weblogic.xml.crypto.wss.WSSecurityException;

/* loaded from: input_file:weblogic/wsee/security/policy/SigningPolicy.class */
public class SigningPolicy {
    private SignedInfo signedInfo;
    private SignatureMethod sigMethod;
    private CanonicalizationMethod cMethod;
    private String digestAlgorithm;
    public static final String XPATH_TXFORM_URI = "http://www.w3.org/TR/1999/REC-xpath-19991116";
    public static final QName XPATH_FILTER_ELEMENT = new QName("http://www.w3.org/TR/1999/REC-xpath-19991116", "XPath");
    private List validSignatureTokens = new ArrayList();
    private boolean includeSigningTokens = false;
    private boolean X509AuthConditional = false;
    private List references = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/wsee/security/policy/SigningPolicy$DOMParameterSpec.class */
    public static class DOMParameterSpec implements TransformParameterSpec {
        private DocumentFragment fragment;

        public DOMParameterSpec(DocumentFragment documentFragment) {
            this.fragment = documentFragment;
        }

        public DocumentFragment getDocumentFragment() {
            return this.fragment;
        }
    }

    public SigningPolicy(XMLSignatureFactory xMLSignatureFactory, SigningReferencesFactory signingReferencesFactory, SOAPMessageContext sOAPMessageContext, Set set) throws PolicyException, SecurityPolicyException, WSSecurityException {
        this.sigMethod = null;
        this.cMethod = null;
        this.digestAlgorithm = null;
        Iterator it = set.iterator();
        while (it.hasNext()) {
            IntegrityAssertion integrityAssertion = (IntegrityAssertion) it.next();
            Map namespaceMap = integrityAssertion.getNamespaceMap();
            IntegrityDocument.Integrity integrity = integrityAssertion.getXbean().getIntegrity();
            this.includeSigningTokens |= integrity.getSignToken();
            this.X509AuthConditional |= integrity.getX509AuthConditional();
            if (!integrity.isSetSupportedTokens()) {
                throw new PolicyException("Supportedtokens element is missing from Integrity assertion");
            }
            for (SecurityTokenType securityTokenType : integrity.getSupportedTokens().getSecurityTokenArray()) {
                SecurityToken securityToken = new SecurityToken(XBeanUtils.getElement(securityTokenType), null, securityTokenType.getTokenType(), securityTokenType.getIncludeInMessage());
                securityToken.setDerivedFromTokenType(securityTokenType.getDerivedFromTokenType());
                this.validSignatureTokens.add(securityToken);
            }
            for (IntegrityTargetType integrityTargetType : integrity.getTargetArray()) {
                try {
                    List processSigningTransforms = processSigningTransforms(xMLSignatureFactory, integrityTargetType);
                    String uri = integrityTargetType.getDigestAlgorithm().getURI();
                    this.digestAlgorithm = uri;
                    this.references.addAll(signingReferencesFactory.getSigningReferences(xMLSignatureFactory, integrityTargetType.getMessageParts(), xMLSignatureFactory.newDigestMethod(uri, (DigestMethodParameterSpec) null), processSigningTransforms, sOAPMessageContext, namespaceMap));
                } catch (InvalidAlgorithmParameterException e) {
                    throw new SecurityPolicyException(e.getMessage(), e);
                } catch (NoSuchAlgorithmException e2) {
                    throw new SecurityPolicyException(e2.getMessage(), e2);
                }
            }
            try {
                CanonicalizationMethod newCanonicalizationMethod = xMLSignatureFactory.newCanonicalizationMethod(integrity.getCanonicalizationAlgorithm().getURI(), (C14NMethodParameterSpec) null);
                if (this.cMethod == null) {
                    this.cMethod = newCanonicalizationMethod;
                }
                try {
                    SignatureMethod newSignatureMethod = xMLSignatureFactory.newSignatureMethod(integrity.getSignatureAlgorithm().getURI(), (SignatureMethodParameterSpec) null);
                    if (this.sigMethod == null) {
                        this.sigMethod = newSignatureMethod;
                    }
                } catch (InvalidAlgorithmParameterException e3) {
                    throw new WSSecurityException(e3.getMessage(), (Exception) e3);
                } catch (NoSuchAlgorithmException e4) {
                    throw new WSSecurityException(e4.getMessage(), (Exception) e4);
                }
            } catch (InvalidAlgorithmParameterException e5) {
                throw new WSSecurityException(e5.getMessage(), (Exception) e5);
            } catch (NoSuchAlgorithmException e6) {
                throw new WSSecurityException(e6.getMessage(), (Exception) e6);
            }
        }
        this.signedInfo = xMLSignatureFactory.newSignedInfo(this.cMethod, this.sigMethod, this.references);
    }

    public SignedInfo newSignedInfo(XMLSignatureFactory xMLSignatureFactory, Reference reference) {
        ArrayList arrayList = new ArrayList(this.references);
        arrayList.add(reference);
        return xMLSignatureFactory.newSignedInfo(this.cMethod, this.sigMethod, arrayList);
    }

    public SignedInfo getSignedInfo() {
        return this.signedInfo;
    }

    public List getValidSignatureTokens() {
        return this.validSignatureTokens;
    }

    public boolean signedSecurityTokens() {
        return this.includeSigningTokens;
    }

    public boolean isX509AuthConditional() {
        return this.X509AuthConditional;
    }

    private static List processSigningTransforms(XMLSignatureFactory xMLSignatureFactory, IntegrityTargetType integrityTargetType) throws SecurityPolicyException {
        TransformParameterSpec dOMParameterSpec;
        ArrayList arrayList = new ArrayList();
        for (TransformType transformType : integrityTargetType.getTransformArray()) {
            String attributeValueAsString = DOMUtils.getAttributeValueAsString(XBeanUtils.getElement(transformType), new QName("URI"));
            if (attributeValueAsString == null) {
                throw new SecurityPolicyException("Could not read Transform URI from Transform element");
            }
            DocumentFragment xMLBeanChildren = XBeanUtils.getXMLBeanChildren(transformType);
            if ("http://www.w3.org/TR/1999/REC-xpath-19991116".equals(attributeValueAsString)) {
                dOMParameterSpec = createXPathFilterSpec(xMLBeanChildren);
                if (dOMParameterSpec == null) {
                    throw new SecurityPolicyException("No XPath transform parameter.");
                }
            } else {
                dOMParameterSpec = new DOMParameterSpec(xMLBeanChildren);
            }
            try {
                arrayList.add(xMLSignatureFactory.newTransform(attributeValueAsString, dOMParameterSpec));
            } catch (InvalidAlgorithmParameterException e) {
                throw new SecurityPolicyException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SecurityPolicyException(e2);
            }
        }
        if (arrayList.size() == 0) {
            try {
                arrayList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", null));
            } catch (InvalidAlgorithmParameterException e3) {
            } catch (NoSuchAlgorithmException e4) {
            }
        }
        return arrayList;
    }

    public String getDigestAlgorithm() {
        return null != this.digestAlgorithm ? this.digestAlgorithm : "http://www.w3.org/2000/09/xmldsig#sha1";
    }

    private static XPathFilterParameterSpec createXPathFilterSpec(DocumentFragment documentFragment) {
        NodeList childNodes = documentFragment.getChildNodes();
        if (childNodes == null || childNodes.getLength() == 0) {
            return null;
        }
        return new XPathFilterParameterSpec(DOMUtils.getTextContent((Element) childNodes.item(0), true));
    }
}
