package weblogic.wsee.security.wss.policy.wssp;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import weblogic.wsee.policy.framework.DOMUtils;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.security.policy.SigningReferencesFactory;
import weblogic.wsee.security.policy.XBeanUtils;
import weblogic.wsee.security.policy.assertions.IntegrityAssertion;
import weblogic.wsee.security.policy.assertions.xbeans.IntegrityDocument;
import weblogic.wsee.security.policy.assertions.xbeans.IntegrityTargetType;
import weblogic.wsee.security.policy.assertions.xbeans.TransformType;
import weblogic.wsee.security.policy12.assertions.SignedElements;
import weblogic.wsee.security.policy12.assertions.XPath;
import weblogic.wsee.security.policy12.assertions.XPath2;
import weblogic.wsee.security.wss.SecurityPolicyException;
import weblogic.wsee.security.wss.plan.helper.SOAPSecurityHeaderHelper;
import weblogic.wsee.security.wss.plan.helper.XpathNodesHelper;
import weblogic.wsee.security.wss.policy.SecurityPolicyArchitectureException;
import weblogic.wsee.security.wss.policy.SignaturePolicy;
import weblogic.wsee.security.wssp.QNameExpr;
import weblogic.xml.crypto.dsig.XPathFilter2Transform;
import weblogic.xml.crypto.dsig.api.Reference;
import weblogic.xml.crypto.dsig.api.SignedInfo;
import weblogic.xml.crypto.dsig.api.Transform;
import weblogic.xml.crypto.dsig.api.XMLSignatureFactory;
import weblogic.xml.crypto.dsig.api.spec.C14NMethodParameterSpec;
import weblogic.xml.crypto.dsig.api.spec.DigestMethodParameterSpec;
import weblogic.xml.crypto.dsig.api.spec.SignatureMethodParameterSpec;
import weblogic.xml.crypto.dsig.api.spec.TransformParameterSpec;
import weblogic.xml.crypto.dsig.api.spec.XPathFilter2ParameterSpec;
import weblogic.xml.crypto.dsig.api.spec.XPathFilterParameterSpec;
import weblogic.xml.crypto.wss.WSSecurityException;

/* loaded from: input_file:weblogic/wsee/security/wss/policy/wssp/SigningPolicyBlueprintImpl.class */
public class SigningPolicyBlueprintImpl extends SigningPolicyImpl implements SignaturePolicy {
    static int sequnce;
    private XMLSignatureFactory signatureFactory;
    private SigningReferencesFactory signingReferencesFactory;
    public static final String XPATH_TXFORM_URI = "http://www.w3.org/TR/1999/REC-xpath-19991116";
    public static final QName XPATH_FILTER_ELEMENT;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/wsee/security/wss/policy/wssp/SigningPolicyBlueprintImpl$DOMParameterSpec.class */
    public static class DOMParameterSpec implements TransformParameterSpec {
        private DocumentFragment fragment;

        public DOMParameterSpec(DocumentFragment documentFragment) {
            this.fragment = documentFragment;
        }

        public DocumentFragment getDocumentFragment() {
            return this.fragment;
        }
    }

    public SigningPolicyBlueprintImpl(XMLSignatureFactory xMLSignatureFactory, SigningReferencesFactory signingReferencesFactory) {
        this.signatureFactory = xMLSignatureFactory;
        this.signingReferencesFactory = signingReferencesFactory;
    }

    public SigningPolicyBlueprintImpl(XMLSignatureFactory xMLSignatureFactory, SigningReferencesFactory signingReferencesFactory, SOAPMessageContext sOAPMessageContext, Set set) throws PolicyException, SecurityPolicyException, WSSecurityException {
        this.signatureFactory = xMLSignatureFactory;
        this.signingReferencesFactory = signingReferencesFactory;
        Iterator it = set.iterator();
        while (it.hasNext()) {
            IntegrityAssertion integrityAssertion = (IntegrityAssertion) it.next();
            Map namespaceMap = integrityAssertion.getNamespaceMap();
            IntegrityDocument.Integrity integrity = integrityAssertion.getXbean().getIntegrity();
            this.includeSigningTokens |= integrity.getSignToken();
            this.X509AuthConditional |= integrity.getX509AuthConditional();
            if (!integrity.isSetSupportedTokens()) {
                throw new PolicyException("Supportedtokens element is missing from Integrity assertion");
            }
            addSignatureTokens(integrity.getSupportedTokens().getSecurityTokenArray());
            for (IntegrityTargetType integrityTargetType : integrity.getTargetArray()) {
                try {
                    this.references.addAll(signingReferencesFactory.getSigningReferences(xMLSignatureFactory, integrityTargetType.getMessageParts(), xMLSignatureFactory.newDigestMethod(integrityTargetType.getDigestAlgorithm().getURI(), (DigestMethodParameterSpec) null), processSigningTransforms(xMLSignatureFactory, integrityTargetType), sOAPMessageContext, namespaceMap));
                } catch (InvalidAlgorithmParameterException e) {
                    throw new SecurityPolicyException(e.getMessage(), e);
                } catch (NoSuchAlgorithmException e2) {
                    throw new SecurityPolicyException(e2.getMessage(), e2);
                }
            }
            setCanonicalizationMethod(integrity.getCanonicalizationAlgorithm().getURI());
            setSignatureMethod(integrity.getSignatureAlgorithm().getURI());
        }
    }

    @Override // weblogic.wsee.security.wss.policy.wssp.SigningPolicyImpl, weblogic.wsee.security.wss.policy.SignaturePolicy
    public void setSignatureMethod(String str) throws SecurityPolicyArchitectureException {
        try {
            this.signatureMethod = this.signatureFactory.newSignatureMethod(str, (SignatureMethodParameterSpec) null);
        } catch (InvalidAlgorithmParameterException e) {
            throw new SecurityPolicyArchitectureException(e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityPolicyArchitectureException(e2.getMessage(), e2);
        }
    }

    @Override // weblogic.wsee.security.wss.policy.wssp.SigningPolicyImpl, weblogic.wsee.security.wss.policy.SignaturePolicy
    public void setCanonicalizationMethod(String str) throws SecurityPolicyArchitectureException {
        try {
            this.canonicalizationMethod = this.signatureFactory.newCanonicalizationMethod(str, (C14NMethodParameterSpec) null);
        } catch (InvalidAlgorithmParameterException e) {
            throw new SecurityPolicyArchitectureException(e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityPolicyArchitectureException(e2.getMessage(), e2);
        }
    }

    @Override // weblogic.wsee.security.wss.policy.wssp.SigningPolicyImpl, weblogic.wsee.security.wss.policy.SignaturePolicy
    public void setDigestMethod(String str) throws SecurityPolicyArchitectureException {
        try {
            this.digestMethod = this.signatureFactory.newDigestMethod(str, (DigestMethodParameterSpec) null);
        } catch (InvalidAlgorithmParameterException e) {
            throw new SecurityPolicyArchitectureException(e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityPolicyArchitectureException(e2.getMessage(), e2);
        }
    }

    @Override // weblogic.wsee.security.wss.policy.SignaturePolicy
    public SignedInfo newSignedInfo(Reference reference) {
        ArrayList arrayList = new ArrayList(this.references);
        arrayList.add(reference);
        return this.signatureFactory.newSignedInfo(this.canonicalizationMethod, this.signatureMethod, arrayList);
    }

    @Override // weblogic.wsee.security.wss.policy.SignaturePolicy
    public SignedInfo getSignedInfo() {
        removeDuplicatedReference();
        return this.signatureFactory.newSignedInfo(this.canonicalizationMethod, this.signatureMethod, this.references);
    }

    private void removeDuplicatedReference() {
        if (null == this.references || this.references.size() < 2) {
            return;
        }
        HashMap hashMap = new HashMap(this.references.size());
        for (int i = 0; i < this.references.size(); i++) {
            hashMap.put(((Reference) this.references.get(i)).getURI(), this.references.get(i));
        }
        if (hashMap.size() == this.references.size()) {
            return;
        }
        this.references = new ArrayList(hashMap.values());
    }

    @Override // weblogic.wsee.security.wss.policy.SignaturePolicy
    public void addSignatureNodeListToReference(SOAPMessageContext sOAPMessageContext) throws SecurityPolicyArchitectureException, WSSecurityException {
        List<Node> findNode;
        if (this.signingNodeMap.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Collection values = this.signingNodeMap.values();
        values.remove(null);
        arrayList.addAll(values);
        for (int i = 0; i < arrayList.size(); i++) {
            Object obj = arrayList.get(i);
            if (obj != null) {
                if (obj instanceof QNameExpr) {
                    addSignatureNodeListToReference(SOAPSecurityHeaderHelper.getNonSecurityElements(sOAPMessageContext.getMessage(), (QNameExpr) obj));
                } else if (obj instanceof Node) {
                    arrayList2.add(obj);
                } else if (obj instanceof List) {
                    Object obj2 = ((List) obj).get(0);
                    if (obj2 instanceof XPath2) {
                        addXPathFilter2Reference((List<XPath2>) obj, sOAPMessageContext);
                    } else if ((obj2 instanceof XPath) && null != (findNode = XpathNodesHelper.findNode((List<XPath>) obj, sOAPMessageContext, false)) && findNode.size() > 0) {
                        addSignatureNodeListToReference(findNode);
                    }
                } else if (obj instanceof XPath2) {
                    addXPathFilter2Reference((XPath2) obj, sOAPMessageContext);
                } else if (obj instanceof XPath) {
                    List<Node> findNode2 = XpathNodesHelper.findNode((XPath) obj, sOAPMessageContext, false);
                    if (null != findNode2 && findNode2.size() > 0) {
                        addSignatureNodeListToReference(findNode2);
                    }
                } else {
                    if (!(obj instanceof Reference)) {
                        throw new SecurityPolicyArchitectureException("Unknown object type found in signature node list");
                    }
                    addReferences(Arrays.asList((Reference) obj));
                }
            }
        }
        SignedElements.isValidElement(arrayList2);
        addSignatureNodeListToReference(arrayList2);
    }

    private void addXPathFilter2Reference(List<XPath2> list, SOAPMessageContext sOAPMessageContext) throws SecurityPolicyArchitectureException {
        ArrayList arrayList = new ArrayList();
        for (XPath2 xPath2 : list) {
            if (!$assertionsDisabled && !Transform.XPATH2_URI.equals(xPath2.getXPathVersion())) {
                throw new AssertionError();
            }
            arrayList.add(convertToSpecXPath(xPath2));
        }
        XPathFilter2ParameterSpec xPathFilter2ParameterSpec = new XPathFilter2ParameterSpec(arrayList);
        ArrayList arrayList2 = new ArrayList();
        try {
            arrayList2.add(this.signatureFactory.newTransform(Transform.XPATH2_URI, xPathFilter2ParameterSpec));
            ArrayList arrayList3 = new ArrayList();
            arrayList3.add(sOAPMessageContext.getMessage().getSOAPPart().getDocumentElement());
            try {
                addReferences(this.signingReferencesFactory.getSigningReferences(this.signatureFactory, arrayList3, this.digestMethod, arrayList2));
            } catch (PolicyException e) {
                throw new SecurityPolicyArchitectureException(e.getMessage(), e);
            } catch (WSSecurityException e2) {
                throw new SecurityPolicyArchitectureException(e2.getMessage(), e2);
            }
        } catch (InvalidAlgorithmParameterException e3) {
            throw new SecurityPolicyArchitectureException(e3.getMessage(), e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new SecurityPolicyArchitectureException(e4.getMessage(), e4);
        }
    }

    private static weblogic.xml.crypto.dsig.api.spec.XPath convertToSpecXPath(XPath2 xPath2) {
        return new weblogic.xml.crypto.dsig.api.spec.XPath(xPath2.getXPathExpr(), XPathFilter2Transform.getFilter(xPath2.getFilter()), xPath2.getXPathNamespaces());
    }

    private void addXPathFilter2Reference(XPath2 xPath2, SOAPMessageContext sOAPMessageContext) throws SecurityPolicyArchitectureException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(xPath2);
        addXPathFilter2Reference(arrayList, sOAPMessageContext);
    }

    @Override // weblogic.wsee.security.wss.policy.SignaturePolicy
    public void addSignatureNodeListToReference() throws SecurityPolicyArchitectureException, WSSecurityException {
        if (this.signingNodeMap.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        Collection values = this.signingNodeMap.values();
        values.remove(null);
        arrayList.addAll(values);
        addSignatureNodeListToReference(arrayList);
    }

    @Override // weblogic.wsee.security.wss.policy.SignaturePolicy
    public void addSignatureNodeListToReference(List list) throws SecurityPolicyArchitectureException, WSSecurityException {
        if (null == list || list.size() == 0) {
            return;
        }
        try {
            addReferences(this.signingReferencesFactory.getSigningReferences(this.signatureFactory, list, this.digestMethod, getSigningTransforms()));
        } catch (PolicyException e) {
            throw new SecurityPolicyArchitectureException(e.getMessage(), e);
        }
    }

    @Override // weblogic.wsee.security.wss.policy.SignaturePolicy
    public void setNewSignatureNodeListToReference(List list) throws SecurityPolicyArchitectureException, WSSecurityException {
        try {
            this.references = this.signingReferencesFactory.getSigningReferences(this.signatureFactory, list, this.digestMethod, getSigningTransforms());
        } catch (PolicyException e) {
            throw new SecurityPolicyArchitectureException(e.getMessage(), e);
        }
    }

    @Override // weblogic.wsee.security.wss.policy.wssp.SigningPolicyImpl, weblogic.wsee.security.wss.policy.SignaturePolicy
    public List getReferences() throws SecurityPolicyArchitectureException, WSSecurityException {
        addSignatureNodeListToReference();
        return this.references;
    }

    private List getSigningTransforms() throws SecurityPolicyArchitectureException {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(this.signatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", null));
            return arrayList;
        } catch (InvalidAlgorithmParameterException e) {
            throw new SecurityPolicyArchitectureException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityPolicyArchitectureException(e2);
        }
    }

    private static List processSigningTransforms(XMLSignatureFactory xMLSignatureFactory, IntegrityTargetType integrityTargetType) throws SecurityPolicyException {
        TransformParameterSpec dOMParameterSpec;
        ArrayList arrayList = new ArrayList();
        for (TransformType transformType : integrityTargetType.getTransformArray()) {
            String attributeValueAsString = DOMUtils.getAttributeValueAsString(XBeanUtils.getElement(transformType), new QName("URI"));
            if (attributeValueAsString == null) {
                throw new SecurityPolicyException("Could not read Transform URI from Transform element");
            }
            DocumentFragment xMLBeanChildren = XBeanUtils.getXMLBeanChildren(transformType);
            if ("http://www.w3.org/TR/1999/REC-xpath-19991116".equals(attributeValueAsString)) {
                dOMParameterSpec = createXPathFilterSpec(xMLBeanChildren);
                if (dOMParameterSpec == null) {
                    throw new SecurityPolicyException("No XPath transform parameter.");
                }
            } else {
                dOMParameterSpec = new DOMParameterSpec(xMLBeanChildren);
            }
            try {
                arrayList.add(xMLSignatureFactory.newTransform(attributeValueAsString, dOMParameterSpec));
            } catch (InvalidAlgorithmParameterException e) {
                throw new SecurityPolicyException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SecurityPolicyException(e2);
            }
        }
        if (arrayList.size() == 0) {
            try {
                arrayList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", null));
            } catch (InvalidAlgorithmParameterException e3) {
            } catch (NoSuchAlgorithmException e4) {
            }
        }
        return arrayList;
    }

    private static XPathFilterParameterSpec createXPathFilterSpec(DocumentFragment documentFragment) {
        NodeList childNodes = documentFragment.getChildNodes();
        if (childNodes == null || childNodes.getLength() == 0) {
            return null;
        }
        return new XPathFilterParameterSpec(DOMUtils.getTextContent((Element) childNodes.item(0), true));
    }

    static {
        $assertionsDisabled = !SigningPolicyBlueprintImpl.class.desiredAssertionStatus();
        sequnce = 0;
        XPATH_FILTER_ELEMENT = new QName("http://www.w3.org/TR/1999/REC-xpath-19991116", "XPath");
    }
}
