package com.sonicsw.ws.security.processingresult;

import com.sonicsw.ws.axis.DebugObjects;
import com.sonicsw.ws.security.action.Signature;
import com.sonicsw.ws.security.action.SupportingToken;
import com.sonicsw.ws.security.policy.WSSPConstants;
import com.sonicsw.ws.security.policy.WSSPUtils;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import javax.xml.namespace.QName;
import org.apache.axis.MessageContext;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sonicsw/ws/security/processingresult/SignatureResult.class */
public class SignatureResult extends EncryptionSignatureResult {
    private final X509Certificate m_signingCert;
    private final Vector m_signedElementQnames;
    private URI m_algSignatureURI;
    private URI m_algCanonicalizationURI;
    private boolean allRequiredPartsSigned = true;

    public SignatureResult(Element element, X509Certificate x509Certificate, String str, Vector vector, String str2, String str3) {
        this.m_algSignatureURI = null;
        this.m_algCanonicalizationURI = null;
        this.m_element = element;
        this.m_signingCert = x509Certificate;
        this.m_tokenRefModel = str;
        this.m_signedElementQnames = vector;
        try {
            this.m_algSignatureURI = new URI(str2);
        } catch (URISyntaxException e) {
        }
        try {
            this.m_algCanonicalizationURI = new URI(str3);
        } catch (URISyntaxException e2) {
        }
        if (DebugObjects.getPolicyDebug().getDebug()) {
            StringBuffer stringBuffer = new StringBuffer("SignatureInfo.init: sigature alg uri = ");
            stringBuffer.append(this.m_algSignatureURI);
            stringBuffer.append(", canonical alg uri = ");
            stringBuffer.append(this.m_algCanonicalizationURI);
            stringBuffer.append(", signed messgar part(s) = ");
            if (this.m_signedElementQnames != null && !this.m_signedElementQnames.isEmpty()) {
                for (int i = 0; i < this.m_signedElementQnames.size(); i++) {
                    stringBuffer.append((QName) this.m_signedElementQnames.get(i));
                }
            }
            DebugObjects.getPolicyDebug().debug(stringBuffer.toString());
        }
    }

    public boolean isUTSigned() {
        return this.m_signingCert == null;
    }

    public X509Certificate getCertificate() {
        return this.m_signingCert;
    }

    public Vector getSignedElementQnames() {
        return this.m_signedElementQnames;
    }

    private void setError(String str) {
        if (this.m_status != null) {
            this.m_status.setError(str);
        }
        this.allRequiredPartsSigned = false;
    }

    private void addSignedPart(QName qName) {
        if (this.m_status != null) {
            this.m_status.addMessagePart(qName);
        }
    }

    public boolean validate(Signature signature, MessageContext messageContext, ValidationStatus validationStatus) {
        this.m_status = validationStatus;
        String algCanonicalization = signature.getAlgCanonicalization();
        if (algCanonicalization != null) {
            DebugObjects.getPolicyDebug().debug("SignatureResult: Validating canonicalization alg against policy, expected " + algCanonicalization);
            try {
                URI uri = new URI(algCanonicalization);
                if (this.m_algCanonicalizationURI == null || !this.m_algCanonicalizationURI.equals(uri)) {
                    DebugObjects.getPolicyDebug().debug("SignatureResult: Validation of canonicalization alg failed, found " + this.m_algCanonicalizationURI);
                    setError("canonicalization algorithm not matched, expected " + uri + ", found " + this.m_algCanonicalizationURI);
                    return false;
                }
            } catch (URISyntaxException e) {
                e.printStackTrace();
                return false;
            }
        }
        String algSignature = signature.getAlgSignature();
        if (algSignature != null) {
            DebugObjects.getPolicyDebug().debug("SignatureResult: Validating signature alg against policy, expected " + algSignature);
            try {
                URI uri2 = new URI(algSignature);
                if (this.m_algSignatureURI == null || !this.m_algSignatureURI.equals(uri2)) {
                    DebugObjects.getPolicyDebug().debug("SignatureResult: Validation of signature alg failed, found " + this.m_algSignatureURI);
                    setError("signature algorithm not matched, expected " + uri2 + ", found " + this.m_algSignatureURI);
                    return false;
                }
            } catch (URISyntaxException e2) {
                e2.printStackTrace();
                return false;
            }
        }
        if (!validateTokenReference(signature, messageContext)) {
            return false;
        }
        List tokenList = signature.getTokenList();
        if (tokenList != null && !tokenList.isEmpty()) {
            DebugObjects.getPolicyDebug().debug("SignatureResult: Validating cert against policy...");
            SupportingToken supportingToken = (SupportingToken) tokenList.get(0);
            if (!supportingToken.getTokenType().equals(WSSPConstants.QN_TOKENTYPE_X509V3)) {
                DebugObjects.getPolicyDebug().debug("SignatureResult: Security token type required for signature not supported, found " + supportingToken.getTokenType());
                return false;
            }
            String tokenIssuer = supportingToken.getTokenIssuer();
            if (tokenIssuer != null) {
                DebugObjects.getPolicyDebug().debug("SignatureResult: Validating cert issuer against by policy, expected " + tokenIssuer);
                if (!new X500Principal(tokenIssuer).equals(this.m_signingCert.getIssuerX500Principal())) {
                    DebugObjects.getPolicyDebug().debug("SignatureResult: Validation of cert issuer failed, found " + this.m_signingCert.getIssuerX500Principal());
                    return false;
                }
            }
            if (supportingToken.getSubjectName() != null) {
                DebugObjects.getPolicyDebug().debug("SignatureResult: Validating the subject name match, match type = " + supportingToken.getSubjectNameMatchType() + ", expected subject = " + supportingToken.getSubjectName());
                if (!WSSPUtils.match(supportingToken.getSubjectNameMatchType(), supportingToken.getSubjectName(), parseCN(this.m_signingCert.getSubjectDN().getName()))) {
                    DebugObjects.getPolicyDebug().debug("SignatureResult: Validation of subject name failed, found " + parseCN(this.m_signingCert.getSubjectDN().getName()));
                    return false;
                }
            }
        }
        DebugObjects.getPolicyDebug().debug("SignatureResult: Validating all required message part(s) are signed...");
        QName[] partsAsQNames = signature.getPartsAsQNames();
        if (partsAsQNames != null) {
            for (QName qName : partsAsQNames) {
                DebugObjects.getPolicyDebug().debug("SignatureResult: required message part = " + qName);
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i >= this.m_signedElementQnames.size()) {
                        break;
                    }
                    QName qName2 = (QName) this.m_signedElementQnames.get(i);
                    DebugObjects.getPolicyDebug().debug("SignatureResult: signed message part = " + qName2);
                    z = qName.equals(qName2);
                    if (z) {
                        addSignedPart(qName);
                        break;
                    }
                    i++;
                }
                if (z) {
                    DebugObjects.getPolicyDebug().debug("SignatureResult: required signed part found: " + qName);
                } else {
                    if (signature.isSP2002()) {
                        String str = "required message part not signed: " + qName;
                        setError(str);
                        DebugObjects.getPolicyDebug().debug("SignatureResult:" + str);
                        return false;
                    }
                    if (this.m_element.getOwnerDocument().getElementsByTagNameNS(qName.getNamespaceURI(), qName.getLocalPart()).getLength() != 0) {
                        String str2 = "required signed part found in message but not signed: " + qName;
                        setError(str2);
                        DebugObjects.getPolicyDebug().debug("SignatureResult:" + str2);
                    } else {
                        addSignedPart(qName);
                        DebugObjects.getPolicyDebug().debug("SignatureResult: required signed part not found in message: " + qName);
                    }
                }
            }
        }
        return this.allRequiredPartsSigned;
    }

    private static String parseCN(String str) {
        if (str == null) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",", false);
        while (stringTokenizer.hasMoreElements()) {
            String trim = ((String) stringTokenizer.nextElement()).trim();
            if (trim.startsWith("CN=")) {
                return trim.substring(3, trim.length());
            }
        }
        return null;
    }
}
