package com.sonicsw.ws.security.wss4j.processor;

import com.sonicsw.ws.axis.DebugObjects;
import com.sonicsw.ws.security.policy.SSPConstants;
import com.sonicsw.ws.security.policy.WSSPConstants;
import com.sonicsw.ws.security.processingresult.SignatureResult;
import com.sonicsw.wsp.WSPConstants;
import java.security.Principal;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSDocInfoStore;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.EnvelopeIdResolver;
import org.apache.ws.security.message.token.DerivedKeyToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com/sonicsw/ws/security/wss4j/processor/SignatureProcessor.class */
public class SignatureProcessor extends org.apache.ws.security.processor.SignatureProcessor {
    public static final String TOKEN_REFERENCE_MODEL = "TokenReferenceModel";
    private String signatureId;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v6, types: [byte[], byte[][]] */
    public void handleToken(Element element, Crypto crypto, Crypto crypto2, CallbackHandler callbackHandler, WSDocInfo wSDocInfo, Vector vector, WSSConfig wSSConfig) throws WSSecurityException {
        DebugObjects.getHandlerDebug().debug(getClass().getName() + ": Found signature element");
        WSDocInfoStore.store(wSDocInfo);
        X509Certificate[] x509CertificateArr = new X509Certificate[1];
        HashSet hashSet = new HashSet();
        ?? r0 = new byte[1];
        Hashtable hashtable = new Hashtable(2);
        hashtable.put("SignedInfo", new Object());
        hashtable.put("SignedElements", new Object());
        hashtable.put(TOKEN_REFERENCE_MODEL, new Object());
        try {
            try {
                verifyXMLSignature(element, crypto, x509CertificateArr, hashSet, r0, hashtable);
                WSDocInfoStore.delete(wSDocInfo);
                vector.add(0, new SignatureResult(element, x509CertificateArr[0], (String) hashtable.get(TOKEN_REFERENCE_MODEL), (Vector) hashtable.get("SignedElements"), ((SignedInfo) hashtable.get("SignedInfo")).getSignatureMethodURI(), ((SignedInfo) hashtable.get("SignedInfo")).getCanonicalizationMethodURI()));
                this.signatureId = element.getAttributeNS(null, WSPConstants.LNAME_ID);
            } catch (WSSecurityException e) {
                throw e;
            }
        } catch (Throwable th) {
            WSDocInfoStore.delete(wSDocInfo);
            throw th;
        }
    }

    protected Principal verifyXMLSignature(Element element, Crypto crypto, X509Certificate[] x509CertificateArr, Set set, byte[][] bArr, Hashtable hashtable) throws WSSecurityException {
        DebugObjects.getHandlerDebug().debug(getClass().getName() + ": Verify XML Signature");
        if (DebugObjects.getHandlerDebug().getDebug()) {
            DebugObjects.getHandlerDebug().debug("Verify XML Signature");
        }
        long currentTimeMillis = DebugObjects.getHandlerDebug().getDebug() ? System.currentTimeMillis() : 0L;
        try {
            XMLSignature xMLSignature = new XMLSignature(element, (String) null);
            xMLSignature.addResourceResolver(EnvelopeIdResolver.getInstance());
            X509Certificate[] x509CertificateArr2 = null;
            KeyInfo keyInfo = xMLSignature.getKeyInfo();
            byte[] bArr2 = null;
            UsernameToken usernameToken = null;
            DerivedKeyToken derivedKeyToken = null;
            QName qName = null;
            QName qName2 = null;
            if (keyInfo != null) {
                qName = new QName(keyInfo.getElement().getNamespaceURI(), keyInfo.getElement().getLocalName());
                Node directChild = WSSecurityUtil.getDirectChild(keyInfo.getElement(), "SecurityTokenReference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
                if (directChild == null) {
                    throw new WSSecurityException(3, "unsupportedKeyInfo");
                }
                SecurityTokenReference securityTokenReference = new SecurityTokenReference((Element) directChild);
                WSDocInfo lookup = WSDocInfoStore.lookup(element.getOwnerDocument().hashCode());
                if (securityTokenReference.containsReference()) {
                    Element tokenElement = securityTokenReference.getTokenElement(element.getOwnerDocument(), lookup);
                    qName2 = new QName(tokenElement.getNamespaceURI(), tokenElement.getLocalName());
                    if (qName2.equals(WSSecurityEngine.usernameToken)) {
                        usernameToken = new UsernameToken(tokenElement);
                        bArr2 = usernameToken.getSecretKey();
                    } else if (qName2.equals(WSSecurityEngine.DERIVED_KEY_TOKEN)) {
                        derivedKeyToken = new DerivedKeyToken(tokenElement);
                        bArr2 = lookup.getProcessor(derivedKeyToken.getID()).getKeyBytes(WSSecurityUtil.getKeyLength(xMLSignature.getSignedInfo().getSignatureMethodURI()));
                    } else {
                        checkCrypto(crypto);
                        if (qName2.equals(WSSecurityEngine.binaryToken)) {
                            x509CertificateArr2 = getCertificatesTokenReference(tokenElement, crypto);
                        } else {
                            if (!qName2.equals(WSSecurityEngine.SAML_TOKEN)) {
                                throw new WSSecurityException(3, "unsupportedKeyInfo", new Object[]{qName2.toString()});
                            }
                            x509CertificateArr2 = SAMLUtil.getCertificatesFromSAML(tokenElement);
                        }
                    }
                    hashtable.put(TOKEN_REFERENCE_MODEL, SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE);
                } else if (securityTokenReference.containsX509Data() || securityTokenReference.containsX509IssuerSerial()) {
                    x509CertificateArr2 = securityTokenReference.getX509IssuerSerial(crypto);
                    hashtable.put(TOKEN_REFERENCE_MODEL, SSPConstants.LN_TOKEN_REF_MODEL_ISSUERSERIAL);
                } else {
                    if (!securityTokenReference.containsKeyIdentifier()) {
                        throw new WSSecurityException(3, "unsupportedKeyInfo", new Object[]{directChild.toString()});
                    }
                    x509CertificateArr2 = securityTokenReference.getKeyIdentifier(crypto);
                    hashtable.put(TOKEN_REFERENCE_MODEL, SSPConstants.LN_TOKEN_REF_MODEL_KEYIDENTIFIER);
                }
                DebugObjects.getHandlerDebug().debug("SignatureProcessor: Token reference model: " + hashtable.get(TOKEN_REFERENCE_MODEL));
            } else {
                checkCrypto(crypto);
                if (crypto.getDefaultX509Alias() == null) {
                    throw new WSSecurityException(3, "unsupportedKeyInfo");
                }
                x509CertificateArr2 = crypto.getCertificates(crypto.getDefaultX509Alias());
            }
            long currentTimeMillis2 = DebugObjects.getHandlerDebug().getDebug() ? System.currentTimeMillis() : 0L;
            if ((x509CertificateArr2 == null || x509CertificateArr2.length == 0 || x509CertificateArr2[0] == null) && bArr2 == null) {
                throw new WSSecurityException(6);
            }
            if (x509CertificateArr2 != null) {
                try {
                    x509CertificateArr2[0].checkValidity();
                } catch (CertificateExpiredException e) {
                    throw new WSSecurityException(6, "invalidCert");
                } catch (CertificateNotYetValidException e2) {
                    throw new WSSecurityException(6, "invalidCert");
                }
            }
            try {
                if (!(x509CertificateArr2 != null ? xMLSignature.checkSignatureValue(x509CertificateArr2[0]) : xMLSignature.checkSignatureValue(xMLSignature.createSecretKey(bArr2)))) {
                    throw new WSSecurityException(6);
                }
                if (DebugObjects.getHandlerDebug().getDebug()) {
                    long currentTimeMillis3 = System.currentTimeMillis();
                    DebugObjects.getHandlerDebug().debug("Verify: total= " + (currentTimeMillis3 - currentTimeMillis) + ", prepare-cert= " + (currentTimeMillis2 - currentTimeMillis) + ", verify= " + (currentTimeMillis3 - currentTimeMillis2));
                }
                bArr[0] = xMLSignature.getSignatureValue();
                SignedInfo signedInfo = xMLSignature.getSignedInfo();
                if (hashtable != null && hashtable.containsKey("SignedInfo")) {
                    hashtable.put("SignedInfo", signedInfo);
                }
                int length = signedInfo.getLength();
                Vector vector = null;
                if (hashtable != null && hashtable.containsKey("SignedElements")) {
                    vector = new Vector(length);
                    hashtable.put("SignedElements", vector);
                }
                for (int i = 0; i < length; i++) {
                    try {
                        String uri = signedInfo.item(i).getURI();
                        Element elementByWsuId = WSSecurityUtil.getElementByWsuId(element.getOwnerDocument(), uri);
                        if (elementByWsuId == null) {
                            elementByWsuId = WSSecurityUtil.getElementByGenId(element.getOwnerDocument(), uri);
                        }
                        if (elementByWsuId == null) {
                            throw new WSSecurityException(6);
                        }
                        if (vector != null) {
                            QName qName3 = new QName(elementByWsuId.getNamespaceURI(), elementByWsuId.getLocalName());
                            vector.add(qName3);
                            if (qName3.equals(qName2) || (qName2 == null && qName3.equals(qName))) {
                                vector.add(WSSPConstants.QN_SIGNING_TOKEN);
                                DebugObjects.getHandlerDebug().debug("QName representing the signing token is signed: " + qName3.toString() + "\nAdding reserved QName for signing token: " + WSSPConstants.QN_SIGNING_TOKEN.toString());
                            }
                        }
                        set.add(WSSecurityUtil.getIDfromReference(uri));
                    } catch (XMLSecurityException e3) {
                        throw new WSSecurityException(6);
                    }
                }
                if (x509CertificateArr2 != null) {
                    x509CertificateArr[0] = x509CertificateArr2[0];
                    return x509CertificateArr2[0].getSubjectDN();
                }
                if (usernameToken != null) {
                    WSUsernameTokenPrincipal wSUsernameTokenPrincipal = new WSUsernameTokenPrincipal(usernameToken.getName(), usernameToken.isHashed());
                    wSUsernameTokenPrincipal.setNonce(usernameToken.getNonce());
                    wSUsernameTokenPrincipal.setPassword(usernameToken.getPassword());
                    wSUsernameTokenPrincipal.setCreatedTime(usernameToken.getCreated());
                    return wSUsernameTokenPrincipal;
                }
                if (derivedKeyToken == null) {
                    throw new WSSecurityException("Cannot determine principal");
                }
                WSDerivedKeyTokenPrincipal wSDerivedKeyTokenPrincipal = new WSDerivedKeyTokenPrincipal(derivedKeyToken.getID());
                wSDerivedKeyTokenPrincipal.setNonce(derivedKeyToken.getNonce());
                wSDerivedKeyTokenPrincipal.setLabel(derivedKeyToken.getLabel());
                wSDerivedKeyTokenPrincipal.setLength(derivedKeyToken.getLength());
                wSDerivedKeyTokenPrincipal.setOffset(derivedKeyToken.getOffset());
                return wSDerivedKeyTokenPrincipal;
            } catch (XMLSignatureException e4) {
                throw new WSSecurityException(6);
            }
        } catch (XMLSecurityException e5) {
            throw new WSSecurityException(6, "noXMLSig");
        }
    }

    private void checkCrypto(Crypto crypto) throws WSSecurityException {
        if (crypto == null) {
            throw new WSSecurityException(0, "noSigCryptoFile");
        }
    }

    public String getId() {
        return this.signatureId;
    }
}
