package com.ibm.ws.wssecurity.dsig;

import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.Result;
import com.ibm.ws.wssecurity.common.ResultPool;
import com.ibm.ws.wssecurity.common.WSSAlgorithmFactory;
import com.ibm.ws.wssecurity.config.AlgorithmConfig;
import com.ibm.ws.wssecurity.config.EncryptionConsumerConfig;
import com.ibm.ws.wssecurity.config.KeyInfoConsumerConfig;
import com.ibm.ws.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.wssecurity.config.SignatureConsumerConfig;
import com.ibm.ws.wssecurity.config.SigningReferenceConfig;
import com.ibm.ws.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.wssecurity.core.ElementSelector;
import com.ibm.ws.wssecurity.core.WSSConsumerComponent;
import com.ibm.ws.wssecurity.dsig.VerificationResult;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoConsumer;
import com.ibm.ws.wssecurity.keyinfo.KeyInfoResult;
import com.ibm.ws.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.wssecurity.util.CommonLogUtils;
import com.ibm.ws.wssecurity.util.ConfigConstants;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.CommonContentConsumer;
import com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenManagerImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SecurityTokenWrapper;
import com.ibm.ws.wssecurity.xml.xss4j.domutil.DOMUtil;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.IDResolver;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.KeyInfo;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.ReferenceObject;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.ResourceShower;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.SignatureObject;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.Validity;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.HWKeyCache;
import com.ibm.ws.wssecurity.xml.xss4j.enc.StructureException;
import com.ibm.ws.wssecurity.xml.xss4j.enc.util.SameDocumentEncryptedKeyRetriever;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig;
import java.io.ByteArrayInputStream;
import java.security.AccessController;
import java.security.Key;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMDocument;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;

/* loaded from: input_file:com/ibm/ws/wssecurity/dsig/SignatureConsumer.class */
public class SignatureConsumer implements WSSConsumerComponent {
    private static final String comp = "security.wssecurity";
    private Map<Object, Object> _selectors = null;
    private boolean _initialized = false;
    private static final TraceComponent tc = Tr.register(SignatureConsumer.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = SignatureConsumer.class.getName();
    private static final QName ALGORITHM_Q = new QName("", "Algorithm");
    private static final QName TYPE_Q = new QName("", "Type");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/ws/wssecurity/dsig/SignatureConsumer$ShowerImpl.class */
    public static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        @Override // com.ibm.ws.wssecurity.xml.xss4j.dsig.ResourceShower
        public void showSignedResource(OMElement oMElement, int i, String str, String str2, byte[] bArr, String str3) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            if (i < 0) {
                Tr.debug(SignatureConsumer.tc, "ResourceShower logs verify-SignedInfo: ");
                CommonLogUtils.logDebug(byteArrayInputStream, str3, SignatureConsumer.tc);
            } else if (str == null || str.length() == 0) {
                Tr.debug(SignatureConsumer.tc, "ResourceShower logs verify-resource_" + i + ": ");
                CommonLogUtils.logDebug(byteArrayInputStream, str3, SignatureConsumer.tc);
            } else {
                Tr.debug(SignatureConsumer.tc, "ResourceShower logs verify-" + str + ": ");
                CommonLogUtils.logDebug(byteArrayInputStream, str3, SignatureConsumer.tc);
            }
            try {
                byteArrayInputStream.close();
            } catch (Exception e) {
                Tr.debug(SignatureConsumer.tc, "Caugh exception closing input stream: e=" + e.getMessage());
            }
        }

        @Override // com.ibm.ws.wssecurity.xml.xss4j.dsig.ResourceShower
        public void showSignedResource(OMElement oMElement, int i, String str, String str2, byte[] bArr, int i2, int i3, String str3) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr, i2, i3);
            if (i < 0) {
                Tr.debug(SignatureConsumer.tc, "ResourceShower logs verify-SignedInfo: ");
                CommonLogUtils.logDebug(byteArrayInputStream, str3, SignatureConsumer.tc);
            } else if (str == null || str.length() == 0) {
                Tr.debug(SignatureConsumer.tc, "ResourceShower logs verify-resource_" + i + ": ");
                CommonLogUtils.logDebug(byteArrayInputStream, str3, SignatureConsumer.tc);
            } else {
                Tr.debug(SignatureConsumer.tc, "ResourceShower logs verify-" + str + ": ");
                CommonLogUtils.logDebug(byteArrayInputStream, str3, SignatureConsumer.tc);
            }
            try {
                byteArrayInputStream.close();
            } catch (Exception e) {
                Tr.debug(SignatureConsumer.tc, "Caugh exception closing input stream: e=" + e.getMessage());
            }
        }

        static /* synthetic */ ShowerImpl access$000() {
            return getInstance();
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSComponent, com.ibm.ws.wssecurity.core.Initializable
    public void init(Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._selectors = map;
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.wssecurity.core.WSSConsumerComponent
    public void invoke(OMNode oMNode, Map<Object, Object> map) throws SoapSecurityException {
        OMElement firstChildElementNamed;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke(Node target[" + DOMUtils.getDisplayName(oMNode) + "],Map context)");
        }
        if (oMNode == null) {
            throw SoapSecurityException.format("security.wssecurity.SignatureConsumer.s11", "ds:Signature");
        }
        if (oMNode.getType() != 1) {
            throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s03", DOMUtils.getQualifiedName(oMNode));
        }
        OMElement oMElement = (OMElement) oMNode;
        String name = oMElement.getNamespace() == null ? null : oMElement.getNamespace().getName();
        String localName = oMElement.getLocalName();
        if ((name == null ? 0 : name.hashCode() * 31) + (localName == null ? 0 : localName.hashCode()) != Constants.HASH_DS_SIGNATURE) {
            throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s03", DOMUtils.getQualifiedName(oMNode));
        }
        OMNode oMNode2 = (OMElement) oMNode;
        IDResolver iDResolver = (IDResolver) map.get(ElementSelector.IDRESOLVER);
        Object obj = map.get(Constants.WSS_VERSION);
        int i = 0;
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = Constants.NAMESPACES[0][i];
        String str2 = Constants.NAMESPACES[1][i];
        boolean isTrue = ConfigUtil.isTrue((String) map.remove(Constants.COPY_DOMTREE));
        WSSConsumerConfig wSSConsumerConfig = (WSSConsumerConfig) map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey");
        SignatureConsumerConfig signatureConsumerConfig = (SignatureConsumerConfig) map.remove(SignatureConsumerConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SignatureConsumerConfig [" + signatureConsumerConfig + "].");
        }
        OMDocument ownerDocument = DOMUtil.getOwnerDocument(oMNode2);
        SignatureObject signatureObject = new SignatureObject();
        signatureObject.setOwnerDocument(ownerDocument);
        VerificationResult checkSignature = checkSignature(ownerDocument, oMNode2, wSSConsumerConfig, signatureConsumerConfig, iDResolver, str, str2, isTrue, signatureObject, map);
        if (checkSignature._domRequired) {
            ownerDocument = checkSignature._copiedDOM;
            ArrayList<OMNode> oneOrMoreElements = DOMUtils.getOneOrMoreElements(ownerDocument.getOMDocumentElement(), Constants.NS_DSIG, "Signature");
            int i2 = 0;
            while (true) {
                if (i2 >= oneOrMoreElements.size()) {
                    break;
                }
                if (DOMUtils.equals(oMNode2, oneOrMoreElements.get(i2))) {
                    oMNode2 = (OMElement) oneOrMoreElements.get(i2);
                    break;
                }
                i2++;
            }
        }
        HashMap hashMap = new HashMap(2);
        map.put(Constants.KEY_ALGORITHM, signatureConsumerConfig.getSignatureMethod().getAlgorithm());
        verify(oMNode2, callKeyInfoConsumer(signatureConsumerConfig.getSigningKeyInfo(), WSSKeyInfoComponent.KEY_VERIFYING, hashMap, this._selectors, KeyInfo.searchForKeyInfo(oMNode2), map), wSSConsumerConfig, signatureConsumerConfig, iDResolver, ownerDocument, checkSignature, this._selectors, signatureObject, map);
        setVerificationResult(checkSignature, signatureConsumerConfig, map);
        List list = (List) map.get(Constants.SIGNATURE_CONFIRMATION_CACHE);
        if (list != null && (firstChildElementNamed = DOMUtil.getFirstChildElementNamed(oMNode2, "http://www.w3.org/2000/09/xmldsig#", "SignatureValue")) != null) {
            String stringValue = DOMUtil.getStringValue(firstChildElementNamed);
            if (stringValue.lastIndexOf(10, 80) > -1) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Removing whitespace from Base64 Signature: " + stringValue);
                }
                stringValue = stringValue.replaceAll("\\s", "");
            }
            list.add(stringValue);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cached signature value for SignatureConfirmation: " + stringValue);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Node target, Map context)");
        }
    }

    private static VerificationResult checkSignature(OMDocument oMDocument, OMElement oMElement, WSSConsumerConfig wSSConsumerConfig, SignatureConsumerConfig signatureConsumerConfig, IDResolver iDResolver, String str, String str2, boolean z, SignatureObject signatureObject, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkSignature(Document doc[" + DOMUtils.getDisplayName(oMDocument) + "],Element signature[" + DOMUtils.getDisplayName((OMNode) oMElement) + "],WSSConsumerConfig gconfig,SignatureConsumerConfig config,IDResolver idResolver[" + iDResolver + "],String nsWsse[" + str + "],String nsWsu[" + str2 + "],boolean domRequired[" + z + "],SignatureObject signatureObject[" + signatureObject + "],Map context)");
        }
        VerificationResult verificationResult = new VerificationResult(signatureConsumerConfig);
        OMElement firstElement = DOMUtils.getFirstElement((OMNode) oMElement);
        while (true) {
            OMElement oMElement2 = firstElement;
            if (oMElement2 == null) {
                break;
            }
            String namespaceURI = oMElement2.getNamespace() == null ? null : oMElement2.getNamespace().getNamespaceURI();
            String localName = oMElement2.getLocalName();
            int hashCode = (namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode());
            if (hashCode == Constants.HASH_DS_SIGNEDINFO) {
                signatureObject.setSignedInfoElement(oMElement2);
                checkSignedInfo(oMDocument, oMElement2, wSSConsumerConfig, signatureConsumerConfig, verificationResult, iDResolver, str, str2, z, signatureObject, map);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK.");
                }
            } else if (hashCode == Constants.HASH_DS_KEYINFO) {
                signatureObject.setKey(oMElement2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK.");
                }
            } else if (hashCode == Constants.HASH_DS_SIGNATUREVALUE) {
                signatureObject.setSignatureValue(DOMUtil.getStringValue(oMElement2));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK.");
                }
            } else if (hashCode == Constants.HASH_DS_OBJECT) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK. But this consumer ignores it.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.warning(tc, "security.wssecurity.WSEC6833W", new Object[]{DOMUtils.getQualifiedName(oMElement2), DOMUtils.getQualifiedName(oMElement)});
            }
            firstElement = DOMUtils.getNextElement(oMElement2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkSignature(Document doc,Element signature,WSSConsumerConfig gconfig,SignatureConsumerConfig config,IDResolver idResolver,String nsWsse,String nsWsu,boolean domRequired,SignatureObject signatureObject,Map context) returns VerificationResult[" + verificationResult + "]");
        }
        return verificationResult;
    }

    /* JADX WARN: Code restructure failed: missing block: B:35:0x0152, code lost:
    
        throw com.ibm.wsspi.wssecurity.core.SoapSecurityException.format(com.ibm.ws.wssecurity.common.Constants.UNSUPPORTED_ALGORITHM, "security.wssecurity.PrivateConsumerConfig.s08", r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkSignedInfo(org.apache.axiom.om.OMDocument r12, org.apache.axiom.om.OMElement r13, com.ibm.ws.wssecurity.config.WSSConsumerConfig r14, com.ibm.ws.wssecurity.config.SignatureConsumerConfig r15, com.ibm.ws.wssecurity.dsig.VerificationResult r16, com.ibm.ws.wssecurity.xml.xss4j.dsig.IDResolver r17, java.lang.String r18, java.lang.String r19, boolean r20, com.ibm.ws.wssecurity.xml.xss4j.dsig.SignatureObject r21, java.util.Map<java.lang.Object, java.lang.Object> r22) throws com.ibm.wsspi.wssecurity.core.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 694
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.dsig.SignatureConsumer.checkSignedInfo(org.apache.axiom.om.OMDocument, org.apache.axiom.om.OMElement, com.ibm.ws.wssecurity.config.WSSConsumerConfig, com.ibm.ws.wssecurity.config.SignatureConsumerConfig, com.ibm.ws.wssecurity.dsig.VerificationResult, com.ibm.ws.wssecurity.xml.xss4j.dsig.IDResolver, java.lang.String, java.lang.String, boolean, com.ibm.ws.wssecurity.xml.xss4j.dsig.SignatureObject, java.util.Map):void");
    }

    private static void checkReference(OMDocument oMDocument, OMElement oMElement, WSSConsumerConfig wSSConsumerConfig, List list, VerificationResult verificationResult, IDResolver iDResolver, String str, String str2, boolean z, SignatureObject signatureObject, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkReference(Document doc[" + DOMUtils.getDisplayName(oMDocument) + "],Element reference[" + DOMUtils.getDisplayName((OMNode) oMElement) + "],WSSConsumerConfig gconfig,List config,VerificationResult vresult[" + verificationResult + "],IDResolver idResolver[" + iDResolver + "],String nsWsse[" + str + "],String nsWsu[" + str2 + "],boolean domRequired[" + z + "],SignatureObject signatureObject[" + signatureObject + "],Map context)");
        }
        boolean z2 = false;
        Exception[] excArr = new Exception[list.size()];
        int i = 0;
        int i2 = 0;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                SigningReferenceConfig signingReferenceConfig = (SigningReferenceConfig) it.next();
                i2 = verificationResult._verifiedParts.size() - 1;
                checkReference(oMDocument, oMElement, wSSConsumerConfig, signingReferenceConfig, verificationResult, iDResolver, str, str2, z, signatureObject, map);
                verificationResult._srconfig = signingReferenceConfig;
                z2 = true;
                break;
            } catch (Exception e) {
                int i3 = i;
                i++;
                excArr[i3] = e;
                for (int size = verificationResult._verifiedParts.size() - 1; size > i2; size--) {
                    verificationResult._verifiedParts.remove(size);
                }
            }
        }
        if (!z2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, i + " exceptions were caught.");
                for (int i4 = 0; i4 < i; i4++) {
                    Tr.debug(tc, "No." + it + "'s exception: " + excArr[i4]);
                }
            }
            throw SoapSecurityException.format("security.wssecurity.SignatureConsumer.s12", new String[]{excArr[i - 1].getMessage()}, excArr[i - 1]);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkReference(Document doc,Element reference,WSSConsumerConfig gconfig,List config,VerificationResult vresult,IDResolver idResolver,String nsWsse,String nsWsu,boolean domRequired,SignatureObject signatureObject,Map context)");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:42:0x01ae, code lost:
    
        throw com.ibm.wsspi.wssecurity.core.SoapSecurityException.format(com.ibm.ws.wssecurity.common.Constants.UNSUPPORTED_ALGORITHM, "security.wssecurity.PrivateConsumerConfig.s11", r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkReference(org.apache.axiom.om.OMDocument r8, org.apache.axiom.om.OMElement r9, com.ibm.ws.wssecurity.config.WSSConsumerConfig r10, com.ibm.ws.wssecurity.config.SigningReferenceConfig r11, com.ibm.ws.wssecurity.dsig.VerificationResult r12, com.ibm.ws.wssecurity.xml.xss4j.dsig.IDResolver r13, java.lang.String r14, java.lang.String r15, boolean r16, com.ibm.ws.wssecurity.xml.xss4j.dsig.SignatureObject r17, java.util.Map<java.lang.Object, java.lang.Object> r18) throws com.ibm.wsspi.wssecurity.core.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 1158
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.wssecurity.dsig.SignatureConsumer.checkReference(org.apache.axiom.om.OMDocument, org.apache.axiom.om.OMElement, com.ibm.ws.wssecurity.config.WSSConsumerConfig, com.ibm.ws.wssecurity.config.SigningReferenceConfig, com.ibm.ws.wssecurity.dsig.VerificationResult, com.ibm.ws.wssecurity.xml.xss4j.dsig.IDResolver, java.lang.String, java.lang.String, boolean, com.ibm.ws.wssecurity.xml.xss4j.dsig.SignatureObject, java.util.Map):void");
    }

    private static void checkTransforms(OMElement oMElement, WSSConsumerConfig wSSConsumerConfig, List list, VerificationResult.VerifiedPart verifiedPart, boolean z, ReferenceObject referenceObject, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkTransform(Element transforms[" + DOMUtils.getDisplayName((OMNode) oMElement) + "],WSSConsumerConfig gconfig,List config[" + list + "],VerifiedPart part[" + verifiedPart + "],boolean domRequired[" + z + "],ReferenceObject referenceObject[" + referenceObject + "],Map context])");
        }
        referenceObject.setTransformsElement(oMElement);
        OMElement firstElement = DOMUtils.getFirstElement((OMNode) oMElement);
        while (true) {
            OMElement oMElement2 = firstElement;
            if (oMElement2 == null) {
                break;
            }
            OMElement nextElement = DOMUtils.getNextElement(oMElement2);
            String namespaceURI = oMElement2.getNamespace() == null ? null : oMElement2.getNamespace().getNamespaceURI();
            String localName = oMElement2.getLocalName();
            if ((namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode()) == Constants.HASH_DS_TRANSFORM) {
                checkTransform(oMElement2, nextElement == null, wSSConsumerConfig, list, verifiedPart, z, referenceObject, map);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, localName + " is OK.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: There is unknown element " + DOMUtils.getQualifiedName(oMElement2) + " in the " + DOMUtils.getQualifiedName(oMElement) + " element.");
            }
            firstElement = nextElement;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkTransform(Element transforms,WSSConsumerConfig gconfig,List config,VerifiedPart part,boolean domRequired,ReferenceObject referenceObject,Map context)");
        }
    }

    private static void checkTransform(OMElement oMElement, boolean z, WSSConsumerConfig wSSConsumerConfig, List list, VerificationResult.VerifiedPart verifiedPart, boolean z2, ReferenceObject referenceObject, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkTransform(Element transform[" + DOMUtils.getDisplayName((OMNode) oMElement) + "],boolean lastTransform[" + z + "],WSSConsumerConfig gconfig,List config[" + list + "],VerifiedPart part[" + verifiedPart + "],boolean domRequired[" + z2 + "],ReferenceObject referenceObject[" + referenceObject + "],Map context)");
        }
        boolean z3 = false;
        Iterator it = list.iterator();
        String attributeValue = oMElement.getAttributeValue(ALGORITHM_Q);
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((AlgorithmConfig) it.next()).getAlgorithm().equals(attributeValue) && wSSConsumerConfig.getAllowedTransforms().contains(attributeValue)) {
                z3 = true;
                break;
            }
        }
        if (!z3) {
            throw SoapSecurityException.format(Constants.UNSUPPORTED_ALGORITHM, "security.wssecurity.PrivateConsumerConfig.s12", attributeValue);
        }
        referenceObject.addTransformAlgorithmAndParameter(attributeValue, DOMUtil.getFirstChildElement(oMElement));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Transform [" + attributeValue + "] is OK.");
        }
        if (ConfigUtil.isC14nTransform(attributeValue)) {
            verifiedPart._numC14n++;
            if (z) {
                verifiedPart._lastIsC14n = true;
            }
        } else if (z2 && ConfigUtil.isDOMRequiredTransform(attributeValue)) {
            verifiedPart._domRequired = z2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkTransform(List config,WSSConsumerConfig gconfig,String algorithm,VerifiedPart part,boolean domRequired,ReferenceObject referenceObject,Map context)");
        }
    }

    private static void verify(OMElement oMElement, Key key, WSSConsumerConfig wSSConsumerConfig, SignatureConsumerConfig signatureConsumerConfig, IDResolver iDResolver, OMDocument oMDocument, VerificationResult verificationResult, Map<Object, Object> map, SignatureObject signatureObject, Map<Object, Object> map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verify(Element signature[" + DOMUtils.getDisplayName((OMNode) oMElement) + "],Key key[" + key + "],WSSConsumerConfig gconfig,SignatureConsumerConfig config,IDResolver idResolver[" + iDResolver + "],Document document[" + DOMUtils.getDisplayName((OMNode) oMDocument.getOMDocumentElement()) + "],VerificationResult vresult[" + verificationResult + "],Map selectors,SignatureObject signatureObject[" + signatureObject + "],Map context)");
        }
        WSSSignatureContext wSSSignatureContext = new WSSSignatureContext();
        wSSSignatureContext.setContext(map2);
        Map<Object, Object> properties = wSSConsumerConfig.getProperties();
        wSSSignatureContext.setHWKeyStoreName((String) map2.remove(Constants.CON_KEY_STORE_NAME));
        String algorithm = signatureConsumerConfig.getSignatureMethod() != null ? signatureConsumerConfig.getSignatureMethod().getAlgorithm() : null;
        wSSSignatureContext.setSigAlgorithm(algorithm);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Signature Algorithm = " + algorithm);
        }
        if (wSSSignatureContext.useHWKeyStore()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HARDWARE Key Store Name is: " + wSSSignatureContext.getHWKeyStoreName());
            }
            Provider hWCryptoProviderInstance = ConfigUtil.getHWCryptoProviderInstance(wSSSignatureContext.getHWKeyStoreName());
            if (hWCryptoProviderInstance == null) {
                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
            } else {
                wSSSignatureContext.setHWKeyStoreProvider(hWCryptoProviderInstance);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HW crypto provider instance for the HW KeyStore" + hWCryptoProviderInstance.getName());
                }
            }
        }
        wSSSignatureContext.setHWConfigName((String) properties.get("HWCONFIG"));
        wSSSignatureContext.setOffload((Boolean) properties.get(ConfigConstants.OFFLOAD_RSA_PUBKEY_CRYPTO));
        if (wSSSignatureContext.shouldChangeProvider()) {
            HWKeyCache hWKeyCache = HWKeyCache.getInstance();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HARDWARE Acceleration enabled, Key Store Name is: " + wSSSignatureContext.getHWConfigName());
            }
            Provider hWCryptoProviderInstance2 = ConfigUtil.getHWCryptoProviderInstance(wSSSignatureContext.getHWConfigName());
            if (hWCryptoProviderInstance2 == null) {
                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware acceleration, continue processing.");
            } else {
                wSSSignatureContext.setHWAccelerationProvider(hWCryptoProviderInstance2);
                hWKeyCache.setProvider(hWCryptoProviderInstance2, (Integer) properties.get(ConfigConstants.HARDWARE_CACHE_SIZE));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HW crypto provider instance for HW Acceleration" + hWCryptoProviderInstance2.getName());
                }
            }
        }
        if (tc.isDebugEnabled()) {
            wSSSignatureContext.setResourceShower(ShowerImpl.access$000());
        }
        if (iDResolver != null) {
            wSSSignatureContext.setIDResolver(iDResolver);
        }
        HashSet hashSet = new HashSet();
        Iterator<SignatureConsumerConfig> it = wSSConsumerConfig.getSignatureConsumers().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getSigningKeyInfo());
        }
        HashSet hashSet2 = new HashSet();
        Iterator<EncryptionConsumerConfig> it2 = wSSConsumerConfig.getEncryptionConsumers().iterator();
        while (it2.hasNext()) {
            hashSet2.add(it2.next().getEncryptionKeyInfo());
        }
        Set<TokenConsumerConfig> tokenConsumers = wSSConsumerConfig.getTokenConsumers();
        WSSAlgorithmFactory algorithmFactory = wSSConsumerConfig.getAlgorithmFactory();
        wSSSignatureContext.setAlgorithmFactory(algorithmFactory);
        wSSSignatureContext.setDocument(oMDocument);
        if (signatureConsumerConfig.getKeyInfoSignature() != null) {
            wSSSignatureContext.setKeyInfoSignature(signatureConsumerConfig.getKeyInfoSignature().getAlgorithm());
        } else {
            wSSSignatureContext.setKeyInfoSignature(null);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "DecryptionTransform is used: " + signatureConsumerConfig.isDecryptionTransformEnabled());
        }
        if (signatureConsumerConfig.isDecryptionTransformEnabled()) {
            try {
                wSSSignatureContext.setEncryptedKeyRetriever(new SameDocumentEncryptedKeyRetriever(oMDocument));
                XMLDTKeyInfoResolver xMLDTKeyInfoResolver = new XMLDTKeyInfoResolver();
                xMLDTKeyInfoResolver.setAlgorithmFactory(algorithmFactory);
                xMLDTKeyInfoResolver.setContext(map2);
                xMLDTKeyInfoResolver.setSelectors(map);
                xMLDTKeyInfoResolver.setIdResolver(iDResolver);
                xMLDTKeyInfoResolver.setEncKeyInfoConsumers(hashSet2);
                xMLDTKeyInfoResolver.setTokenConsumers(tokenConsumers);
                wSSSignatureContext.setKeyInfoResolver(xMLDTKeyInfoResolver);
            } catch (StructureException e) {
                Tr.processException(e, clsName + ".verify", "826");
                throw new SoapSecurityException(e);
            }
        }
        STRDTKeyInfoResolver sTRDTKeyInfoResolver = new STRDTKeyInfoResolver();
        sTRDTKeyInfoResolver.setContext(map2);
        sTRDTKeyInfoResolver.setSelectors(map);
        sTRDTKeyInfoResolver.setDsigKeyInfoSet(hashSet);
        sTRDTKeyInfoResolver.setEncKeyInfoSet(hashSet2);
        sTRDTKeyInfoResolver.setGeneration(false);
        wSSSignatureContext.setSTRDTKeyInfoResolver(sTRDTKeyInfoResolver);
        wSSSignatureContext.setContext(map2);
        wSSSignatureContext.setOnlySignEntireHeadersAndBody(wSSConsumerConfig.isOnlySignEntireHeadersAndBody());
        wSSSignatureContext.setVerificationResult(verificationResult);
        try {
            Validity verify = wSSSignatureContext.verify(oMElement, key, signatureObject);
            if (wSSSignatureContext.isHWAccelerationProvider()) {
                ConfigUtil.returnHWCryptoProviderInstance(wSSSignatureContext.getHWConfigName(), wSSSignatureContext.getHWAccelerationProvider());
            }
            if (wSSSignatureContext.useHWKeyStore()) {
                ConfigUtil.returnHWCryptoProviderInstance(wSSSignatureContext.getHWKeyStoreName(), wSSSignatureContext.getHWKeyStoreProvider());
            }
            signatureObject.clear();
            boolean coreValidity = verify.getCoreValidity();
            String str = null;
            if (!coreValidity || tc.isDebugEnabled()) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("Core validity=");
                stringBuffer.append(coreValidity);
                stringBuffer.append(" Signed info validity=");
                stringBuffer.append(verify.getSignedInfoValidity());
                stringBuffer.append(" Signed info message='");
                stringBuffer.append(verify.getSignedInfoMessage());
                stringBuffer.append("'");
                int numberOfReferences = verify.getNumberOfReferences();
                for (int i = 0; i < numberOfReferences; i++) {
                    stringBuffer.append(" Ref[");
                    stringBuffer.append(i);
                    stringBuffer.append("](validity=");
                    stringBuffer.append(verify.getReferenceValidity(i));
                    stringBuffer.append(" message='");
                    stringBuffer.append(verify.getReferenceMessage(i));
                    stringBuffer.append("' uri='");
                    stringBuffer.append(verify.getReferenceURI(i));
                    stringBuffer.append("' type='");
                    stringBuffer.append(verify.getReferenceType(i));
                    stringBuffer.append("')");
                }
                str = stringBuffer.toString();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, str);
                }
                if (coreValidity) {
                    str = null;
                }
            }
            if (str != null) {
                throw SoapSecurityException.format("security.wssecurity.SignatureConsumer.s01", str);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "verify(Element signature,Key key,WSSConsumerConfig gconfig,SignatureConsumerConfig config,IDResolver idResolver,Document document,VerificationResult vresult,Map selectors,SignatureObject signatureObject,Map context)");
            }
        } catch (Throwable th) {
            if (wSSSignatureContext.isHWAccelerationProvider()) {
                ConfigUtil.returnHWCryptoProviderInstance(wSSSignatureContext.getHWConfigName(), wSSSignatureContext.getHWAccelerationProvider());
            }
            if (wSSSignatureContext.useHWKeyStore()) {
                ConfigUtil.returnHWCryptoProviderInstance(wSSSignatureContext.getHWKeyStoreName(), wSSSignatureContext.getHWKeyStoreProvider());
            }
            signatureObject.clear();
            throw th;
        }
    }

    public static Key callKeyInfoConsumer(KeyInfoConsumerConfig keyInfoConsumerConfig, String str, Map<Object, Object> map, Map<Object, Object> map2, OMElement oMElement, Map<Object, Object> map3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "callKeyInfoConsumer(KeyInfoConsumerConfig config,String keytype[" + str + "],Map type,Map properties,OMElement target[" + DOMUtils.getDisplayName((OMNode) oMElement) + "],Map context)");
        }
        Key callKeyInfoConsumer = callKeyInfoConsumer(keyInfoConsumerConfig, str, map, map2, CommonContentConsumer.resolveKeyInfo(oMElement, map3), map3);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "callKeyInfoConsumer(KeyInfoConsumerConfig config,String keytype,Map type,Map properties,OMElement target,Map context) returns Key[" + callKeyInfoConsumer + "]");
        }
        return callKeyInfoConsumer;
    }

    public static Key callKeyInfoConsumer(KeyInfoConsumerConfig keyInfoConsumerConfig, String str, Map<Object, Object> map, Map<Object, Object> map2, CommonContentConsumer.ResolvedKeyInfo resolvedKeyInfo, Map<Object, Object> map3) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "callKeyInfoConsumer(KeyInfoConsumerConfig config,String keytype[" + str + "],Map type,Map properties,ResolvedKeyInfo kinfo[" + resolvedKeyInfo + "],Map context)");
        }
        KeyInfoConsumer keyInfoConsumer = (KeyInfoConsumer) map2.get(KeyInfoConsumer.class);
        map.clear();
        map.put(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE, str);
        map3.put(KeyInfoConsumerConfig.CONFIG_KEY, keyInfoConsumerConfig);
        Key key = keyInfoConsumer.getKey(resolvedKeyInfo, map, map3);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "callKeyInfoConsumer(KeyInfoConsumerConfig config,String keytype,Map type,Map properties,ResolvedKeyInfo kinfo,Map context) returns Key[" + key + "]");
        }
        return key;
    }

    private static void setVerificationResult(VerificationResult verificationResult, SignatureConsumerConfig signatureConsumerConfig, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setVerificationResult(VerificationResult vresult[" + verificationResult + "],SignatureConsumerConfig sconfig,Map context)");
        }
        for (VerificationResult.VerifiedPart verifiedPart : verificationResult._verifiedParts) {
            removeNode(verifiedPart._timestamp, Constants.WAS_EXTENTION_DSIG);
            removeNode(verifiedPart._nonce, Constants.WAS_EXTENTION_DSIG);
        }
        verificationResult._tokenWrapper = getTokenWrapper(verificationResult, signatureConsumerConfig, map);
        ResultPool.add(map, verificationResult);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setVerificationResult(VerificationResult vresult,SignatureConsumerConfig sconfig,Map context)");
        }
    }

    public static void removeNode(OMElement oMElement, String str) {
        String attributeValue;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeNode(OMElement element[" + DOMUtils.getDisplayName((OMNode) oMElement) + "],String type[" + str + "])");
        }
        if (oMElement != null && (attributeValue = oMElement.getAttributeValue(Constants.WAS_EXTENTION_Q)) != null && attributeValue.equals(str)) {
            oMElement.detach();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeNode(OMElement element, String type)");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static KeyInfoResult[] getKeyInfoResults(Map<Object, Object> map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyInfoResults(Map context)");
        }
        KeyInfoResult[] keyInfoResultArr = null;
        Result[] resultArr = ResultPool.get(map, KeyInfoResult.class);
        if (resultArr != null) {
            keyInfoResultArr = new KeyInfoResult[resultArr.length];
            for (int i = 0; i < resultArr.length; i++) {
                keyInfoResultArr[i] = (KeyInfoResult) resultArr[i];
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInfoResults(Map context) returns KeyInfoResult[][" + keyInfoResultArr + "]");
        }
        return keyInfoResultArr;
    }

    private static KeyInfoResult getProcessedResult(VerificationResult verificationResult, KeyInfoResult[] keyInfoResultArr, List<KeyInfoContentConsumerConfig> list) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProcessedResult(VerificationResult vresult,KeyInfoResult[] results,List kclist");
        }
        KeyInfoResult keyInfoResult = null;
        if (keyInfoResultArr != null) {
            for (KeyInfoResult keyInfoResult2 : keyInfoResultArr) {
                if (keyInfoResult == null && list.contains(keyInfoResult2.getKeyInfoContentConsumer()) && keyInfoResult2.getError() == null) {
                    keyInfoResult = keyInfoResult2;
                } else {
                    verificationResult._kresults.put(keyInfoResult2.getKeyInfoContentConsumer(), keyInfoResult2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getProcessedResult(VerificationResult vresult,KeyInfoResult[] results,List kclist) returns KeyInfoResult[" + keyInfoResult + "]");
        }
        return keyInfoResult;
    }

    private static SecurityTokenWrapper getTokenWrapper(VerificationResult verificationResult, SignatureConsumerConfig signatureConsumerConfig, Map<Object, Object> map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokenWrapper(VerificationResult vresult[" + verificationResult + "],SignatureConsumerConfig sconfig,Map context)");
        }
        SecurityTokenWrapper securityTokenWrapper = null;
        Collection<SecurityTokenWrapper> collection = null;
        KeyInfoResult[] keyInfoResults = getKeyInfoResults(map);
        KeyInfoResult processedResult = getProcessedResult(verificationResult, keyInfoResults, signatureConsumerConfig.getSigningKeyInfo().getContentConsumers());
        if (processedResult != null) {
            String idInSubject = processedResult.getIdInSubject();
            SecurityTokenManagerImpl securityTokenManagerImpl = (SecurityTokenManagerImpl) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_SECURITY_TOKEN_MANAGER);
            final SecurityTokenWrapper tokenWrapper = securityTokenManagerImpl.getTokenWrapper(securityTokenManagerImpl.getToken(processedResult.getKeyInfoContentConsumer().getTokenConsumer(), idInSubject));
            if (tokenWrapper != null) {
                if (tokenWrapper.getError() != null) {
                    throw tokenWrapper.getError();
                }
                securityTokenWrapper = (SecurityTokenWrapper) AccessController.doPrivileged(new PrivilegedAction<SecurityTokenWrapper>() { // from class: com.ibm.ws.wssecurity.dsig.SignatureConsumer.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public SecurityTokenWrapper run() {
                        SecurityTokenWrapper.this.setReferenced(true);
                        SecurityTokenWrapper securityTokenWrapper2 = new SecurityTokenWrapper(SecurityTokenWrapper.this.getSecurityToken(), SecurityTokenWrapper.this.getWssapiCallbackHandler(), SecurityTokenWrapper.this.getWssapiLoginConfigName());
                        securityTokenWrapper2.setKeyInfoType(SecurityTokenWrapper.this.getKeyInfoType());
                        securityTokenWrapper2.setProcessed(SecurityTokenWrapper.this.isProcessed());
                        if (SecurityTokenWrapper.this.isReadOnly()) {
                            securityTokenWrapper2.setReadOnly();
                        }
                        securityTokenWrapper2.setReferenced(SecurityTokenWrapper.this.isReferenced());
                        securityTokenWrapper2.setUsedTokenConsumer(SecurityTokenWrapper.this.getUsedTokenConsumerHash(), SecurityTokenWrapper.this.getUsedTokenConsumerClass());
                        securityTokenWrapper2.setUsedTokenGenerator(SecurityTokenWrapper.this.getUsedTokenGeneratorHash());
                        securityTokenWrapper2.setUsedToLogin(SecurityTokenWrapper.this.isUsedToLogin());
                        securityTokenWrapper2.setWssapiReferenceType(SecurityTokenWrapper.this.getWssapiReferenceType());
                        return securityTokenWrapper2;
                    }
                });
            }
            collection = securityTokenManagerImpl.getTokenWrappers(securityTokenManagerImpl.getTokens(idInSubject));
        }
        List<VerifiedConfig> list = signatureConsumerConfig.getIdentityMap().get(verificationResult._srconfig);
        if (list != null && list.size() > 0) {
            for (VerifiedConfig verifiedConfig : list) {
                for (KeyInfoContentConsumerConfig keyInfoContentConsumerConfig : verifiedConfig._sconfig.getSigningKeyInfo().getContentConsumers()) {
                    int i = 0;
                    while (true) {
                        if (i >= keyInfoResults.length) {
                            break;
                        }
                        if (keyInfoContentConsumerConfig.equals(keyInfoResults[i].getKeyInfoContentConsumer())) {
                            verificationResult._identities.put(verifiedConfig, keyInfoResults[i]);
                            break;
                        }
                        i++;
                    }
                }
            }
        }
        if (collection != null && collection.size() > 0) {
            for (KeyInfoResult keyInfoResult : keyInfoResults) {
                TokenConsumerConfig tokenConsumer = keyInfoResult.getKeyInfoContentConsumer().getTokenConsumer();
                if (tokenConsumer != null) {
                    Iterator<SecurityTokenWrapper> it = collection.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            SecurityTokenWrapper next = it.next();
                            if (tokenConsumer.hashCode() == next.getUsedTokenConsumerHash()) {
                                verificationResult._kresults.put(keyInfoResult, next);
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTokenWrapper(VerificationResult vresult,SignatureConsumerConfig sconfig,Map context) returns SecurityTokenWrapper[" + securityTokenWrapper + "]");
        }
        return securityTokenWrapper;
    }
}
