package com.tmax.ws.security.processor;

import com.tmax.org.apache.xml.security.exceptions.XMLSecurityException;
import com.tmax.org.apache.xml.security.keys.KeyInfo;
import com.tmax.org.apache.xml.security.signature.SignedInfo;
import com.tmax.org.apache.xml.security.signature.XMLSignature;
import com.tmax.org.apache.xml.security.signature.XMLSignatureException;
import com.tmax.ws.security.WSConstants;
import com.tmax.ws.security.WSDocInfo;
import com.tmax.ws.security.WSDocInfoStore;
import com.tmax.ws.security.WSSConfig;
import com.tmax.ws.security.WSSecurityEngine;
import com.tmax.ws.security.WSSecurityEngineResult;
import com.tmax.ws.security.WSSecurityException;
import com.tmax.ws.security.WSUsernameTokenPrincipal;
import com.tmax.ws.security.components.crypto.Crypto;
import com.tmax.ws.security.message.EnvelopeIdResolver;
import com.tmax.ws.security.message.token.BinarySecurity;
import com.tmax.ws.security.message.token.PKIPathSecurity;
import com.tmax.ws.security.message.token.SecurityTokenReference;
import com.tmax.ws.security.message.token.UsernameToken;
import com.tmax.ws.security.message.token.X509Security;
import com.tmax.ws.security.util.WSSecurityUtil;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Vector;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import jeus.util.message.JeusMessage_Webservices_SEC;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com/tmax/ws/security/processor/SignatureProcessor.class */
public class SignatureProcessor implements Processor {
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v7, types: [byte[], byte[][]] */
    @Override // com.tmax.ws.security.processor.Processor
    public void handleToken(Element element, Crypto crypto, Crypto crypto2, WSDocInfo wSDocInfo, Vector vector, WSSConfig wSSConfig, CallbackHandler callbackHandler) throws WSSecurityException {
        logger.log(JeusMessage_Webservices_SEC._6031_LEVEL, "WSS(" + element.getOwnerDocument().hashCode() + "): 'Signature' element found");
        WSDocInfoStore.store(wSDocInfo);
        X509Certificate[] x509CertificateArr = new X509Certificate[1];
        Vector[] vectorArr = new Vector[1];
        ?? r0 = new byte[1];
        try {
            try {
                Principal verifyXMLSignature = verifyXMLSignature(element, crypto, x509CertificateArr, vectorArr, r0);
                WSDocInfoStore.delete(wSDocInfo);
                if (verifyXMLSignature instanceof WSUsernameTokenPrincipal) {
                    vector.add(0, new WSSecurityEngineResult(64, verifyXMLSignature, null, vectorArr[0], r0[0]));
                } else {
                    vector.add(0, new WSSecurityEngineResult(2, verifyXMLSignature, x509CertificateArr[0], vectorArr[0], r0[0]));
                }
                logger.log(JeusMessage_Webservices_SEC._6031_LEVEL, "WSS(" + element.getOwnerDocument().hashCode() + "): 'Signature' element processed successfully");
            } catch (WSSecurityException e) {
                throw e;
            }
        } catch (Throwable th) {
            WSDocInfoStore.delete(wSDocInfo);
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r0v105, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v110, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v116, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v12, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v26, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v58, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v69, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v92, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    protected Principal verifyXMLSignature(Element element, Crypto crypto, X509Certificate[] x509CertificateArr, Vector[] vectorArr, byte[][] bArr) throws WSSecurityException {
        try {
            XMLSignature xMLSignature = new XMLSignature(element, (String) null);
            xMLSignature.addResourceResolver(EnvelopeIdResolver.getInstance());
            X509Certificate x509Certificate = null;
            KeyInfo keyInfo = xMLSignature.getKeyInfo();
            byte[] bArr2 = null;
            UsernameToken usernameToken = null;
            if (keyInfo != null) {
                Node directChild = WSSecurityUtil.getDirectChild(keyInfo.getElement(), SecurityTokenReference.SECURITY_TOKEN_REFERENCE, WSConstants.WSSE_NS);
                if (directChild == null) {
                    ?? wSSecurityException = new WSSecurityException(3, "unsupportedKeyInfo");
                    logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, wSSecurityException.getMessage());
                    throw wSSecurityException;
                }
                SecurityTokenReference securityTokenReference = new SecurityTokenReference((Element) directChild);
                WSDocInfo lookup = WSDocInfoStore.lookup(element.getOwnerDocument().hashCode());
                if (securityTokenReference.containsReference()) {
                    Element tokenElement = securityTokenReference.getTokenElement(element.getOwnerDocument(), lookup);
                    QName qName = new QName(tokenElement.getNamespaceURI(), tokenElement.getLocalName());
                    if (qName.equals(WSSecurityEngine.usernameToken)) {
                        usernameToken = new UsernameToken(tokenElement);
                        bArr2 = usernameToken.getSecretKey();
                    } else {
                        if (crypto == null) {
                            ?? wSSecurityException2 = new WSSecurityException(0, "noSigCryptoFile");
                            logger.log(JeusMessage_Webservices_SEC._6011_LEVEL, JeusMessage_Webservices_SEC._6011, wSSecurityException2.getMessage());
                            throw wSSecurityException2;
                        }
                        if (!qName.equals(WSSecurityEngine.binaryToken)) {
                            ?? wSSecurityException3 = new WSSecurityException(3, "unsupportedKeyInfo", new Object[]{qName.toString()});
                            logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, wSSecurityException3.getMessage());
                            throw wSSecurityException3;
                        }
                        x509Certificate = getCertificatesTokenReference(tokenElement, crypto);
                    }
                } else if (securityTokenReference.containsX509Data() || securityTokenReference.containsX509IssuerSerial()) {
                    x509Certificate = securityTokenReference.getX509IssuerSerial(crypto);
                } else {
                    if (!securityTokenReference.containsKeyIdentifier()) {
                        ?? wSSecurityException4 = new WSSecurityException(3, "unsupportedKeyInfo", new Object[]{directChild.toString()});
                        logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, wSSecurityException4.getMessage());
                        throw wSSecurityException4;
                    }
                    x509Certificate = securityTokenReference.getKeyIdentifier(crypto);
                }
            } else if (crypto == null) {
                ?? wSSecurityException5 = new WSSecurityException(0, "noSigCryptoFile");
                logger.log(JeusMessage_Webservices_SEC._6011_LEVEL, JeusMessage_Webservices_SEC._6011, wSSecurityException5.getMessage());
                throw wSSecurityException5;
            }
            if (x509Certificate == null) {
                ?? wSSecurityException6 = new WSSecurityException(7);
                logger.log(JeusMessage_Webservices_SEC._6007_LEVEL, JeusMessage_Webservices_SEC._6007, wSSecurityException6.getMessage());
                throw wSSecurityException6;
            }
            try {
                x509Certificate.checkValidity();
                try {
                    if (!(x509Certificate != null ? xMLSignature.checkSignatureValue(x509Certificate) : xMLSignature.checkSignatureValue(xMLSignature.createSecretKey(bArr2)))) {
                        ?? wSSecurityException7 = new WSSecurityException(6);
                        logger.log(JeusMessage_Webservices_SEC._6006_LEVEL, JeusMessage_Webservices_SEC._6006, wSSecurityException7.getMessage());
                        throw wSSecurityException7;
                    }
                    bArr[0] = xMLSignature.getSignatureValue();
                    SignedInfo signedInfo = xMLSignature.getSignedInfo();
                    int length = signedInfo.getLength();
                    Vector vector = new Vector(length);
                    for (int i = 0; i < length; i++) {
                        try {
                            String uri = signedInfo.item(i).getURI();
                            Element elementByWsuId = WSSecurityUtil.getElementByWsuId(element.getOwnerDocument(), uri);
                            if (elementByWsuId == null) {
                                elementByWsuId = WSSecurityUtil.getElementByGenId(element.getOwnerDocument(), uri);
                            }
                            if (elementByWsuId == null) {
                                ?? wSSecurityException8 = new WSSecurityException(6);
                                logger.log(JeusMessage_Webservices_SEC._6006_LEVEL, JeusMessage_Webservices_SEC._6006, wSSecurityException8.getMessage());
                                throw wSSecurityException8;
                            }
                            vector.add(new QName(elementByWsuId.getNamespaceURI(), elementByWsuId.getLocalName()));
                        } catch (XMLSecurityException e) {
                            logger.log(JeusMessage_Webservices_SEC._6006_LEVEL, "WSS: FailedCheck", e);
                            throw new WSSecurityException(6);
                        }
                    }
                    vectorArr[0] = vector;
                    if (x509Certificate != null) {
                        x509CertificateArr[0] = x509Certificate;
                        return x509Certificate.getSubjectDN();
                    }
                    WSUsernameTokenPrincipal wSUsernameTokenPrincipal = new WSUsernameTokenPrincipal(usernameToken.getName(), usernameToken.isHashed());
                    wSUsernameTokenPrincipal.setNonce(usernameToken.getNonce());
                    wSUsernameTokenPrincipal.setPassword(usernameToken.getPassword());
                    wSUsernameTokenPrincipal.setCreatedTime(usernameToken.getCreated());
                    return wSUsernameTokenPrincipal;
                } catch (XMLSignatureException e2) {
                    logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, "WSS: InvalidSecurity", e2);
                    throw new WSSecurityException(3);
                }
            } catch (Exception e3) {
                logger.log(JeusMessage_Webservices_SEC._6004_LEVEL, "WSS: InvalidSecurityToken", e3);
                throw new WSSecurityException(4, "invalidCert");
            }
        } catch (XMLSecurityException e4) {
            logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, "WSS: InvalidSecurity", e4);
            throw new WSSecurityException(3, "noXMLSig");
        }
    }

    public X509Certificate getCertificatesTokenReference(Element element, Crypto crypto) throws WSSecurityException {
        BinarySecurity createSecurityToken = createSecurityToken(element);
        if (!(createSecurityToken instanceof PKIPathSecurity)) {
            if (createSecurityToken instanceof X509Security) {
                return ((X509Security) createSecurityToken).getX509Certificate(crypto);
            }
            return null;
        }
        X509Certificate[] x509Certificates = ((PKIPathSecurity) createSecurityToken).getX509Certificates(false, crypto);
        if (x509Certificates == null || x509Certificates.length <= 0) {
            return null;
        }
        return x509Certificates[0];
    }

    /* JADX WARN: Type inference failed for: r0v9, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    private BinarySecurity createSecurityToken(Element element) throws WSSecurityException {
        String valueType = new BinarySecurity(element).getValueType();
        if (X509Security.getType().equals(valueType)) {
            return new X509Security(element);
        }
        if (PKIPathSecurity.getType().equals(valueType)) {
            return new PKIPathSecurity(element);
        }
        ?? wSSecurityException = new WSSecurityException(1, "unsupportedBinaryTokenType", new Object[]{valueType});
        logger.log(JeusMessage_Webservices_SEC._6001_LEVEL, JeusMessage_Webservices_SEC._6001, wSSecurityException.getMessage());
        throw wSSecurityException;
    }
}
