package com.tmax.ws.security.message;

import com.tmax.org.apache.xml.security.algorithms.SignatureAlgorithm;
import com.tmax.org.apache.xml.security.exceptions.XMLSecurityException;
import com.tmax.org.apache.xml.security.keys.KeyInfo;
import com.tmax.org.apache.xml.security.keys.content.X509Data;
import com.tmax.org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import com.tmax.org.apache.xml.security.signature.XMLSignature;
import com.tmax.org.apache.xml.security.signature.XMLSignatureException;
import com.tmax.org.apache.xml.security.transforms.TransformationException;
import com.tmax.org.apache.xml.security.transforms.Transforms;
import com.tmax.org.apache.xml.security.transforms.params.InclusiveNamespaces;
import com.tmax.org.apache.xml.security.utils.XMLUtils;
import com.tmax.ws.security.SOAPConstants;
import com.tmax.ws.security.WSConstants;
import com.tmax.ws.security.WSDocInfo;
import com.tmax.ws.security.WSDocInfoStore;
import com.tmax.ws.security.WSEncryptionPart;
import com.tmax.ws.security.WSSecurityException;
import com.tmax.ws.security.components.crypto.Crypto;
import com.tmax.ws.security.message.token.Reference;
import com.tmax.ws.security.message.token.SecurityTokenReference;
import com.tmax.ws.security.transform.STRTransform;
import com.tmax.ws.security.util.WSSecurityUtil;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import java.util.Vector;
import jeus.util.message.JeusMessage_Webservices_SEC;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:com/tmax/ws/security/message/WSSignEnvelope.class */
public class WSSignEnvelope extends WSBaseMessage {
    protected String sigAlgo;
    protected String canonAlgo;
    protected WSSAddUsernameToken usernameToken;
    protected WSSAddBinarySecurityToken binaryToken;
    protected byte[] signatureValue;

    public WSSignEnvelope() {
        this.sigAlgo = null;
        this.canonAlgo = WSConstants.C14N_EXCL_OMIT_COMMENTS;
        this.usernameToken = null;
        this.signatureValue = null;
    }

    public WSSignEnvelope(String str) {
        super(str);
        this.sigAlgo = null;
        this.canonAlgo = WSConstants.C14N_EXCL_OMIT_COMMENTS;
        this.usernameToken = null;
        this.signatureValue = null;
    }

    public WSSignEnvelope(String str, boolean z) {
        super(str, z);
        this.sigAlgo = null;
        this.canonAlgo = WSConstants.C14N_EXCL_OMIT_COMMENTS;
        this.usernameToken = null;
        this.signatureValue = null;
    }

    public void setSignatureAlgorithm(String str) {
        this.sigAlgo = str;
    }

    public String getSignatureAlgorithm() {
        return this.sigAlgo;
    }

    public void setSigCanonicalization(String str) {
        this.canonAlgo = str;
    }

    public String getSigCanonicalization() {
        return this.canonAlgo;
    }

    public void setUsernameToken(WSSAddUsernameToken wSSAddUsernameToken) {
        this.usernameToken = wSSAddUsernameToken;
    }

    public void setBinarySecurityToken(WSSAddBinarySecurityToken wSSAddBinarySecurityToken) {
        this.binaryToken = wSSAddBinarySecurityToken;
    }

    public byte[] getSignatureValue() {
        return this.signatureValue;
    }

    /* JADX WARN: Type inference failed for: r0v147, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v223, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v229, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    /* JADX WARN: Type inference failed for: r0v46, types: [java.lang.Throwable, com.tmax.ws.security.WSSecurityException] */
    public Document build(Document document, Crypto crypto, String str) throws WSSecurityException {
        XMLSignature xMLSignature;
        this.logger.log(JeusMessage_Webservices_SEC._6031_LEVEL, "WSS(" + document.hashCode() + "): Begining Signing");
        WSDocInfo wSDocInfo = new WSDocInfo(document.hashCode());
        wSDocInfo.setCrypto(crypto);
        Element documentElement = document.getDocumentElement();
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(documentElement);
        Element insertSecurityHeader = insertSecurityHeader(document);
        String str2 = null;
        X509Certificate x509Certificate = null;
        if (this.keyIdentifierType != 7) {
            x509Certificate = crypto.getCertificateWithUser(this.user);
            if (x509Certificate == null) {
                ?? wSSecurityException = new WSSecurityException(7, "invalidX509Data", new Object[]{"for Signature"});
                this.logger.log(JeusMessage_Webservices_SEC._6007_LEVEL, JeusMessage_Webservices_SEC._6007, wSSecurityException.getMessage());
                throw wSSecurityException;
            }
            str2 = "CertId-" + x509Certificate.hashCode();
            if (this.sigAlgo == null) {
                String algorithm = x509Certificate.getPublicKey().getAlgorithm();
                if (algorithm.equalsIgnoreCase("DSA")) {
                    this.sigAlgo = WSConstants.DSA;
                } else {
                    if (!algorithm.equalsIgnoreCase("RSA")) {
                        ?? wSSecurityException2 = new WSSecurityException(0, "invalidX509Data", new Object[]{"for Signature - unkown public key Algo"});
                        this.logger.log(JeusMessage_Webservices_SEC._6004_LEVEL, JeusMessage_Webservices_SEC._6004, wSSecurityException2.getMessage());
                        throw wSSecurityException2;
                    }
                    this.sigAlgo = WSConstants.RSA;
                }
            }
        }
        if (this.canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
            Element createElementInSignatureSpace = XMLUtils.createElementInSignatureSpace(document, "CanonicalizationMethod");
            createElementInSignatureSpace.setAttributeNS(null, "Algorithm", this.canonAlgo);
            if (this.wssConfig.isWsiBSPCompliant()) {
                createElementInSignatureSpace.appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(insertSecurityHeader, false)).getElement());
            }
            try {
                xMLSignature = new XMLSignature(document, (String) null, new SignatureAlgorithm(document, this.sigAlgo).getElement(), createElementInSignatureSpace);
            } catch (XMLSecurityException e) {
                this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, "WSS: InvalidSecurity", e);
                throw new WSSecurityException(9, "noXMLSig");
            }
        } else {
            try {
                xMLSignature = new XMLSignature(document, (String) null, this.sigAlgo, this.canonAlgo);
            } catch (XMLSecurityException e2) {
                this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, "WSS: InvalidSecurity", e2);
                throw new WSSecurityException(9, "noXMLSig");
            }
        }
        KeyInfo keyInfo = xMLSignature.getKeyInfo();
        String str3 = "KeyId-" + keyInfo.hashCode();
        keyInfo.setId(str3);
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
        String str4 = "STRId-" + securityTokenReference.hashCode();
        securityTokenReference.setID(str4);
        if (this.parts == null) {
            this.parts = new Vector();
            this.parts.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        }
        for (int i = 0; i < this.parts.size(); i++) {
            WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) this.parts.get(i);
            String id = wSEncryptionPart.getId();
            String name = wSEncryptionPart.getName();
            String namespace = wSEncryptionPart.getNamespace();
            if (id != null) {
                try {
                    Element elementByWsuId = WSSecurityUtil.getElementByWsuId(document, "#" + id);
                    Transforms transforms = new Transforms(document);
                    transforms.addTransform(WSConstants.C14N_EXCL_OMIT_COMMENTS);
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms.item(0).getElement().appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(elementByWsuId)).getElement());
                    }
                    xMLSignature.addDocument("#" + id, transforms);
                } catch (XMLSignatureException e3) {
                    this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, "WSS: InvalidSecurity", e3);
                    throw new WSSecurityException(9, "noXMLSig", null, e3);
                } catch (TransformationException e4) {
                    this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, "WSS: InvalidSecurity", e4);
                    throw new WSSecurityException(9, "noXMLSig", null, e4);
                }
            } else {
                if (name.equals("Token")) {
                    Transforms transforms2 = new Transforms(document);
                    transforms2.addTransform(WSConstants.C14N_EXCL_OMIT_COMMENTS);
                    if (this.keyIdentifierType == 1) {
                        if (this.wssConfig.isWsiBSPCompliant()) {
                            transforms2.item(0).getElement().appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(insertSecurityHeader)).getElement());
                        }
                        xMLSignature.addDocument("#" + str2, transforms2);
                    } else {
                        if (this.wssConfig.isWsiBSPCompliant()) {
                            transforms2.item(0).getElement().appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(keyInfo.getElement())).getElement());
                        }
                        xMLSignature.addDocument("#" + str3, transforms2);
                    }
                } else if (name.equals("STRTransform")) {
                    Element createSTRParameter = createSTRParameter(document);
                    Transforms transforms3 = new Transforms(document);
                    transforms3.addTransform(STRTransform.implementedTransformURI, createSTRParameter);
                    xMLSignature.addDocument("#" + str4, transforms3);
                } else {
                    Element element = (Element) WSSecurityUtil.findElement(documentElement, name, namespace);
                    if (element == null) {
                        ?? wSSecurityException3 = new WSSecurityException(0, "noEncElement", new Object[]{namespace + ", " + name});
                        this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, wSSecurityException3.getMessage());
                        throw wSSecurityException3;
                    }
                    Transforms transforms4 = new Transforms(document);
                    transforms4.addTransform(WSConstants.C14N_EXCL_OMIT_COMMENTS);
                    if (this.wssConfig.isWsiBSPCompliant()) {
                        transforms4.item(0).getElement().appendChild(new InclusiveNamespaces(document, getInclusivePrefixes(element)).getElement());
                    }
                    xMLSignature.addDocument("#" + setWsuId(element), transforms4);
                }
            }
        }
        xMLSignature.addResourceResolver(EnvelopeIdResolver.getInstance());
        WSSecurityUtil.prependChildElement(document, insertSecurityHeader, xMLSignature.getElement(), false);
        byte[] bArr = null;
        switch (this.keyIdentifierType) {
            case 1:
                Reference reference = new Reference(document);
                reference.setURI("#" + this.binaryToken.getId());
                reference.setValueType(this.binaryToken.getValueType());
                securityTokenReference.setReference(reference);
                Element element2 = this.binaryToken.getElement();
                WSSecurityUtil.prependChildElement(document, insertSecurityHeader, element2, false);
                wSDocInfo.setBst(element2);
                break;
            case 2:
                XMLX509IssuerSerial xMLX509IssuerSerial = new XMLX509IssuerSerial(document, x509Certificate);
                X509Data x509Data = new X509Data(document);
                x509Data.add(xMLX509IssuerSerial);
                securityTokenReference.setX509IssuerSerial(x509Data);
                break;
            case 3:
                securityTokenReference.setKeyIdentifier(x509Certificate);
                break;
            case 4:
                securityTokenReference.setKeyIdentifierSKI(x509Certificate, crypto);
                break;
            case 5:
            case 6:
            default:
                ?? wSSecurityException4 = new WSSecurityException(0, "unsupportedKeyId");
                this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, JeusMessage_Webservices_SEC._6003, wSSecurityException4.getMessage());
                throw wSSecurityException4;
            case 7:
                Reference reference2 = new Reference(document);
                reference2.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
                String id2 = this.usernameToken.getId();
                if (id2 == null) {
                    id2 = "usernameTokenId-" + this.usernameToken.hashCode();
                    this.usernameToken.setId(id2);
                }
                reference2.setURI("#" + id2);
                securityTokenReference.setReference(reference2);
                bArr = this.usernameToken.getSecretKey();
                break;
        }
        keyInfo.addUnknownElement(securityTokenReference.getElement());
        WSDocInfoStore.store(wSDocInfo);
        try {
            try {
                try {
                    Key createSecretKey = this.keyIdentifierType == 7 ? xMLSignature.createSecretKey(bArr) : crypto.getPrivateKeyWithUser(this.user, str);
                    if (createSecretKey == null) {
                        this.logger.log(JeusMessage_Webservices_SEC._6007_LEVEL, JeusMessage_Webservices_SEC._6007, "The interesting privatekey not found");
                        throw new WSSecurityException("The interesting privatekey not found", 7);
                    }
                    xMLSignature.sign(createSecretKey);
                    this.signatureValue = xMLSignature.getSignatureValue();
                    WSDocInfoStore.delete(wSDocInfo);
                    this.logger.log(JeusMessage_Webservices_SEC._6031_LEVEL, "WSS(" + document.hashCode() + "): Signing ended successfully");
                    return document;
                } catch (Throwable th) {
                    WSDocInfoStore.delete(wSDocInfo);
                    throw th;
                }
            } catch (XMLSignatureException e5) {
                this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, "WSS: InvalidSecurity", e5);
                throw new WSSecurityException(9, null, null, e5);
            }
        } catch (Exception e6) {
            this.logger.log(JeusMessage_Webservices_SEC._6003_LEVEL, "WSS: InvalidSecurity", e6);
            throw new WSSecurityException(9, null, null, e6);
        }
    }

    protected Element createSTRParameter(Document document) {
        Element createElementNS = document.createElementNS(WSConstants.WSSE_NS, "wsse:TransformationParameters");
        WSSecurityUtil.setNamespace(createElementNS, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
        Element createElementNS2 = document.createElementNS(WSConstants.SIG_NS, "ds:CanonicalizationMethod");
        WSSecurityUtil.setNamespace(createElementNS2, WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
        createElementNS2.setAttributeNS(null, "Algorithm", WSConstants.C14N_EXCL_OMIT_COMMENTS);
        createElementNS.appendChild(createElementNS2);
        return createElementNS;
    }

    protected Set getInclusivePrefixes(Element element) {
        return getInclusivePrefixes(element, true);
    }

    protected Set getInclusivePrefixes(Element element, boolean z) {
        HashSet hashSet = new HashSet();
        Element element2 = element;
        while (!(element2.getParentNode() instanceof Document)) {
            element2 = element2.getParentNode();
            NamedNodeMap attributes = element2.getAttributes();
            for (int i = 0; i < attributes.getLength(); i++) {
                Node item = attributes.item(i);
                if (item.getNamespaceURI() != null && item.getNamespaceURI().equals("http://www.w3.org/2000/xmlns/")) {
                    if (item.getNodeName().equals("xmlns")) {
                        hashSet.add("#default");
                    } else {
                        hashSet.add(item.getLocalName());
                    }
                }
            }
        }
        if (z) {
            NamedNodeMap attributes2 = element.getAttributes();
            for (int i2 = 0; i2 < attributes2.getLength(); i2++) {
                Node item2 = attributes2.item(i2);
                if (item2.getNamespaceURI() != null && item2.getNamespaceURI().equals("http://www.w3.org/2000/xmlns/")) {
                    if (item2.getNodeName().equals("xmlns")) {
                        hashSet.remove("#default");
                    } else {
                        hashSet.remove(item2.getLocalName());
                    }
                }
                if (item2.getPrefix() != null) {
                    hashSet.remove(item2.getPrefix());
                }
            }
            if (element.getPrefix() == null) {
                hashSet.remove("#default");
            } else {
                hashSet.remove(element.getPrefix());
            }
        }
        return hashSet;
    }
}
