package com.sun.xml.wss.impl.dsig;

import com.sun.xml.wss.WSITXMLFactory;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.SecurityTokenReference;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.XMLUtil;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.MLSPolicy;
import com.sun.xml.wss.impl.policy.PolicyGenerationException;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.Parameter;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.impl.policy.mls.Target;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.logging.impl.dsig.LogStringsMessages;
import com.sun.xml.wss.util.NodeListImpl;
import jakarta.xml.soap.AttachmentPart;
import jakarta.xml.soap.SOAPBody;
import jakarta.xml.soap.SOAPElement;
import jakarta.xml.soap.SOAPException;
import jakarta.xml.soap.SOAPHeader;
import jakarta.xml.soap.SOAPMessage;
import jakarta.xml.soap.Text;
import java.io.ByteArrayOutputStream;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javanet.staxutils.Indentation;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyName;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec;
import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
import javax.xml.namespace.QName;
import javax.xml.transform.Transformer;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import org.slf4j.Marker;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/sun/xml/wss/impl/dsig/WSSPolicyConsumerImpl.class */
public class WSSPolicyConsumerImpl {
    public static final String defaultJSR105Provider = "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI";
    private String providerName;
    private String pMT;
    private URIDereferencer externalURIResolver = null;
    private Provider provider;
    private static Logger logger = Logger.getLogger(LogDomainConstants.IMPL_SIGNATURE_DOMAIN_BUNDLE, LogDomainConstants.IMPL_SIGNATURE_DOMAIN_BUNDLE);
    private static volatile WSSPolicyConsumerImpl wpcInstance = null;

    /* loaded from: input_file:com/sun/xml/wss/impl/dsig/WSSPolicyConsumerImpl$WSSProvider.class */
    public static final class WSSProvider extends Provider {
        private static final String INFO = "WSS_TRANSFORM (DOM WSS_TRANSFORM_PROVIDER)";

        public WSSProvider() {
            super("WSS_TRANSFORM", 1.0d, INFO);
            HashMap hashMap = new HashMap();
            hashMap.put("TransformService.http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Complete-Transform", "com.sun.xml.wss.impl.transform.ACTransform");
            hashMap.put("TransformService.http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Complete-Transform MechanismType", "DOM");
            hashMap.put("TransformService.http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform", "com.sun.xml.wss.impl.transform.DOMSTRTransform");
            hashMap.put("TransformService.http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform MechanismType", "DOM");
            hashMap.put("TransformService.http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform", "com.sun.xml.wss.impl.transform.ACOTransform");
            hashMap.put("TransformService.http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform MechanismType", "DOM");
            putAll(hashMap);
        }
    }

    private WSSPolicyConsumerImpl() {
        this.providerName = null;
        this.pMT = null;
        this.provider = null;
        this.providerName = System.getProperty("jsr105Provider", defaultJSR105Provider);
        this.pMT = System.getProperty("jsr105MechanismType", "DOM");
        try {
            this.provider = (Provider) Class.forName(this.providerName, true, getClass().getClassLoader()).newInstance();
        } catch (Exception e) {
            try {
                this.provider = (Provider) Class.forName(this.providerName, true, Thread.currentThread().getContextClassLoader()).newInstance();
            } catch (Exception e2) {
                logger.log(Level.WARNING, LogStringsMessages.WSS_1324_DSIG_FACTORY(), (Throwable) e2);
            }
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, "JSR 105 provider is : " + this.providerName);
            logger.log(Level.FINEST, "JSR 105 provider mechanism is : " + this.pMT);
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.xml.wss.impl.dsig.WSSPolicyConsumerImpl.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    Security.insertProviderAt(WSSPolicyConsumerImpl.this.provider, 5);
                    Security.insertProviderAt(new WSSProvider(), 6);
                    return null;
                } catch (SecurityException e3) {
                    Security.addProvider(WSSPolicyConsumerImpl.this.provider);
                    Security.addProvider(new WSSProvider());
                    return null;
                }
            }
        });
    }

    public static WSSPolicyConsumerImpl getInstance() {
        if (wpcInstance == null) {
            synchronized (WSSPolicyConsumerImpl.class) {
                if (wpcInstance == null) {
                    wpcInstance = new WSSPolicyConsumerImpl();
                }
            }
        }
        return wpcInstance;
    }

    public SignedInfo constructSignedInfo(FilterProcessingContext filterProcessingContext) throws PolicyGenerationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, XWSSecurityException {
        if (PolicyTypeUtil.signaturePolicy(filterProcessingContext.getSecurityPolicy())) {
            return generateSignedInfo(filterProcessingContext);
        }
        return null;
    }

    public XMLSignature constructSignature(SignedInfo signedInfo, KeyInfo keyInfo) {
        return getSignatureFactory().newXMLSignature(signedInfo, keyInfo);
    }

    public XMLSignature constructSignature(SignedInfo signedInfo, KeyInfo keyInfo, String str) {
        return getSignatureFactory().newXMLSignature(signedInfo, keyInfo, (List) null, str, (String) null);
    }

    public KeyInfo constructKeyInfo(MLSPolicy mLSPolicy, SecurityTokenReference securityTokenReference) throws PolicyGenerationException, SOAPException, XWSSecurityException {
        if (PolicyTypeUtil.signaturePolicy(mLSPolicy)) {
            return getKeyInfoFactory().newKeyInfo(Collections.singletonList(new DOMStructure(securityTokenReference.getAsSoapElement())));
        }
        return null;
    }

    public KeyInfo constructKeyInfo(MLSPolicy mLSPolicy, String str) throws PolicyGenerationException, SOAPException, XWSSecurityException {
        if (!PolicyTypeUtil.signaturePolicy(mLSPolicy)) {
            return null;
        }
        KeyInfoFactory keyInfoFactory = getKeyInfoFactory();
        KeyName newKeyName = keyInfoFactory.newKeyName(str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(newKeyName);
        return keyInfoFactory.newKeyInfo(arrayList);
    }

    public XMLSignatureFactory getSignatureFactory() {
        try {
            return XMLSignatureFactory.getInstance("DOM", this.provider);
        } catch (Exception e) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1324_DSIG_FACTORY(), (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public KeyInfoFactory getKeyInfoFactory() {
        try {
            return getSignatureFactory().getKeyInfoFactory();
        } catch (Exception e) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1323_DSIG_KEYINFO_FACTORY(), (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public SignaturePolicy constructSignaturePolicy(SignedInfo signedInfo, boolean z) {
        SignaturePolicy signaturePolicy = new SignaturePolicy();
        constructSignaturePolicy(signedInfo, z, signaturePolicy);
        return signaturePolicy;
    }

    public void constructSignaturePolicy(SignedInfo signedInfo, boolean z, SignaturePolicy signaturePolicy) {
        List<Reference> references = signedInfo.getReferences();
        CanonicalizationMethod canonicalizationMethod = signedInfo.getCanonicalizationMethod();
        signaturePolicy.isBSP(z);
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding();
        featureBinding.setCanonicalizationAlgorithm(canonicalizationMethod.getAlgorithm());
        for (Reference reference : references) {
            SignatureTarget.Transform signatureTransform = getSignatureTransform(reference);
            SignatureTarget signatureTarget = new SignatureTarget();
            signatureTarget.isBSP(z);
            if (signatureTransform != null) {
                signatureTarget.addTransform(signatureTransform);
            }
            signatureTarget.setDigestAlgorithm(reference.getDigestMethod().getAlgorithm());
            if (reference.getURI().length() > 0) {
                signatureTarget.setValue(SecurableSoapMessage.getIdFromFragmentRef(reference.getURI()));
            } else {
                signatureTarget.setValue(reference.getURI());
            }
            signatureTarget.setType("uri");
            featureBinding.addTargetBinding(signatureTarget);
        }
    }

    public void constructSignaturePolicy(SignedInfo signedInfo, SignaturePolicy signaturePolicy, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        List<Reference> references = signedInfo.getReferences();
        CanonicalizationMethod canonicalizationMethod = signedInfo.getCanonicalizationMethod();
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding();
        featureBinding.setCanonicalizationAlgorithm(canonicalizationMethod.getAlgorithm());
        for (Reference reference : references) {
            SignatureTarget.Transform signatureTransform = getSignatureTransform(reference);
            SignatureTarget signatureTarget = new SignatureTarget();
            if (signatureTransform != null) {
                signatureTarget.addTransform(signatureTransform);
            }
            signatureTarget.setDigestAlgorithm(reference.getDigestMethod().getAlgorithm());
            if (reference.getURI().length() > 0) {
                String idFromFragmentRef = SecurableSoapMessage.getIdFromFragmentRef(reference.getURI());
                SOAPElement elementById = securableSoapMessage.getElementById(idFromFragmentRef);
                if (elementById == null) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1376_FAILED_VERIFY_POLICY_NO_ELEMENTBY_ID());
                    throw new XWSSecurityException("Policy verification for Signature failed: Element with Id: " + idFromFragmentRef + "not found in message");
                }
                if (elementById.getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd") || elementById.getNamespaceURI().equals("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd") || elementById.getNamespaceURI().equals("http://schemas.xmlsoap.org/ws/2005/02/sc") || elementById.getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")) {
                    signatureTarget.setValue("#" + idFromFragmentRef);
                    signatureTarget.setType("uri");
                } else {
                    signatureTarget.setQName(new QName(elementById.getNamespaceURI(), elementById.getLocalName()));
                    signatureTarget.setType("qname");
                }
            }
            featureBinding.addTargetBinding(signatureTarget);
        }
    }

    public SignatureTarget.Transform getSignatureTransform(Reference reference) {
        SignatureTarget.Transform transform = null;
        for (Transform transform2 : reference.getTransforms()) {
            String algorithm = transform2.getAlgorithm();
            transform = new SignatureTarget.Transform();
            transform.setTransform(algorithm);
            transform.setAlgorithmParameters(transform2.getParameterSpec());
        }
        return transform;
    }

    public void addCanonicalizationParams(AlgorithmParameterSpec algorithmParameterSpec, HashMap hashMap) {
        if (algorithmParameterSpec instanceof XPathFilterParameterSpec) {
            hashMap.put("XPATH", ((XPathFilterParameterSpec) algorithmParameterSpec).getXPath());
        } else if (algorithmParameterSpec instanceof XPathFilter2ParameterSpec) {
            hashMap.put("XPATH2", ((XPathFilter2ParameterSpec) algorithmParameterSpec).getXPathList());
        }
    }

    private SignedInfo generateSignedInfo(FilterProcessingContext filterProcessingContext) throws PolicyGenerationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, XWSSecurityException {
        SignaturePolicy signaturePolicy = (SignaturePolicy) filterProcessingContext.getSecurityPolicy();
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy.getFeatureBinding();
        MLSPolicy keyBinding = signaturePolicy.getKeyBinding();
        XMLSignatureFactory signatureFactory = getSignatureFactory();
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        String canonicalizationAlgorithm = featureBinding.getCanonicalizationAlgorithm();
        boolean disableInclusivePrefix = featureBinding.getDisableInclusivePrefix();
        ArrayList targetBindings = featureBinding.getTargetBindings();
        String str = MessageConstants.RSA_SHA1;
        if (filterProcessingContext.getAlgorithmSuite() != null) {
            str = filterProcessingContext.getAlgorithmSuite().getSignatureAlgorithm();
        }
        String keyAlgo = SecurityUtil.getKeyAlgo(str);
        if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
            AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
            if (!"".equals(x509CertificateBinding.getKeyAlgorithm())) {
                keyAlgo = x509CertificateBinding.getKeyAlgorithm();
            }
        } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
            AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding;
            if (!"".equals(sAMLAssertionBinding.getKeyAlgorithm())) {
                keyAlgo = sAMLAssertionBinding.getKeyAlgorithm();
            }
        } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
            SymmetricKeyBinding symmetricKeyBinding = (SymmetricKeyBinding) keyBinding;
            keyAlgo = !"".equals(symmetricKeyBinding.getKeyAlgorithm()) ? symmetricKeyBinding.getKeyAlgorithm() : "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
        } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
            keyAlgo = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
        } else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
            keyAlgo = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
            if (PolicyTypeUtil.issuedTokenKeyBinding(((DerivedTokenKeyBinding) keyBinding).getOriginalKeyBinding()) && filterProcessingContext.getTrustContext().getProofKey() == null) {
                keyAlgo = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            }
        } else {
            if (!PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1335_UNSUPPORTED_KEYBINDING_SIGNATUREPOLICY());
                throw new XWSSecurityException("Unsupported KeyBinding for SignaturePolicy");
            }
            keyAlgo = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
            if (filterProcessingContext.getTrustContext().getProofKey() == null) {
                keyAlgo = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            }
        }
        ExcC14NParameterSpec excC14NParameterSpec = null;
        if ("http://www.w3.org/2001/10/xml-exc-c14n#".equalsIgnoreCase(canonicalizationAlgorithm)) {
            excC14NParameterSpec = (featureBinding.isBSP() || !disableInclusivePrefix) ? new ExcC14NParameterSpec(getInclusiveNamespacePrefixes(securableSoapMessage.findSecurityHeader(), false)) : null;
        }
        return signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod(canonicalizationAlgorithm, excC14NParameterSpec), signatureFactory.newSignatureMethod(keyAlgo, (SignatureMethodParameterSpec) null), generateReferenceList(targetBindings, signatureFactory, securableSoapMessage, filterProcessingContext, false, featureBinding.isEndorsingSignature()), (String) null);
    }

    public static List getInclusiveNamespacePrefixes(Element element, boolean z) {
        ArrayList arrayList = new ArrayList();
        Node node = element;
        while (true) {
            Node node2 = node;
            if (node2 instanceof Document) {
                return arrayList;
            }
            NamedNodeMap attributes = node2.getAttributes();
            for (int i = 0; i < attributes.getLength(); i++) {
                Node item = attributes.item(i);
                if (item.getNamespaceURI() != null && item.getNamespaceURI().equals("http://www.w3.org/2000/xmlns/")) {
                    arrayList.add(item.getLocalName());
                }
            }
            node = node2.getParentNode();
        }
    }

    public static List getReferenceNamespacePrefixes(Node node) {
        ArrayList arrayList = new ArrayList();
        traverseSubtree(node, arrayList);
        return arrayList;
    }

    private static void traverseSubtree(Node node, List list) {
        SOAPElement sOAPElement = (SOAPElement) node;
        Iterator visibleNamespacePrefixes = sOAPElement.getVisibleNamespacePrefixes();
        while (visibleNamespacePrefixes.hasNext()) {
            String str = (String) visibleNamespacePrefixes.next();
            if (!list.contains(str)) {
                list.add(str);
            }
        }
        Iterator childElements = sOAPElement.getChildElements();
        while (childElements.hasNext()) {
            Node node2 = (Node) childElements.next();
            if (!(node2 instanceof Text)) {
                traverseSubtree(node2, list);
            }
        }
    }

    public List generateReferenceList(List list, SecurableSoapMessage securableSoapMessage, FilterProcessingContext filterProcessingContext, boolean z, boolean z2) throws PolicyGenerationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, XWSSecurityException {
        return generateReferenceList(list, getSignatureFactory(), securableSoapMessage, filterProcessingContext, z, z2);
    }

    private List generateReferenceList(List list, XMLSignatureFactory xMLSignatureFactory, SecurableSoapMessage securableSoapMessage, FilterProcessingContext filterProcessingContext, boolean z, boolean z2) throws PolicyGenerationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, XWSSecurityException {
        NodeList nodeList;
        String str;
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) ((SignaturePolicy) filterProcessingContext.getSecurityPolicy()).getFeatureBinding();
        ListIterator listIterator = list.listIterator();
        ArrayList arrayList = new ArrayList();
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, "Number of Targets is" + list.size());
        }
        while (listIterator.hasNext()) {
            SignatureTarget signatureTarget = (SignatureTarget) listIterator.next();
            String digestAlgorithm = signatureTarget.getDigestAlgorithm();
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, "Digest Algorithm is " + digestAlgorithm);
                logger.log(Level.FINEST, "Targets is" + signatureTarget.getValue());
            }
            try {
                DigestMethod newDigestMethod = xMLSignatureFactory.newDigestMethod(digestAlgorithm, (DigestMethodParameterSpec) null);
                boolean z3 = false;
                ListIterator listIterator2 = signatureTarget.getTransforms().listIterator();
                ArrayList arrayList2 = new ArrayList(2);
                boolean z4 = false;
                while (listIterator2.hasNext()) {
                    SignatureTarget.Transform transform = (SignatureTarget.Transform) listIterator2.next();
                    String transform2 = transform.getTransform();
                    Transform transform3 = null;
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.log(Level.FINEST, "Transform Algorithm is " + transform2);
                    }
                    if (transform2 == "http://www.w3.org/TR/1999/REC-xpath-19991116" || transform2.equals("http://www.w3.org/TR/1999/REC-xpath-19991116")) {
                        TransformParameterSpec algorithmParameters = transform.getAlgorithmParameters();
                        if (algorithmParameters == null) {
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1367_ILLEGAL_XPATH());
                            throw new XWSSecurityException("XPATH parameters cannot be null");
                        }
                        transform3 = xMLSignatureFactory.newTransform(transform2, algorithmParameters);
                    } else if (transform2 == "http://www.w3.org/2002/06/xmldsig-filter2" || transform2.equals("http://www.w3.org/2002/06/xmldsig-filter2")) {
                        transform3 = xMLSignatureFactory.newTransform(transform2, transform.getAlgorithmParameters());
                    } else if (transform2 == MessageConstants.STR_TRANSFORM_URI || transform2.equals(MessageConstants.STR_TRANSFORM_URI)) {
                        Parameter parameter = (Parameter) transform.getAlgorithmParameters();
                        String paramValue = parameter.getParamName().equals("CanonicalizationMethod") ? parameter.getParamValue() : null;
                        if (paramValue == null) {
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1368_ILLEGAL_STR_CANONCALIZATION());
                            throw new XWSSecurityException("STR Transform must have acanonicalization method specified");
                        }
                        if (logger.isLoggable(Level.FINEST)) {
                            logger.log(Level.FINEST, "CanonicalizationMethod is " + paramValue);
                        }
                        try {
                            Document newDocument = WSITXMLFactory.createDocumentBuilderFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING).newDocumentBuilder().newDocument();
                            Element createElementNS = newDocument.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:TransformationParameters");
                            Element createElementNS2 = newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod");
                            createElementNS.appendChild(createElementNS2);
                            createElementNS2.setAttribute("Algorithm", paramValue);
                            newDocument.appendChild(createElementNS);
                            transform3 = xMLSignatureFactory.newTransform(transform2, new DOMStructure(createElementNS));
                        } catch (Exception e) {
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1300_DSIG_TRANSFORM_PARAM_ERROR(), (Throwable) e);
                            throw new XWSSecurityException(e.getMessage());
                        }
                    } else if ("http://www.w3.org/2001/10/xml-exc-c14n#".equalsIgnoreCase(transform2)) {
                        z3 = true;
                        z4 = transform.getDisableInclusivePrefix();
                    } else {
                        transform3 = xMLSignatureFactory.newTransform(transform2, (TransformParameterSpec) null);
                    }
                    if (!"http://www.w3.org/2001/10/xml-exc-c14n#".equalsIgnoreCase(transform2)) {
                        arrayList2.add(transform3);
                    }
                }
                String str2 = "";
                String type = signatureTarget.getType();
                SOAPMessage sOAPMessage = securableSoapMessage.getSOAPMessage();
                boolean isSOAPHeadersOnly = signatureTarget.isSOAPHeadersOnly();
                if (type.equals("qname") || type.equals("xpath")) {
                    if (type == "qname") {
                        String value = signatureTarget.getValue();
                        if (filterProcessingContext.getConfigType() == 1 || filterProcessingContext.getConfigType() == 2) {
                        }
                        if (value.equals(Target.BODY)) {
                            try {
                                final SOAPBody sOAPBody = sOAPMessage.getSOAPBody();
                                nodeList = new NodeList() { // from class: com.sun.xml.wss.impl.dsig.WSSPolicyConsumerImpl.2
                                    Node node;

                                    {
                                        this.node = sOAPBody;
                                    }

                                    @Override // org.w3c.dom.NodeList
                                    public int getLength() {
                                        return this.node == null ? 0 : 1;
                                    }

                                    @Override // org.w3c.dom.NodeList
                                    public Node item(int i) {
                                        if (i == 0) {
                                            return this.node;
                                        }
                                        return null;
                                    }
                                };
                            } catch (SOAPException e2) {
                                logger.log(Level.SEVERE, LogStringsMessages.WSS_1369_UNABLE_GET_SIGNATURE_TARGET_BY_URI());
                                throw new XWSSecurityException("SignatureTarget with URI " + value + " is not in the message");
                            }
                        } else {
                            QName valueOf = QName.valueOf(value);
                            if (isSOAPHeadersOnly) {
                                try {
                                    nodeList = new NodeListImpl();
                                    NodeList childNodes = sOAPMessage.getSOAPHeader().getChildNodes();
                                    for (int i = 0; i < childNodes.getLength(); i++) {
                                        Node item = childNodes.item(i);
                                        if (item.getNodeType() == 1) {
                                            if ("".equals(valueOf.getNamespaceURI())) {
                                                if (valueOf.getLocalPart().equals(item.getLocalName())) {
                                                    ((NodeListImpl) nodeList).add(item);
                                                }
                                            } else if (valueOf.getNamespaceURI().equals("http://schemas.xmlsoap.org/ws/2004/08/addressing") || valueOf.getNamespaceURI().equals("http://www.w3.org/2005/08/addressing")) {
                                                if (item.getNamespaceURI().equals("http://schemas.xmlsoap.org/ws/2004/08/addressing") || item.getNamespaceURI().equals("http://www.w3.org/2005/08/addressing")) {
                                                    if ("".equals(valueOf.getLocalPart())) {
                                                        ((NodeListImpl) nodeList).add(item);
                                                    } else if (valueOf.getLocalPart().equals(item.getLocalName())) {
                                                        ((NodeListImpl) nodeList).add(item);
                                                    }
                                                }
                                            } else if ("".equals(valueOf.getLocalPart())) {
                                                if (valueOf.getNamespaceURI().equals(item.getNamespaceURI())) {
                                                    ((NodeListImpl) nodeList).add(item);
                                                }
                                            } else if (valueOf.getNamespaceURI().equals(item.getNamespaceURI()) && valueOf.getLocalPart().equals(item.getLocalName())) {
                                                ((NodeListImpl) nodeList).add(item);
                                            }
                                        }
                                    }
                                } catch (SOAPException e3) {
                                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1370_FAILED_PROCESS_HEADER());
                                    throw new XWSSecurityException((Throwable) e3);
                                }
                            } else {
                                nodeList = "".equals(valueOf.getNamespaceURI()) ? sOAPMessage.getSOAPPart().getElementsByTagName(valueOf.getLocalPart()) : !"".equals(valueOf.getLocalPart()) ? sOAPMessage.getSOAPPart().getElementsByTagNameNS(valueOf.getNamespaceURI(), valueOf.getLocalPart()) : sOAPMessage.getSOAPPart().getElementsByTagNameNS(valueOf.getNamespaceURI(), Marker.ANY_MARKER);
                            }
                        }
                    } else {
                        String value2 = signatureTarget.getValue();
                        try {
                            XPath newXPath = WSITXMLFactory.createXPathFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING).newXPath();
                            newXPath.setNamespaceContext(securableSoapMessage.getNamespaceContext());
                            XPathExpression compile = newXPath.compile(value2);
                            if (logger.isLoggable(Level.FINEST)) {
                                logger.log(Level.FINEST, "++++++++++++++++++++++++++++++");
                                logger.log(Level.FINEST, "Expr is " + value2);
                                printDocument(securableSoapMessage.getSOAPPart());
                            }
                            nodeList = (NodeList) compile.evaluate(securableSoapMessage.getSOAPPart(), XPathConstants.NODESET);
                        } catch (XPathExpressionException e4) {
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1371_FAILED_RESOLVE_X_PATH() + value2, (Throwable) e4);
                            throw new XWSSecurityException(e4);
                        }
                    }
                    int i2 = 0;
                    if (nodeList != null && nodeList.getLength() > 0) {
                        if (logger.isLoggable(Level.FINEST)) {
                            logger.log(Level.FINEST, "Number of nodes " + nodeList.getLength());
                            logger.log(Level.FINEST, "+++++++++++++++END+++++++++++++++");
                        }
                        HashMap elementCache = filterProcessingContext != null ? filterProcessingContext.getElementCache() : null;
                        while (i2 < nodeList.getLength()) {
                            if (logger.isLoggable(Level.FINEST)) {
                                logger.log(Level.FINEST, "Nodes is " + nodeList.item(i2));
                            }
                            int i3 = i2;
                            i2++;
                            Node item2 = nodeList.item(i3);
                            if (item2.getNodeType() != 1) {
                                logger.log(Level.SEVERE, LogStringsMessages.WSS_1371_FAILED_RESOLVE_X_PATH());
                                throw new XWSSecurityException("XPath does not correspond to a DOM Element");
                            }
                            ArrayList arrayList3 = (ArrayList) arrayList2.clone();
                            if (z3) {
                                arrayList3.add(xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", ((featureBinding != null && featureBinding.isBSP()) || !z4) ? new ExcC14NParameterSpec(getReferenceNamespacePrefixes(item2)) : null));
                            }
                            boolean z5 = false;
                            String attributeNS = ((Element) item2).getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                            if ((attributeNS == null || attributeNS.equals("")) && (item2.getNamespaceURI() == "http://www.w3.org/2000/09/xmldsig#" || item2.getNamespaceURI() == "http://www.w3.org/2001/04/xmlenc#")) {
                                z5 = true;
                                attributeNS = ((Element) item2).getAttribute("Id");
                            }
                            if (attributeNS == null || attributeNS.equals("")) {
                                attributeNS = securableSoapMessage.generateId();
                                if (z) {
                                    elementCache.put(attributeNS, item2);
                                } else if (z5) {
                                    XMLUtil.setIdAttr((Element) item2, attributeNS);
                                } else {
                                    XMLUtil.setWsuIdAttr((Element) item2, attributeNS);
                                }
                            }
                            if (logger.isLoggable(Level.FINEST)) {
                                logger.log(Level.FINEST, "SignedInfo val id " + attributeNS);
                            }
                            String str3 = "#" + attributeNS;
                            byte[] digestValue = filterProcessingContext.getDigestValue();
                            arrayList.add((z || digestValue == null) ? xMLSignatureFactory.newReference(str3, newDigestMethod, arrayList3, (String) null, (String) null) : xMLSignatureFactory.newReference(str3, newDigestMethod, arrayList3, (String) null, (String) null, digestValue));
                        }
                    } else if (signatureTarget.getEnforce()) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1369_UNABLE_GET_SIGNATURE_TARGET_BY_URI());
                        throw new XWSSecurityException("SignatureTarget with URI " + signatureTarget.getValue() + " is not in the message");
                    }
                } else {
                    if (type == "uri") {
                        str2 = signatureTarget.getValue();
                        if (str2 == null) {
                            str2 = "";
                        }
                        if (str2 == MessageConstants.PROCESS_ALL_ATTACHMENTS) {
                            Iterator attachments = securableSoapMessage.getAttachments();
                            if (!attachments.hasNext()) {
                                logger.log(Level.SEVERE, LogStringsMessages.WSS_1372_NO_ATTACHMENT_FOUND());
                                throw new XWSSecurityException("No attachment present in the message");
                            }
                            while (attachments.hasNext()) {
                                String contentId = ((AttachmentPart) attachments.next()).getContentId();
                                if (contentId.charAt(0) == '<' && contentId.charAt(contentId.length() - 1) == '>') {
                                    int lastIndexOf = contentId.lastIndexOf(62);
                                    int indexOf = contentId.indexOf(60);
                                    if (lastIndexOf < indexOf || lastIndexOf == indexOf) {
                                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1303_CID_ERROR());
                                    }
                                    str = "cid:" + contentId.substring(indexOf + 1, lastIndexOf);
                                } else {
                                    str = "cid:" + contentId;
                                }
                                arrayList.add(xMLSignatureFactory.newReference(str, newDigestMethod, arrayList2, (String) null, (String) null));
                            }
                        } else {
                            if (z3) {
                                SOAPElement sOAPElement = null;
                                if (featureBinding != null && featureBinding.isBSP()) {
                                    String str4 = str2;
                                    if (str2.length() > 0 && str2.charAt(0) == '#') {
                                        str4 = str2.substring(1);
                                    }
                                    sOAPElement = securableSoapMessage.getElementById(str4);
                                }
                                ExcC14NParameterSpec excC14NParameterSpec = null;
                                if (sOAPElement != null && !z4) {
                                    excC14NParameterSpec = new ExcC14NParameterSpec(getReferenceNamespacePrefixes(sOAPElement));
                                }
                                arrayList2.add(xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", excC14NParameterSpec));
                            }
                            if (str2.equals(Target.ALL_MESSAGE_HEADERS)) {
                                SOAPHeader sOAPHeader = null;
                                try {
                                    sOAPHeader = securableSoapMessage.getSOAPHeader();
                                } catch (SOAPException e5) {
                                    e5.printStackTrace();
                                }
                                NodeList childNodes2 = sOAPHeader.getChildNodes();
                                for (int i4 = 0; i4 < childNodes2.getLength(); i4++) {
                                    if (childNodes2.item(i4).getNodeType() == 1) {
                                        Element element = (Element) childNodes2.item(i4);
                                        if (!MessageConstants.WSSE_SECURITY_LNAME.equals(element.getLocalName()) || !"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(element.getNamespaceURI())) {
                                            arrayList.add(xMLSignatureFactory.newReference("#" + generateReferenceID(element, securableSoapMessage), newDigestMethod, arrayList2, (String) null, (String) null));
                                        }
                                    }
                                }
                            }
                        }
                    }
                    byte[] digestValue2 = filterProcessingContext.getDigestValue();
                    arrayList.add((z || digestValue2 == null) ? xMLSignatureFactory.newReference(str2, newDigestMethod, arrayList2, (String) null, (String) null) : xMLSignatureFactory.newReference(str2, newDigestMethod, arrayList2, (String) null, (String) null, digestValue2));
                }
            } catch (Exception e6) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1301_INVALID_DIGEST_ALGO(digestAlgorithm), (Throwable) e6);
                throw new XWSSecurityException(e6.getMessage());
            }
        }
        if (arrayList.isEmpty() && logger.isLoggable(Level.WARNING)) {
            logger.log(Level.WARNING, LogStringsMessages.WSS_1375_NO_SIGNEDPARTS());
        }
        return arrayList;
    }

    private String generateReferenceID(Element element, SecurableSoapMessage securableSoapMessage) {
        String attributeNS = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
        if (attributeNS == null || attributeNS.equals("")) {
            try {
                attributeNS = securableSoapMessage.generateId();
            } catch (XWSSecurityException e) {
                e.printStackTrace();
            }
            XMLUtil.setWsuIdAttr(element, attributeNS);
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "Element wsu:id attribute is: " + attributeNS);
        }
        return attributeNS;
    }

    public URIDereferencer getDefaultResolver() {
        if (this.externalURIResolver == null) {
            this.externalURIResolver = getSignatureFactory().getURIDereferencer();
        }
        return this.externalURIResolver;
    }

    public static void printDocument(Node node) {
        try {
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, Indentation.NORMAL_END_OF_LINE);
            }
            Transformer newTransformer = WSITXMLFactory.createTransformerFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING).newTransformer();
            newTransformer.setOutputProperty("indent", "yes");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            newTransformer.transform(new DOMSource(node), new StreamResult(byteArrayOutputStream));
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, new String(byteArray));
                logger.log(Level.FINEST, Indentation.NORMAL_END_OF_LINE);
            }
        } catch (Exception e) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1374_FAILEDTO_PRINT_DOCUMENT(), (Throwable) e);
            throw new RuntimeException(e);
        }
    }
}
