package com.ibm.ws.wssecurity.saml.security.impl;

import com.ibm.icu.text.PluralRules;
import com.ibm.ws.wssecurity.dsig.WSSSignatureContext;
import com.ibm.ws.wssecurity.saml.common.util.IdUtils;
import com.ibm.ws.wssecurity.saml.security.EnvelopedSignatureAssertion;
import com.ibm.ws.wssecurity.util.CommonLogUtils;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.KeyStoreManager;
import com.ibm.ws.wssecurity.xml.xss4j.AlgorithmFactoryExt;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.Reference;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.ResourceShower;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.TemplateGenerator;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import java.io.ByteArrayInputStream;
import java.security.Key;
import org.apache.axiom.om.OMDocument;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/saml/security/impl/EnvelopedSignatureAssertionImpl.class */
public class EnvelopedSignatureAssertionImpl implements EnvelopedSignatureAssertion {
    private static final String comp = "security.wssecurity";
    private static final String DIGEST_METHOD = "http://www.w3.org/2000/09/xmldsig#sha1";
    private static final String TRANSFORM_METHOD = "http://www.w3.org/2001/10/xml-exc-c14n#";
    private static final String CANONICALIZER = "http://www.w3.org/2001/10/xml-exc-c14n#";
    private static final String SIGNATURE_METHOD = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    private static final String SIGNATURE_NS = "http://www.w3.org/2000/09/xmldsig#";
    private static final String DIGEST_METHOD_SHA2 = "http://www.w3.org/2001/04/xmlenc#sha512";
    private static final String SIGNATURE_METHOD_SHA2 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
    private static final String SIGNATURE_PREFIX = "ds";
    private static final String KEYINFO = "KeyInfo";
    private KeyStoreManager.KeyInformation keyInformation;
    private OMElement unsignedOM;
    private OMElement signatureOM;
    private String id;
    private RequesterConfig requesterData;
    private String keyInfoType;
    private boolean isUsingSha2;
    private static final TraceComponent tc = Tr.register(EnvelopedSignatureAssertionImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String ENVELOPED_SIGN = "http://www.w3.org/2000/09/xmldsig#enveloped-signature".intern();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/saml/security/impl/EnvelopedSignatureAssertionImpl$ShowerImpl.class */
    public static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        @Override // com.ibm.ws.wssecurity.xml.xss4j.dsig.ResourceShower
        public void showSignedResource(OMElement oMElement, int i, String str, String str2, byte[] bArr, String str3) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            if (i < 0) {
                Tr.debug(EnvelopedSignatureAssertionImpl.tc, "ResourceShower logs verify-SignedInfo: ");
                CommonLogUtils.logDebug(byteArrayInputStream, str3, EnvelopedSignatureAssertionImpl.tc);
            } else if (str == null || str.length() == 0) {
                Tr.debug(EnvelopedSignatureAssertionImpl.tc, "ResourceShower logs verify-resource_" + i + PluralRules.KEYWORD_RULE_SEPARATOR);
                CommonLogUtils.logDebug(byteArrayInputStream, str3, EnvelopedSignatureAssertionImpl.tc);
            } else {
                Tr.debug(EnvelopedSignatureAssertionImpl.tc, "ResourceShower logs verify-" + str + PluralRules.KEYWORD_RULE_SEPARATOR);
                CommonLogUtils.logDebug(byteArrayInputStream, str3, EnvelopedSignatureAssertionImpl.tc);
            }
            try {
                byteArrayInputStream.close();
            } catch (Exception e) {
                Tr.debug(EnvelopedSignatureAssertionImpl.tc, "Caugh exception closing input stream: e=" + e.getMessage());
            }
        }

        @Override // com.ibm.ws.wssecurity.xml.xss4j.dsig.ResourceShower
        public void showSignedResource(OMElement oMElement, int i, String str, String str2, byte[] bArr, int i2, int i3, String str3) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr, i2, i3);
            if (i < 0) {
                Tr.debug(EnvelopedSignatureAssertionImpl.tc, "ResourceShower logs verify-SignedInfo: ");
                CommonLogUtils.logDebug(byteArrayInputStream, str3, EnvelopedSignatureAssertionImpl.tc);
            } else if (str == null || str.length() == 0) {
                Tr.debug(EnvelopedSignatureAssertionImpl.tc, "ResourceShower logs verify-resource_" + i + PluralRules.KEYWORD_RULE_SEPARATOR);
                CommonLogUtils.logDebug(byteArrayInputStream, str3, EnvelopedSignatureAssertionImpl.tc);
            } else {
                Tr.debug(EnvelopedSignatureAssertionImpl.tc, "ResourceShower logs verify-" + str + PluralRules.KEYWORD_RULE_SEPARATOR);
                CommonLogUtils.logDebug(byteArrayInputStream, str3, EnvelopedSignatureAssertionImpl.tc);
            }
            try {
                byteArrayInputStream.close();
            } catch (Exception e) {
                Tr.debug(EnvelopedSignatureAssertionImpl.tc, "Caugh exception closing input stream: e=" + e.getMessage());
            }
        }

        static /* synthetic */ ShowerImpl access$000() {
            return getInstance();
        }
    }

    public EnvelopedSignatureAssertionImpl() {
        this.keyInformation = null;
        this.unsignedOM = null;
        this.signatureOM = null;
        this.id = null;
        this.requesterData = null;
        this.keyInfoType = null;
        this.isUsingSha2 = false;
    }

    public EnvelopedSignatureAssertionImpl(RequesterConfig requesterConfig, KeyStoreManager.KeyInformation keyInformation, OMElement oMElement, String str) {
        this.keyInformation = null;
        this.unsignedOM = null;
        this.signatureOM = null;
        this.id = null;
        this.requesterData = null;
        this.keyInfoType = null;
        this.isUsingSha2 = false;
        this.keyInformation = keyInformation;
        this.id = str;
        this.unsignedOM = oMElement;
        this.requesterData = requesterConfig;
        this.keyInfoType = this.requesterData.getSignatureKeyInfoType();
        this.isUsingSha2 = this.requesterData.useSha2ForSignature();
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement marshal(OMElement oMElement) {
        if (this.signatureOM != null) {
            return this.signatureOM;
        }
        try {
            return createSignatureElement(this.keyInformation, this.unsignedOM, this.id, this.keyInfoType);
        } catch (Exception e) {
            return null;
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void unMarshal(OMElement oMElement) {
    }

    public OMElement createSignatureElement(KeyStoreManager.KeyInformation keyInformation, OMElement oMElement, String str, String str2) throws SoapSecurityException {
        OMFactory oMFactory = oMElement.getOMFactory();
        TemplateGenerator templateGenerator = this.isUsingSha2 ? new TemplateGenerator(oMFactory, null, "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") : new TemplateGenerator(oMFactory, null, "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        templateGenerator.setPrefix("ds");
        Reference createReference = templateGenerator.createReference("#" + str);
        if (this.isUsingSha2) {
            createReference.setDigestMethod("http://www.w3.org/2001/04/xmlenc#sha512");
        } else {
            createReference.setDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1");
        }
        createReference.addTransform(ENVELOPED_SIGN);
        createReference.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
        templateGenerator.addReference(createReference);
        AlgorithmFactoryExt algorithmFactoryExt = AlgorithmFactoryExt.getInstance();
        try {
            OMElement signatureElement = templateGenerator.getSignatureElement(algorithmFactoryExt);
            OMElement createOMElement = oMFactory.createOMElement("KeyInfo", "http://www.w3.org/2000/09/xmldsig#", "ds");
            createOMElement.addChild(KeyInfoUtil.createKeyInfoContent(str2, null, keyInformation, null));
            signatureElement.addChild(createOMElement);
            oMElement.addChild(signatureElement);
            Key privateOrSecretKey = keyInformation.getPrivateOrSecretKey();
            WSSSignatureContext wSSSignatureContext = new WSSSignatureContext();
            wSSSignatureContext.setAlgorithmFactory(algorithmFactoryExt);
            wSSSignatureContext.setIDResolver(IdUtils.getInstance());
            OMDocument createDocument = DOMUtils.createDocument();
            createDocument.addChild(oMElement);
            wSSSignatureContext.setDocument(createDocument);
            wSSSignatureContext.setResourceShower(ShowerImpl.access$000());
            try {
                OMElement sign = wSSSignatureContext.sign(signatureElement, privateOrSecretKey);
                this.signatureOM = sign;
                return sign;
            } catch (Exception e) {
                throw new SoapSecurityException(e.getCause());
            }
        } catch (Exception e2) {
            throw new SoapSecurityException(e2.getCause());
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.security.EnvelopedSignatureAssertion
    public String getDigestAlgorithm() {
        return null;
    }

    @Override // com.ibm.ws.wssecurity.saml.security.EnvelopedSignatureAssertion
    public String getSignatureAlgorithm() {
        return null;
    }

    @Override // com.ibm.ws.wssecurity.saml.security.EnvelopedSignatureAssertion
    public String getKeyValueType() {
        return null;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement getXML() {
        if (this.signatureOM == null) {
            this.signatureOM = marshal(null);
        }
        return this.signatureOM;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void create() throws SoapSecurityException {
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public boolean validate() throws SoapSecurityException {
        return true;
    }
}
