package com.ibm.pvcws.wss.util;

import com.ibm.pvcws.jaxp.util.Attribute;
import com.ibm.pvcws.jaxp.util.Logger;
import com.ibm.pvcws.jaxrpc.msg.Elem;
import com.ibm.pvcws.jaxrpc.msg.ExcC14N;
import com.ibm.pvcws.jaxrpc.msg.Message;
import com.ibm.pvcws.wss.KeyStoreSupport;
import com.ibm.pvcws.wss.WSSBasicHandler;
import com.ibm.pvcws.wss.WSSConstants;
import com.ibm.pvcws.wss.WSSException;
import com.ibm.pvcws.wss.WSSKey;
import com.ibm.pvcws.wss.WSSReceiver;
import com.ibm.pvcws.wss.dsig.DigestHandler;
import com.ibm.pvcws.wss.dsig.SignatureHandler;
import com.ibm.pvcws.wss.handler.ReceiverSetter;
import com.ibm.pvcws.wss.handler.STAnalyzer;
import com.ibm.pvcws.wss.param.PartParameter;
import com.ibm.pvcws.wss.param.SecurityParameter;
import java.io.UnsupportedEncodingException;
import java.util.Enumeration;
import javax.xml.namespace.QName;
import org.xml.sax.SAXException;

/* loaded from: input_file:fixed/technologies/eswe/files/webservices/WS-Security.jar:com/ibm/pvcws/wss/util/SignatureRecImpl.class */
public class SignatureRecImpl implements WSSReceiver, STAnalyzer {
    private final WSSConstants _constants;
    private final WSSFactory _factory;
    private SignatureParamImpl _sp;
    private Elem _envelope;
    private Elem _signature;
    private Elem _sinfo;
    private SecurityParameter _secp;

    static String copyright() {
        return Copyright.IBM_COPYRIGHT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SignatureRecImpl(WSSFactory wSSFactory) {
        this._factory = wSSFactory;
        this._constants = wSSFactory.getConstants();
        clear();
    }

    @Override // com.ibm.pvcws.wss.WSSReceiver
    public QName getBaseQName() {
        return WSSConstants.QNAME_SIGNATURE;
    }

    @Override // com.ibm.pvcws.wss.WSSReceiver
    public void clear() {
        if (this._sp == null) {
            this._sp = new SignatureParamImpl(this._constants);
        } else {
            this._sp.clear();
        }
        this._envelope = null;
        this._signature = null;
        this._sinfo = null;
        this._secp = null;
    }

    @Override // com.ibm.pvcws.wss.handler.STAnalyzer
    public void prepend(SecurityParameter securityParameter) throws WSSException {
        if (securityParameter == null) {
            throw new WSSException("FaultCode:221, null is not allowed to the parameter.");
        }
        this._secp = securityParameter;
    }

    @Override // com.ibm.pvcws.wss.WSSReceiver
    public void prepend(Elem elem) throws WSSException {
        if (elem == null) {
            throw new WSSException("FaultCode:221, null is not allowed to the parameter.");
        }
        if (elem.getQName().equals(Message.envelopeName)) {
            this._envelope = elem;
        } else {
            if (!elem.getQName().equals(WSSConstants.QNAME_SIGNATURE)) {
                throw new WSSException(new StringBuffer().append("FaultCode:221, unexpected element [").append(elem.getQName()).append("].").toString());
            }
            this._signature = elem;
        }
    }

    @Override // com.ibm.pvcws.wss.WSSReceiver
    public void commit() throws WSSException {
        if (this._signature == null) {
            throw new WSSException("FaultCode:221, the signature in response SOAP message is not set.");
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        Enumeration children = this._signature.getChildren();
        if (children == null) {
            throw new WSSException("FaultCode:221, no child element in Signature element.");
        }
        while (children.hasMoreElements()) {
            Elem elem = (Elem) children.nextElement();
            QName qName = elem.getQName();
            if (qName != null) {
                if (qName.equals(WSSConstants.QNAME_SIGNED_INFO)) {
                    if (z) {
                        throw new WSSException("FaultCode:221, too many SignedInfo element.");
                    }
                    this._sinfo = elem;
                    procSignedInfo(elem);
                    z = true;
                } else if (qName.equals(WSSConstants.QNAME_SIG_VALUE)) {
                    if (z2) {
                        throw new WSSException("FaultCode:221, too many SignatureValue element.");
                    }
                    procSignatureValue(elem);
                    z2 = true;
                } else {
                    if (!qName.equals(WSSConstants.QNAME_KEY_INFO)) {
                        throw new WSSException(new StringBuffer().append("FaultCode:221, unexpected element [").append(qName).append("] in the signature element.").toString());
                    }
                    if (z3) {
                        throw new WSSException("FaultCode:221, too many KeyInfo element.");
                    }
                    procKeyInfo(elem);
                    z3 = true;
                }
            }
        }
        if (!this._sp.isValid()) {
            throw new WSSException("FaultCode:221, the signature element in response SOAP message is not correct.");
        }
        verify();
    }

    private void procSignedInfo(Elem elem) throws WSSException {
        boolean z = false;
        boolean z2 = false;
        Enumeration children = elem.getChildren();
        if (children == null) {
            throw new WSSException("FaultCode:221, no child element in SignedInfo element.");
        }
        while (children.hasMoreElements()) {
            Elem elem2 = (Elem) children.nextElement();
            QName qName = elem2.getQName();
            if (qName != null) {
                if (qName.equals(WSSConstants.QNAME_C14N_METHOD)) {
                    if (z) {
                        throw new WSSException("FaultCode:221, too many CanonicalizationMethod element.");
                    }
                    procC14nMethod(elem2);
                    z = true;
                } else if (qName.equals(WSSConstants.QNAME_SIG_METHOD)) {
                    if (z2) {
                        throw new WSSException("FaultCode:221, too many SignatureMethod element.");
                    }
                    procSigMethod(elem2);
                    z2 = true;
                } else {
                    if (!qName.equals(WSSConstants.QNAME_DS_REFERENCE)) {
                        throw new WSSException(new StringBuffer().append("FaultCode:221, unexpected element [").append(qName).append("] in the SignedInfo element.").toString());
                    }
                    procReference(elem2);
                }
            }
        }
    }

    private void procC14nMethod(Elem elem) throws WSSException {
        Attribute attribute = elem.getAttribute(WSSConstants.ATTR_ALGORITHM);
        if (attribute == null) {
            throw new WSSException("FaultCode:221, no algorithm attribute in the CanonicalizationMethod element.");
        }
        if (elem.getNbrChildren(true) > 0) {
            throw new WSSException("FaultCode:221, chile element exists in the CanonicalizationMethod element.");
        }
        if (!attribute.value.equals(WSSConstants.URI_EXC_C14N)) {
            throw new WSSException(new StringBuffer().append("FaultCode:221, unsupported algorithm [").append(attribute.value).append("] in the CanonicalizationMethod element.").toString());
        }
    }

    private void procSigMethod(Elem elem) throws WSSException {
        Attribute attribute = elem.getAttribute(WSSConstants.ATTR_ALGORITHM);
        if (attribute == null) {
            throw new WSSException("FaultCode:221, no algorithm attribute in the SignatureMethod element.");
        }
        if (elem.getNbrChildren(true) > 0) {
            throw new WSSException("FaultCode:221, chile element exists in the SignatureMethod element.");
        }
        if (!attribute.value.equals("http://www.w3.org/2000/09/xmldsig#dsa-sha1") && !attribute.value.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1") && !attribute.value.equals(WSSConstants.URI_DSIG_HMAC_SHA1)) {
            throw new WSSException(new StringBuffer().append("FaultCode:221, unsupported algorithm as signature [").append(attribute.value).append("].").toString());
        }
        WSSBasicHandler basicHandler = this._factory.getBasicHandler(attribute.value);
        if (basicHandler == null || !(basicHandler instanceof SignatureHandler)) {
            throw new WSSException(new StringBuffer().append("FaultCode:221, not registered basic signature handler for [").append(attribute.value).append("].").toString());
        }
        this._sp.setHandler((SignatureHandler) basicHandler);
    }

    private void procReference(Elem elem) throws WSSException {
        Attribute attribute = elem.getAttribute(WSSConstants.ATTR_URI);
        if (attribute == null) {
            throw new WSSException("FaultCode:221, no URI attribute in the Reference element.");
        }
        PartParameter addID = this._sp.addID(null, this._constants.ATTR_WSUID, attribute.value.substring(1));
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        Enumeration children = elem.getChildren();
        if (children == null) {
            throw new WSSException("FaultCode:221, no child element in Reference element.");
        }
        while (children.hasMoreElements()) {
            Elem elem2 = (Elem) children.nextElement();
            QName qName = elem2.getQName();
            if (qName != null) {
                if (qName.equals(WSSConstants.QNAME_TRANSFORMS)) {
                    if (z) {
                        throw new WSSException("FaultCode:221, too many Transforms element.");
                    }
                    procTransforms(elem2, addID);
                    z = true;
                } else if (qName.equals(WSSConstants.QNAME_DIG_METHOD)) {
                    if (z2) {
                        throw new WSSException("FaultCode:221, too many DigesteMethod element.");
                    }
                    procDigMethod(elem2, addID);
                    z2 = true;
                } else {
                    if (!qName.equals(WSSConstants.QNAME_DIG_VALUE)) {
                        throw new WSSException(new StringBuffer().append("FaultCode:221, unexpected element [").append(qName).append("] in the SignedInfo element.").toString());
                    }
                    if (z3) {
                        throw new WSSException("FaultCode:221, too many DigesteValue element.");
                    }
                    procDigValue(elem2, addID);
                    z3 = true;
                }
            }
        }
    }

    private void procTransforms(Elem elem, PartParameter partParameter) throws WSSException {
        Enumeration children = elem.getChildren();
        if (children == null) {
            throw new WSSException("FaultCode:221, no child element in Transforms element.");
        }
        while (children.hasMoreElements()) {
            Elem elem2 = (Elem) children.nextElement();
            QName qName = elem2.getQName();
            if (qName != null) {
                if (!qName.equals(WSSConstants.QNAME_TRANSFORM)) {
                    throw new WSSException(new StringBuffer().append("FaultCode:221, unexpected element [").append(qName).append("] in the Transforms element.").toString());
                }
                Attribute attribute = elem2.getAttribute(WSSConstants.ATTR_ALGORITHM);
                if (attribute == null) {
                    throw new WSSException("FaultCode:221, no algorithm attribute in the Transform element.");
                }
                if (!attribute.value.equals(WSSConstants.URI_EXC_C14N)) {
                    throw new WSSException(new StringBuffer().append("FaultCode:221, unsupported algorithm [").append(attribute.value).append("] in the Transform element.").toString());
                }
                Enumeration children2 = elem2.getChildren();
                if (children2 != null) {
                    while (children2.hasMoreElements()) {
                        Elem elem3 = (Elem) children2.nextElement();
                        QName qName2 = elem3.getQName();
                        if (qName2 != null) {
                            if (!qName2.equals(WSSConstants.QNAME_INCLUSIVENS)) {
                                throw new WSSException(new StringBuffer().append("FaultCode:221, unexpected element [").append(qName2).append("] in the Transform element.").toString());
                            }
                            Attribute attribute2 = elem3.getAttribute(WSSConstants.ATTR_PREFIX_LIST);
                            if (attribute2 == null) {
                                throw new WSSException("FaultCode:221, no prefix-list attribute in the Transform element.");
                            }
                            partParameter.setInclusiveNamespaces(attribute2.value);
                        }
                    }
                } else {
                    continue;
                }
            }
        }
    }

    private void procDigMethod(Elem elem, PartParameter partParameter) throws WSSException {
        Attribute attribute = elem.getAttribute(WSSConstants.ATTR_ALGORITHM);
        if (attribute == null) {
            throw new WSSException("FaultCode:221, no algorithm attribute in the DigestMethod element.");
        }
        if (elem.getNbrChildren(true) > 0) {
            throw new WSSException("FaultCode:221, chile element exists in the DigestMethod element.");
        }
        if (!attribute.value.equals("http://www.w3.org/2000/09/xmldsig#sha1")) {
            throw new WSSException(new StringBuffer().append("FaultCode:221, unsupported algorithm as digest [").append(attribute.value).append("].").toString());
        }
        WSSBasicHandler basicHandler = this._factory.getBasicHandler(attribute.value);
        if (basicHandler == null || !(basicHandler instanceof DigestHandler)) {
            throw new WSSException(new StringBuffer().append("FaultCode:221, not registered basic digest handler for [").append(attribute.value).append("].").toString());
        }
        partParameter.setHandler(basicHandler);
    }

    private void procDigValue(Elem elem, PartParameter partParameter) throws WSSException {
        partParameter.setByteData(WSSUtils.decode_base64(WSSUtils.eraseSpaces(WSSUtils.getTextValue(elem))));
    }

    private void procSignatureValue(Elem elem) throws WSSException {
        this._sp.setSigValue(WSSUtils.decode_base64(WSSUtils.eraseSpaces(WSSUtils.getTextValue(elem))));
    }

    private void procKeyInfo(Elem elem) throws WSSException {
        WSSReceiver receiver = this._factory.getReceiver(WSSConstants.QNAME_KEY_INFO, null);
        if (receiver == null) {
            throw new WSSException(new StringBuffer().append("FaultCode:221, not registered receiver for [").append(WSSConstants.QNAME_KEY_INFO).append("].").toString());
        }
        if (!(receiver instanceof STAnalyzer)) {
            throw new WSSException(new StringBuffer().append("FaultCode:221, no implementation of STAnalyzer interface [").append(receiver.getClass().getName()).append("].").toString());
        }
        if (!(receiver instanceof ReceiverSetter)) {
            throw new WSSException(new StringBuffer().append("FaultCode:221, no implementation of ReceiverSetter interface [").append(receiver.getClass().getName()).append("].").toString());
        }
        receiver.prepend(elem);
        ((STAnalyzer) receiver).prepend(this._secp);
        ((ReceiverSetter) receiver).prepend(this._sp);
        receiver.commit();
        receiver.clear();
    }

    private void verify() throws WSSException {
        WSSKey key = KeyStoreSupport.getKey(KeyStoreSupport.getCertificate(this._sp.getSecToken().getContent()));
        SignatureHandler handler = this._sp.getHandler();
        if (handler == null) {
            throw new WSSException("FaultCode:270, basic signature handler is null.");
        }
        handler.setKey(key);
        Enumeration references = this._sp.getReferences();
        while (references.hasMoreElements()) {
            PartParameter partParameter = (PartParameter) references.nextElement();
            WSSBasicHandler handler2 = partParameter.getHandler();
            if (handler2 == null || !(handler2 instanceof DigestHandler)) {
                throw new WSSException(new StringBuffer().append("FaultCode:221, not registered basic digest handler for [").append(handler2.getClass().getName()).append("].").toString());
            }
            DigestHandler digestHandler = (DigestHandler) handler2;
            Elem elementById = WSSUtils.getElementById(this._envelope, this._constants.ATTR_WSUID, partParameter.getURI());
            if (elementById == null) {
                throw new WSSException(new StringBuffer().append("FaultCode:221, no element that has the identifier [").append(partParameter.getURI()).append("].").toString());
            }
            try {
                String xMLString = ExcC14N.excC14N(elementById, partParameter.getInclusiveNamespaces()).toXMLString(false, true);
                byte[] bytes = xMLString.getBytes("utf-8");
                byte[] byteData = partParameter.getByteData();
                Logger.log((byte) 7, new StringBuffer().append("verifing the refered element[").append(0).append("].\n").toString());
                Logger.log((byte) 7, new StringBuffer().append("verifing the target=[").append(xMLString).append("].\n").toString());
                if (!digestHandler.verify(bytes, 0, bytes.length, byteData, 0, byteData.length)) {
                    throw new WSSException(new StringBuffer().append("FaultCode:270verify NG: digest value of the refered element[").append(0).append("] is different.").toString());
                }
                Logger.log((byte) 7, new StringBuffer().append("verifing the refered target[").append(0).append("] is OK!\n").toString());
            } catch (UnsupportedEncodingException e) {
                throw new WSSException("FaultCode:270, Unsupported encoding [utf-8].", e);
            } catch (SAXException e2) {
                throw new WSSException("FaultCode:270, XML serialization failed.", e2);
            } catch (Exception e3) {
                throw new WSSException(new StringBuffer().append("FaultCode:240, ").append(e3.getMessage()).toString(), e3);
            }
        }
        try {
            this._sinfo = ExcC14N.excC14N(this._sinfo);
            String xMLString2 = this._sinfo.toXMLString(false, true);
            byte[] bytes2 = xMLString2.getBytes("utf-8");
            byte[] sigValue = this._sp.getSigValue();
            Logger.log((byte) 7, "verifing the SignedInfo element\n.");
            Logger.log((byte) 7, new StringBuffer().append("verifing target=[").append(xMLString2).append("]\n.").toString());
            if (!handler.verify(bytes2, 0, bytes2.length, sigValue, 0, sigValue.length)) {
                throw new WSSException("FaultCode:270, verify NG: signature value is different.");
            }
            Logger.log((byte) 7, "verifing the SignedInfo target is OK!\n");
        } catch (UnsupportedEncodingException e4) {
            throw new WSSException("FaultCode:270, Unsupported encoding [utf-8].", e4);
        } catch (SAXException e5) {
            throw new WSSException("FaultCode:270, XML serialization failed.", e5);
        } catch (Exception e6) {
            throw new WSSException(new StringBuffer().append("FaultCode:270, ").append(e6.getMessage()).toString(), e6);
        }
    }
}
