package com.ibm.ws.webservices.wssecurity.dsig;

import com.ibm.crypto.pkcs11impl.provider.PKCS11Key;
import com.ibm.events.util.CeiString;
import com.ibm.websphere.pmi.reqmetrics.PmiReqMetrics;
import com.ibm.ws.webservices.wssecurity.Constants;
import com.ibm.ws.webservices.wssecurity.WSSAlgorithmFactory;
import com.ibm.ws.webservices.wssecurity.WSSConsumerComponent;
import com.ibm.ws.webservices.wssecurity.config.AlgorithmConfig;
import com.ibm.ws.webservices.wssecurity.config.EncryptionConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.KeyInfoConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.KeyInfoContentConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig;
import com.ibm.ws.webservices.wssecurity.config.SigningReferenceConfig;
import com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig;
import com.ibm.ws.webservices.wssecurity.core.ElementSelector;
import com.ibm.ws.webservices.wssecurity.dsig.VerificationResult;
import com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoConsumer;
import com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoResult;
import com.ibm.ws.webservices.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.webservices.wssecurity.token.TokenManager;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.ws.webservices.wssecurity.util.IdUtil;
import com.ibm.ws.webservices.wssecurity.util.NonceUtil;
import com.ibm.ws.wssecurity.xss4j.dsig.IDResolver;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.ws.wssecurity.xss4j.dsig.ResourceShower;
import com.ibm.ws.wssecurity.xss4j.dsig.Validity;
import com.ibm.ws.wssecurity.xss4j.dsig.util.HWKeyCache;
import com.ibm.ws.wssecurity.xss4j.enc.StructureException;
import com.ibm.ws.wssecurity.xss4j.enc.util.SameDocumentEncryptedKeyRetriever;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.Token;
import com.ibm.wsspi.wssecurity.config.TokenConsumerConfig;
import com.ibm.xml.soap.security.dsig.SOAPSignature;
import com.ibm.xml.soapsec.Result;
import com.ibm.xml.soapsec.ResultPool;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.Key;
import java.security.Provider;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/webservices/wssecurity/dsig/SignatureConsumer.class */
public class SignatureConsumer implements WSSConsumerComponent {
    private static final TraceComponent tc;
    private static final String comp = "security.wssecurity";
    private static final String clsName;
    private IdUtil _idResolver = null;
    private Map _selectors = null;
    private boolean _initialized = false;
    static Class class$com$ibm$ws$webservices$wssecurity$dsig$SignatureConsumer;
    static Class class$com$ibm$ws$webservices$wssecurity$keyinfo$KeyInfoConsumer;
    static Class class$com$ibm$ws$webservices$wssecurity$keyinfo$KeyInfoResult;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/webservices/wssecurity/dsig/SignatureConsumer$ShowerImpl.class */
    public static class ShowerImpl implements ResourceShower {
        private static ShowerImpl _instance = new ShowerImpl();

        private ShowerImpl() {
        }

        private static ShowerImpl getInstance() {
            return _instance;
        }

        public void showSignedResource(Element element, int i, String str, String str2, byte[] bArr, String str3) {
            String str4 = null;
            try {
                str4 = str3 == null ? new String(bArr, "UTF-8") : new String(bArr, str3);
            } catch (Exception e) {
                Tr.debug(SignatureConsumer.tc, new StringBuffer().append("WARNING: An exception occured while the content is encoded with [").append(str3).append("].").toString());
            }
            if (i < 0) {
                Tr.debug(SignatureConsumer.tc, new StringBuffer().append("ResourceShower logs verify-SignedInfo: ").append(str4).toString());
            } else if (str == null || str.length() == 0) {
                Tr.debug(SignatureConsumer.tc, new StringBuffer().append("ResourceShower logs verify-resource_").append(i).append(": ").append(str4).toString());
            } else {
                Tr.debug(SignatureConsumer.tc, new StringBuffer().append("ResourceShower logs verify-").append(str).append(": ").append(str4).toString());
            }
        }

        static ShowerImpl access$000() {
            return getInstance();
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSComponent, com.ibm.wsspi.wssecurity.Initializable
    public void init(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Map map)");
        }
        if (!this._initialized) {
            this._selectors = map;
            this._idResolver = (IdUtil) map.get(ElementSelector.IDRESOLVER);
            this._initialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init(Map map)");
        }
    }

    @Override // com.ibm.ws.webservices.wssecurity.WSSConsumerComponent
    public void invoke(Node node, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("invoke(Node target[").append(DOMUtil.getDisplayName(node)).append("],").append("Map context)").toString());
        }
        if (node == null) {
            throw SoapSecurityException.format("security.wssecurity.SignatureConsumer.s11");
        }
        String namespaceURI = node.getNamespaceURI();
        String localName = node.getLocalName();
        int hashCode = (namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode());
        if (node.getNodeType() != 1 || hashCode != Constants.HASH_DS_SIGNATURE) {
            throw SoapSecurityException.format("security.wssecurity.WSSConsumer.s03", DOMUtil.getQualifiedName(node));
        }
        Element element = (Element) node;
        Object obj = map.get(Constants.WSS_VERSION);
        int i = 0;
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        String str = Constants.NAMESPACES[0][i];
        String str2 = Constants.NAMESPACES[1][i];
        boolean isTrue = ConfigUtil.isTrue((String) map.remove(Constants.COPY_DOMTREE));
        WSSConsumerConfig wSSConsumerConfig = (WSSConsumerConfig) map.get("com.ibm.wsspi.wssecurity.config.wssConsumer.configKey");
        SignatureConsumerConfig signatureConsumerConfig = (SignatureConsumerConfig) map.remove(SignatureConsumerConfig.CONFIG_KEY);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("SignatureConsumerConfig [").append(signatureConsumerConfig).append("].").toString());
        }
        Document ownerDocument = element.getOwnerDocument();
        VerificationResult checkSignature = checkSignature(ownerDocument, element, wSSConsumerConfig, signatureConsumerConfig, this._idResolver, str, str2, isTrue, map);
        if (checkSignature._domRequired) {
            ownerDocument = checkSignature._copiedDOM;
            NodeList oneOrMoreElements = DOMUtil.getOneOrMoreElements(ownerDocument.getDocumentElement(), Constants.NS_DSIG, SOAPSignature.ELEM_SIGNATURE);
            int i2 = 0;
            while (true) {
                if (i2 >= oneOrMoreElements.getLength()) {
                    break;
                }
                if (DOMUtil.equals(element, oneOrMoreElements.item(i2))) {
                    element = (Element) oneOrMoreElements.item(i2);
                    break;
                }
                i2++;
            }
        }
        verify(element, callKeyInfoConsumer(signatureConsumerConfig.getSigningKeyInfo(), WSSKeyInfoComponent.KEY_VERIFYING, new HashMap(), this._selectors, KeyInfo.searchForKeyInfo(element), map), wSSConsumerConfig, signatureConsumerConfig, this._idResolver, ownerDocument, checkSignature, this._selectors, map);
        setVerificationResult(checkSignature, signatureConsumerConfig, map);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "invoke(Node target,Map context)");
        }
    }

    private static VerificationResult checkSignature(Document document, Element element, WSSConsumerConfig wSSConsumerConfig, SignatureConsumerConfig signatureConsumerConfig, IDResolver iDResolver, String str, String str2, boolean z, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("checkSignature(Document doc[").append(DOMUtil.getDisplayName(document)).append("],").append("Element signature[").append(DOMUtil.getDisplayName(element)).append("],").append("WSSConsumerConfig gconfig,").append("SignatureConsumerConfig config,").append("IDResolver idResolver[").append(iDResolver).append("],").append("String nsWsse[").append(str).append("],").append("String nsWsu[").append(str2).append("],").append("boolean domRequired[").append(z).append("],").append("Map context)").toString());
        }
        VerificationResult verificationResult = new VerificationResult(signatureConsumerConfig);
        Element firstElement = DOMUtil.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                break;
            }
            String namespaceURI = element2.getNamespaceURI();
            String localName = element2.getLocalName();
            int hashCode = (namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode());
            if (hashCode == Constants.HASH_DS_SIGNEDINFO) {
                checkSignedInfo(document, element2, wSSConsumerConfig, signatureConsumerConfig, verificationResult, iDResolver, str, str2, z, map);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append(localName).append(" is OK.").toString());
                }
            } else if (hashCode == Constants.HASH_DS_KEYINFO || hashCode == Constants.HASH_DS_SIGNATUREVALUE) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append(localName).append(" is OK.").toString());
                }
            } else if (hashCode == Constants.HASH_DS_OBJECT) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append(localName).append(" is OK. But this consumer ignores it.").toString());
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("WARNING: There is unknown element ").append(DOMUtil.getQualifiedName(element2)).append(" in the ").append(DOMUtil.getQualifiedName(element)).append(" element.").toString());
            }
            firstElement = DOMUtil.getNextElement(element2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("checkSignature(Document doc,Element signature,WSSConsumerConfig gconfig,SignatureConsumerConfig config,IDResolver idResolver,String nsWsse,String nsWsu,boolean domRequired,Map context) returns VerificationResult[").append(verificationResult).append(CeiString.END_SQUARE_BRACKET).toString());
        }
        return verificationResult;
    }

    /* JADX WARN: Code restructure failed: missing block: B:32:0x0130, code lost:
    
        throw com.ibm.wsspi.wssecurity.SoapSecurityException.format(com.ibm.ws.webservices.wssecurity.Constants.UNSUPPORTED_ALGORITHM, "security.wssecurity.PrivateConsumerConfig.s08", r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkSignedInfo(org.w3c.dom.Document r11, org.w3c.dom.Element r12, com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig r13, com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig r14, com.ibm.ws.webservices.wssecurity.dsig.VerificationResult r15, com.ibm.ws.wssecurity.xss4j.dsig.IDResolver r16, java.lang.String r17, java.lang.String r18, boolean r19, java.util.Map r20) throws com.ibm.wsspi.wssecurity.SoapSecurityException {
        /*
            Method dump skipped, instructions count: 649
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.webservices.wssecurity.dsig.SignatureConsumer.checkSignedInfo(org.w3c.dom.Document, org.w3c.dom.Element, com.ibm.ws.webservices.wssecurity.config.WSSConsumerConfig, com.ibm.ws.webservices.wssecurity.config.SignatureConsumerConfig, com.ibm.ws.webservices.wssecurity.dsig.VerificationResult, com.ibm.ws.wssecurity.xss4j.dsig.IDResolver, java.lang.String, java.lang.String, boolean, java.util.Map):void");
    }

    private static void checkReference(Document document, Element element, WSSConsumerConfig wSSConsumerConfig, List list, VerificationResult verificationResult, IDResolver iDResolver, String str, String str2, boolean z, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("checkReference(Document doc[").append(DOMUtil.getDisplayName(document)).append("],").append("Element reference[").append(DOMUtil.getDisplayName(element)).append("],").append("WSSConsumerConfig gconfig,").append("List config,").append("VerificationResult vresult[").append(verificationResult).append("],").append("IDResolver idResolver[").append(iDResolver).append("],").append("String nsWsse[").append(str).append("],").append("String nsWsu[").append(str2).append("],").append("boolean domRequired[").append(z).append("],").append("Map context)").toString());
        }
        boolean z2 = false;
        Exception[] excArr = new Exception[list.size()];
        int i = 0;
        int i2 = 0;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                SigningReferenceConfig signingReferenceConfig = (SigningReferenceConfig) it.next();
                i2 = verificationResult._verifiedParts.size() - 1;
                checkReference(document, element, wSSConsumerConfig, signingReferenceConfig, verificationResult, iDResolver, str, str2, z, map);
                verificationResult._srconfig = signingReferenceConfig;
                z2 = true;
                break;
            } catch (Exception e) {
                int i3 = i;
                i++;
                excArr[i3] = e;
                for (int size = verificationResult._verifiedParts.size() - 1; size > i2; size--) {
                    verificationResult._verifiedParts.remove(size);
                }
            }
        }
        if (!z2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append(i).append(" exceptions were catched.").toString());
                for (int i4 = 0; i4 < i; i4++) {
                    Tr.debug(tc, new StringBuffer().append("No.").append(it).append("'s exception: ").append(excArr[i4]).toString());
                }
            }
            throw SoapSecurityException.format("security.wssecurity.SignatureConsumer.s12", excArr[i - 1]);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkReference(Document doc,Element reference,WSSConsumerConfig gconfig,List config,VerificationResult vresult,IDResolver idResolver,String nsWsse,String nsWsu,boolean domRequired,Map context)");
        }
    }

    private static void checkReference(Document document, Element element, WSSConsumerConfig wSSConsumerConfig, SigningReferenceConfig signingReferenceConfig, VerificationResult verificationResult, IDResolver iDResolver, String str, String str2, boolean z, Map map) throws SoapSecurityException {
        Element resolveID;
        String attribute;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("checkReference(Document doc[").append(DOMUtil.getDisplayName(document)).append("],").append("Element reference[").append(DOMUtil.getDisplayName(element)).append("],").append("WSSConsumerConfig gconfig,").append("SigningReferenceConfig config,").append("VerificationResult vresult[").append(verificationResult).append("],").append("IDResolver idResolver[").append(iDResolver).append("],").append("String nsWsse[").append(str).append("],").append("String nsWsu[").append(str2).append("],").append("boolean domRequired[").append(z).append("],").append("Map context)").toString());
        }
        VerificationResult.VerifiedPart verifiedPart = new VerificationResult.VerifiedPart();
        Element firstElement = DOMUtil.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                if (verificationResult._domRequired) {
                    document = verificationResult._copiedDOM;
                } else if (verifiedPart._domRequired) {
                    Document document2 = (Document) document.cloneNode(true);
                    verificationResult._domRequired = true;
                    verificationResult._copiedDOM = document2;
                    document = document2;
                }
                String attribute2 = DOMUtil.getAttribute(element, PmiReqMetrics.URI_FILTER_TYPE);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Processing URI [").append(attribute2).append("]...").toString());
                }
                if (attribute2.length() == 0) {
                    resolveID = document.getDocumentElement();
                } else {
                    if (attribute2.length() < 2 || attribute2.charAt(0) != '#') {
                        throw SoapSecurityException.format("security.wssecurity.SignatureConsumer.s02", attribute2);
                    }
                    resolveID = iDResolver.resolveID(document, attribute2.substring(1));
                }
                verifiedPart._parent = resolveID.getParentNode();
                verifiedPart._object = resolveID;
                Element timestamp = NonceUtil.getTimestamp(resolveID, str2);
                verifiedPart._timestamp = timestamp;
                Element nonce = NonceUtil.getNonce(resolveID, str);
                verifiedPart._nonce = nonce;
                verifiedPart._noncefirst = NonceUtil.isNonceFirst(resolveID, nonce, timestamp);
                verificationResult._verifiedParts.add(verifiedPart);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Added Verified part[").append(verifiedPart).append("].").toString());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkReference(Document doc,Element reference,WSSConsumerConfig gconfig,SignatureConsumerConfig config,List parts,IDResolver idResolver,String nsWsse,String nsWsu,boolean domRequired,Map context)");
                    return;
                }
                return;
            }
            String namespaceURI = element2.getNamespaceURI();
            String localName = element2.getLocalName();
            int hashCode = (namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode());
            if (hashCode == Constants.HASH_DS_TRANSFORMS) {
                checkTransforms(element2, wSSConsumerConfig, signingReferenceConfig.getTransforms(), verifiedPart, z, map);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append(localName).append(" is OK.").toString());
                }
            } else if (hashCode == Constants.HASH_DS_DIGESTMETHOD) {
                attribute = DOMUtil.getAttribute(element2, "Algorithm");
                String str3 = null;
                if (signingReferenceConfig.getDigestMethod() != null) {
                    str3 = signingReferenceConfig.getDigestMethod().getAlgorithm();
                }
                if (str3 == null || !str3.equals(attribute) || !wSSConsumerConfig.getAllowedDigestMethods().contains(attribute)) {
                    break;
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append(localName).append(" [").append(attribute).append("] is OK.").toString());
                }
            } else if (hashCode == Constants.HASH_DS_DIGESTVALUE) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append(localName).append(" is OK.").toString());
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("WARNING: There is unknown element ").append(DOMUtil.getQualifiedName(element2)).append(" in the ").append(DOMUtil.getQualifiedName(element)).append(" element.").toString());
            }
            firstElement = DOMUtil.getNextElement(element2);
        }
        throw SoapSecurityException.format(Constants.UNSUPPORTED_ALGORITHM, "security.wssecurity.PrivateConsumerConfig.s11", attribute);
    }

    private static void checkTransforms(Element element, WSSConsumerConfig wSSConsumerConfig, List list, VerificationResult.VerifiedPart verifiedPart, boolean z, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("checkTransform(Element transforms[").append(DOMUtil.getDisplayName(element)).append("],").append("WSSConsumerConfig gconfig,").append("List config[").append(list).append("],").append("VerifiedPart part[").append(verifiedPart).append("],").append("boolean domRequired[").append(z).append("],").append("Map context])").toString());
        }
        Element firstElement = DOMUtil.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                break;
            }
            Element nextElement = DOMUtil.getNextElement(element2);
            String namespaceURI = element2.getNamespaceURI();
            String localName = element2.getLocalName();
            if ((namespaceURI == null ? 0 : namespaceURI.hashCode() * 31) + (localName == null ? 0 : localName.hashCode()) == Constants.HASH_DS_TRANSFORM) {
                checkTransform(element2, nextElement == null, wSSConsumerConfig, list, verifiedPart, z, map);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append(localName).append(" is OK.").toString());
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("WARNING: There is unknown element ").append(DOMUtil.getQualifiedName(element2)).append(" in the ").append(DOMUtil.getQualifiedName(element)).append(" element.").toString());
            }
            firstElement = nextElement;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkTransform(Element transforms,WSSConsumerConfig gconfig,List config,VerifiedPart part,boolean domRequired,Map context)");
        }
    }

    private static void checkTransform(Element element, boolean z, WSSConsumerConfig wSSConsumerConfig, List list, VerificationResult.VerifiedPart verifiedPart, boolean z2, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("checkTransform(Element transform[").append(DOMUtil.getDisplayName(element)).append("],").append("boolean lastTransform[").append(z).append("],").append("WSSConsumerConfig gconfig,").append("List config[").append(list).append("],").append("VerifiedPart part[").append(verifiedPart).append("],").append("boolean domRequired[").append(z2).append("],").append("Map context)").toString());
        }
        boolean z3 = false;
        Iterator it = list.iterator();
        String attribute = element.getAttribute("Algorithm");
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((AlgorithmConfig) it.next()).getAlgorithm().equals(attribute) && wSSConsumerConfig.getAllowedTransforms().contains(attribute)) {
                z3 = true;
                break;
            }
        }
        if (!z3) {
            throw SoapSecurityException.format(Constants.UNSUPPORTED_ALGORITHM, "security.wssecurity.PrivateConsumerConfig.s12", attribute);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Transform [").append(attribute).append("] is OK.").toString());
        }
        if (ConfigUtil.isC14nTransform(attribute)) {
            verifiedPart._numC14n++;
            if (z) {
                verifiedPart._lastIsC14n = true;
            }
        } else if (z2 && ConfigUtil.isDOMRequiredTransform(attribute)) {
            verifiedPart._domRequired = z2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkTransform(List config,WSSConsumerConfig gconfig,String algorithm,VerifiedPart part,boolean domRequired,Map context)");
        }
    }

    private static void verify(Element element, Key key, WSSConsumerConfig wSSConsumerConfig, SignatureConsumerConfig signatureConsumerConfig, IDResolver iDResolver, Document document, VerificationResult verificationResult, Map map, Map map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("verify(Element signature[").append(DOMUtil.getDisplayName(element)).append("],").append("Key key[").append(key).append("],").append("WSSConsumerConfig gconfig,").append("SignatureConsumerConfig config,").append("IDResolver idResolver[").append(iDResolver).append("],").append("Document document[").append(DOMUtil.getDisplayName(document)).append("],").append("VerificationResult vresult[").append(verificationResult).append("],").append("Map selectors,").append("Map context)").toString());
        }
        WSSSignatureContext wSSSignatureContext = new WSSSignatureContext();
        wSSSignatureContext.setContext(map2);
        Map properties = wSSConsumerConfig.getProperties();
        String str = (String) map2.remove(Constants.CON_KEY_STORE_NAME);
        wSSSignatureContext.setHWKeyStoreName(str);
        wSSSignatureContext.setSigAlgorithm(signatureConsumerConfig.getSignatureMethod() != null ? signatureConsumerConfig.getSignatureMethod().getAlgorithm() : null);
        if (wSSSignatureContext.useHWKeyStore()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HARDWARE Key Store Name is: ", wSSSignatureContext.getHWKeyStoreName());
            }
            Provider hWCryptoProviderInstance = ConfigUtil.getHWCryptoProviderInstance(wSSSignatureContext.getHWKeyStoreName());
            if (hWCryptoProviderInstance == null) {
                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
            } else {
                wSSSignatureContext.setHWKeyStoreProvider(hWCryptoProviderInstance);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("HW crypto provider instance for the HW KeyStore").append(hWCryptoProviderInstance.getName()).toString());
                }
            }
        }
        String str2 = (String) properties.get(Constants.HARDWARE_CONFIG_NAME);
        wSSSignatureContext.setHWConfigName(str2);
        wSSSignatureContext.setOffload((Boolean) properties.get(ConfigConstants.OFFLOAD_RSA_PUBKEY_CRYPTO));
        if (wSSSignatureContext.shouldChangeProvider()) {
            HWKeyCache hWKeyCache = HWKeyCache.getInstance();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HARDWARE Acceleration enabled, Key Store Name is: ", wSSSignatureContext.getHWConfigName());
            }
            Provider hWCryptoProviderInstance2 = ConfigUtil.getHWCryptoProviderInstance(wSSSignatureContext.getHWConfigName());
            if (hWCryptoProviderInstance2 == null) {
                Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware acceleration, continue processing.");
            } else {
                wSSSignatureContext.setHWAccelerationProvider(hWCryptoProviderInstance2);
                hWKeyCache.setProvider(hWCryptoProviderInstance2, (Integer) properties.get(ConfigConstants.HARDWARE_CACHE_SIZE));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("HW crypto provider instance for HW Acceleration").append(hWCryptoProviderInstance2.getName()).toString());
                }
            }
        }
        if ((key instanceof PKCS11Key) && ((str2 == null || str2.length() == 0) && (str == null || str.length() == 0))) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "PKCS11 Key is in use, but did not find hardware keystore/acceleration in the config");
            }
            String str3 = (String) properties.get(Constants.DEFAULT_BND_HW_KEYSTORE);
            if (str3 != null) {
                wSSSignatureContext.setHWKeyStoreName(str3);
                if (!wSSSignatureContext.useHWKeyStore()) {
                    Tr.error(tc, "Missing Hardware KeyStore Configuration, cannot use the PKCS11 type for signing");
                    throw SoapSecurityException.format("Missing Hardware KeyStore Configuration");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HARDWARE Key Store Name is: ", wSSSignatureContext.getHWKeyStoreName());
                }
                Provider hWCryptoProviderInstance3 = ConfigUtil.getHWCryptoProviderInstance(wSSSignatureContext.getHWKeyStoreName());
                if (hWCryptoProviderInstance3 == null) {
                    Tr.audit(tc, "Failure to get Hardware crypto provider instance to use hardware keystore, continue processing.");
                } else {
                    wSSSignatureContext.setHWKeyStoreProvider(hWCryptoProviderInstance3);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("HW crypto provider instance for the HW KeyStore").append(hWCryptoProviderInstance3.getName()).toString());
                    }
                }
            }
        }
        if (tc.isDebugEnabled()) {
            wSSSignatureContext.setResourceShower(ShowerImpl.access$000());
        }
        if (iDResolver != null) {
            wSSSignatureContext.setIDResolver(iDResolver);
        }
        HashSet hashSet = new HashSet();
        Iterator it = wSSConsumerConfig.getSignatureConsumers().iterator();
        while (it.hasNext()) {
            hashSet.add(((SignatureConsumerConfig) it.next()).getSigningKeyInfo());
        }
        HashSet hashSet2 = new HashSet();
        Iterator it2 = wSSConsumerConfig.getEncryptionConsumers().iterator();
        while (it2.hasNext()) {
            hashSet2.add(((EncryptionConsumerConfig) it2.next()).getEncryptionKeyInfo());
        }
        Set tokenConsumers = wSSConsumerConfig.getTokenConsumers();
        WSSAlgorithmFactory algorithmFactory = wSSConsumerConfig.getAlgorithmFactory();
        wSSSignatureContext.setAlgorithmFactory(algorithmFactory);
        wSSSignatureContext.setDocument(document);
        if (signatureConsumerConfig.getKeyInfoSignature() != null) {
            wSSSignatureContext.setKeyInfoSignature(signatureConsumerConfig.getKeyInfoSignature().getAlgorithm());
        } else {
            wSSSignatureContext.setKeyInfoSignature(null);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("DecryptionTransform is used: ").append(signatureConsumerConfig.isDecryptionTransformEnabled()).toString());
        }
        if (signatureConsumerConfig.isDecryptionTransformEnabled()) {
            try {
                wSSSignatureContext.setEncryptedKeyRetriever(new SameDocumentEncryptedKeyRetriever(document));
                XMLDTKeyInfoResolver xMLDTKeyInfoResolver = new XMLDTKeyInfoResolver();
                xMLDTKeyInfoResolver.setAlgorithmFactory(algorithmFactory);
                xMLDTKeyInfoResolver.setContext(map2);
                xMLDTKeyInfoResolver.setSelectors(map);
                xMLDTKeyInfoResolver.setIdResolver(iDResolver);
                xMLDTKeyInfoResolver.setEncKeyInfoConsumers(hashSet2);
                xMLDTKeyInfoResolver.setTokenConsumers(tokenConsumers);
                wSSSignatureContext.setKeyInfoResolver(xMLDTKeyInfoResolver);
            } catch (StructureException e) {
                Tr.processException(e, new StringBuffer().append(clsName).append(".verify").toString(), "826");
                throw new SoapSecurityException((Throwable) e);
            }
        }
        STRDTKeyInfoResolver sTRDTKeyInfoResolver = new STRDTKeyInfoResolver();
        sTRDTKeyInfoResolver.setContext(map2);
        sTRDTKeyInfoResolver.setSelectors(map);
        sTRDTKeyInfoResolver.setDsigKeyInfoSet(hashSet);
        sTRDTKeyInfoResolver.setEncKeyInfoSet(hashSet2);
        sTRDTKeyInfoResolver.setGeneration(false);
        sTRDTKeyInfoResolver.setIdResolver(iDResolver);
        wSSSignatureContext.setSTRDTKeyInfoResolver(sTRDTKeyInfoResolver);
        wSSSignatureContext.setVerificationResult(verificationResult);
        try {
            Validity verify = wSSSignatureContext.verify(element, key);
            if (wSSSignatureContext.isHWAccelerationProvider()) {
                ConfigUtil.returnHWCryptoProviderInstance(wSSSignatureContext.getHWConfigName(), wSSSignatureContext.getHWAccelerationProvider());
            }
            if (wSSSignatureContext.useHWKeyStore()) {
                ConfigUtil.returnHWCryptoProviderInstance(wSSSignatureContext.getHWKeyStoreName(), wSSSignatureContext.getHWKeyStoreProvider());
            }
            boolean coreValidity = verify.getCoreValidity();
            String str4 = null;
            if (!coreValidity || tc.isDebugEnabled()) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("Core validity=");
                stringBuffer.append(coreValidity);
                stringBuffer.append(" Signed info validity=");
                stringBuffer.append(verify.getSignedInfoValidity());
                stringBuffer.append(" Signed info message='");
                stringBuffer.append(verify.getSignedInfoMessage());
                stringBuffer.append("'");
                int numberOfReferences = verify.getNumberOfReferences();
                for (int i = 0; i < numberOfReferences; i++) {
                    stringBuffer.append(" Ref[");
                    stringBuffer.append(it2);
                    stringBuffer.append("](validity=");
                    stringBuffer.append(verify.getReferenceValidity(i));
                    stringBuffer.append(" message='");
                    stringBuffer.append(verify.getReferenceMessage(i));
                    stringBuffer.append("' uri='");
                    stringBuffer.append(verify.getReferenceURI(i));
                    stringBuffer.append("' type='");
                    stringBuffer.append(verify.getReferenceType(i));
                    stringBuffer.append("')");
                }
                str4 = stringBuffer.toString();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, str4);
                }
                if (coreValidity) {
                    str4 = null;
                }
            }
            if (str4 != null) {
                throw SoapSecurityException.format("security.wssecurity.SignatureConsumer.s01", str4);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "verify(Element signature,Key key,WSSConsumerConfig gconfig,SignatureConsumerConfig config,IDResolver idResolver,Document document,VerificationResult vresult,Map selectors,Map context)");
            }
        } catch (Throwable th) {
            if (wSSSignatureContext.isHWAccelerationProvider()) {
                ConfigUtil.returnHWCryptoProviderInstance(wSSSignatureContext.getHWConfigName(), wSSSignatureContext.getHWAccelerationProvider());
            }
            if (wSSSignatureContext.useHWKeyStore()) {
                ConfigUtil.returnHWCryptoProviderInstance(wSSSignatureContext.getHWKeyStoreName(), wSSSignatureContext.getHWKeyStoreProvider());
            }
            throw th;
        }
    }

    public static Key callKeyInfoConsumer(KeyInfoConsumerConfig keyInfoConsumerConfig, String str, Map map, Map map2, Element element, Map map3) throws SoapSecurityException {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("callKeyInfoConsumer(KeyInfoConsumerConfig config,String keytype[").append(str).append("],").append("Map type,").append("Map properties,").append("Element target[").append(DOMUtil.getDisplayName(element)).append("],").append("Map context)").toString());
        }
        if (class$com$ibm$ws$webservices$wssecurity$keyinfo$KeyInfoConsumer == null) {
            cls = class$("com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoConsumer");
            class$com$ibm$ws$webservices$wssecurity$keyinfo$KeyInfoConsumer = cls;
        } else {
            cls = class$com$ibm$ws$webservices$wssecurity$keyinfo$KeyInfoConsumer;
        }
        KeyInfoConsumer keyInfoConsumer = (KeyInfoConsumer) map2.get(cls);
        map.clear();
        map.put(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_TYPE, str);
        map3.put(KeyInfoConsumerConfig.CONFIG_KEY, keyInfoConsumerConfig);
        Key key = keyInfoConsumer.getKey(element, map, map3);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("callKeyInfoConsumer(KeyInfoConsumerConfig config,String keytype,Map type,Map properties,Element target,Map context) returns Key[").append(key).append(CeiString.END_SQUARE_BRACKET).toString());
        }
        return key;
    }

    private static void setVerificationResult(VerificationResult verificationResult, SignatureConsumerConfig signatureConsumerConfig, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("setVerificationResult(VerificationResult vresult[").append(verificationResult).append("],").append("SignatureConsumerConfig sconfig,").append("Map context)").toString());
        }
        for (VerificationResult.VerifiedPart verifiedPart : verificationResult._verifiedParts) {
            removeNode(verifiedPart._timestamp, Constants.WAS_EXTENTION_DSIG);
            removeNode(verifiedPart._nonce, Constants.WAS_EXTENTION_DSIG);
        }
        verificationResult._token = getToken(verificationResult, signatureConsumerConfig, map);
        ResultPool.add(map, verificationResult);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setVerificationResult(VerificationResult vresult,SignatureConsumerConfig sconfig,Map context)");
        }
    }

    public static void removeNode(Element element, String str) {
        String attribute;
        Node parentNode;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("removeNode(Element element[").append(DOMUtil.getDisplayName(element)).append("],").append("String type[").append(str).append("])").toString());
        }
        if (element != null && (attribute = element.getAttribute(Constants.WAS_EXTENTION)) != null && attribute.equals(str) && (parentNode = element.getParentNode()) != null) {
            parentNode.removeChild(element);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeNode(Element element,String type)");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static KeyInfoResult[] getKeyInfoResults(Map map) {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyInfoResults(Map context)");
        }
        KeyInfoResult[] keyInfoResultArr = null;
        if (class$com$ibm$ws$webservices$wssecurity$keyinfo$KeyInfoResult == null) {
            cls = class$("com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoResult");
            class$com$ibm$ws$webservices$wssecurity$keyinfo$KeyInfoResult = cls;
        } else {
            cls = class$com$ibm$ws$webservices$wssecurity$keyinfo$KeyInfoResult;
        }
        Result[] resultArr = ResultPool.get(map, cls);
        if (resultArr != null) {
            keyInfoResultArr = new KeyInfoResult[resultArr.length];
            for (int i = 0; i < resultArr.length; i++) {
                keyInfoResultArr[i] = (KeyInfoResult) resultArr[i];
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getKeyInfoResults(Map context) returns KeyInfoResult[][").append(keyInfoResultArr).append(CeiString.END_SQUARE_BRACKET).toString());
        }
        return keyInfoResultArr;
    }

    private static KeyInfoResult getProcessedResult(VerificationResult verificationResult, KeyInfoResult[] keyInfoResultArr, List list) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProcessedResult(VerificationResult vresult,KeyInfoResult[] results,List kclist");
        }
        KeyInfoResult keyInfoResult = null;
        if (keyInfoResultArr != null) {
            for (KeyInfoResult keyInfoResult2 : keyInfoResultArr) {
                if (keyInfoResult == null && list.contains(keyInfoResult2.getKeyInfoContentConsumer()) && keyInfoResult2.getError() == null) {
                    keyInfoResult = keyInfoResult2;
                } else {
                    verificationResult._kresults.put(keyInfoResult2.getKeyInfoContentConsumer(), keyInfoResult2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getProcessedResult(VerificationResult vresult,KeyInfoResult[] results,List kclist) returns KeyInfoResult[").append(keyInfoResult).append(CeiString.END_SQUARE_BRACKET).toString());
        }
        return keyInfoResult;
    }

    private static Token getToken(VerificationResult verificationResult, SignatureConsumerConfig signatureConsumerConfig, Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("getToken(VerificationResult vresult[").append(verificationResult).append("],").append("SignatureConsumerConfig sconfig,").append("Map context)").toString());
        }
        Token token = null;
        Set set = null;
        KeyInfoResult[] keyInfoResults = getKeyInfoResults(map);
        KeyInfoResult processedResult = getProcessedResult(verificationResult, keyInfoResults, signatureConsumerConfig.getSigningKeyInfo().getContentConsumers());
        if (processedResult != null) {
            String idInSubject = processedResult.getIdInSubject();
            token = TokenManager.getToken(map, processedResult.getKeyInfoContentConsumer().getTokenConsumer(), idInSubject);
            if (token != null) {
                if (token.getError() != null) {
                    throw token.getError();
                }
                token.setReferenced(true);
            }
            set = TokenManager.getTokens(map, idInSubject);
        }
        List<VerifiedConfig> list = (List) signatureConsumerConfig.getIdentityMap().get(verificationResult._srconfig);
        if (list != null && list.size() > 0) {
            for (VerifiedConfig verifiedConfig : list) {
                for (KeyInfoContentConsumerConfig keyInfoContentConsumerConfig : verifiedConfig._sconfig.getSigningKeyInfo().getContentConsumers()) {
                    int i = 0;
                    while (true) {
                        if (i >= keyInfoResults.length) {
                            break;
                        }
                        if (keyInfoContentConsumerConfig.equals(keyInfoResults[i].getKeyInfoContentConsumer())) {
                            verificationResult._identities.put(verifiedConfig, keyInfoResults[i]);
                            break;
                        }
                        i++;
                    }
                }
            }
        }
        if (set != null && set.size() > 0) {
            for (KeyInfoResult keyInfoResult : keyInfoResults) {
                TokenConsumerConfig tokenConsumer = keyInfoResult.getKeyInfoContentConsumer().getTokenConsumer();
                if (tokenConsumer != null) {
                    Iterator it = set.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            Token token2 = (Token) it.next();
                            if (tokenConsumer.equals(token2.getUsedTokenConsumer())) {
                                verificationResult._kresults.put(keyInfoResult, token2);
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getToken(VerificationResult vresult,SignatureConsumerConfig sconfig,Map context)returns Token[").append(token).append(CeiString.END_SQUARE_BRACKET).toString());
        }
        return token;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$com$ibm$ws$webservices$wssecurity$dsig$SignatureConsumer == null) {
            cls = class$("com.ibm.ws.webservices.wssecurity.dsig.SignatureConsumer");
            class$com$ibm$ws$webservices$wssecurity$dsig$SignatureConsumer = cls;
        } else {
            cls = class$com$ibm$ws$webservices$wssecurity$dsig$SignatureConsumer;
        }
        tc = Tr.register(cls, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
        if (class$com$ibm$ws$webservices$wssecurity$dsig$SignatureConsumer == null) {
            cls2 = class$("com.ibm.ws.webservices.wssecurity.dsig.SignatureConsumer");
            class$com$ibm$ws$webservices$wssecurity$dsig$SignatureConsumer = cls2;
        } else {
            cls2 = class$com$ibm$ws$webservices$wssecurity$dsig$SignatureConsumer;
        }
        clsName = cls2.getName();
    }
}
