package com.sun.xml.wss.impl.dsig;

import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.ReferenceElement;
import com.sun.xml.wss.core.SecurityToken;
import com.sun.xml.wss.core.SecurityTokenReference;
import com.sun.xml.wss.core.X509SecurityToken;
import com.sun.xml.wss.core.reference.DirectReference;
import com.sun.xml.wss.core.reference.KeyIdentifier;
import com.sun.xml.wss.core.reference.X509IssuerSerial;
import com.sun.xml.wss.core.reference.X509SubjectKeyIdentifier;
import com.sun.xml.wss.core.reference.X509ThumbPrintIdentifier;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.XMLUtil;
import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
import com.sun.xml.wss.impl.config.ConfigurationConstants;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.saml.Assertion;
import com.sun.xml.wss.saml.AssertionUtil;
import com.sun.xml.wss.saml.util.SAMLUtil;
import java.lang.reflect.Constructor;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.crypto.Data;
import javax.xml.crypto.NodeSetData;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.URIReference;
import javax.xml.crypto.URIReferenceException;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dom.DOMURIReference;
import javax.xml.soap.AttachmentPart;
import javax.xml.soap.SOAPPart;
import org.w3c.dom.Attr;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:spg-ui-war-2.1.29rel-2.1.24.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/dsig/DSigResolver.class */
public class DSigResolver implements URIDereferencer {
    private static volatile DSigResolver resolver = null;
    private static Logger logger = Logger.getLogger(LogDomainConstants.IMPL_SIGNATURE_DOMAIN, LogDomainConstants.IMPL_SIGNATURE_DOMAIN_BUNDLE);
    private Class _nodeSetClass;
    private Constructor _constructor;
    private String optNSClassName = "org.jcp.xml.dsig.internal.dom.DOMSubTreeData";
    private Boolean _false = false;

    private DSigResolver() {
        this._nodeSetClass = null;
        this._constructor = null;
        try {
            this._nodeSetClass = Class.forName(this.optNSClassName);
            this._constructor = this._nodeSetClass.getConstructor(Node.class, Boolean.TYPE);
        } catch (ClassNotFoundException e) {
            logger.log(Level.FINE, "Not able load JSR 105 RI specific NodeSetData class ", (Throwable) e);
        } catch (LinkageError e2) {
            logger.log(Level.FINE, "Not able load JSR 105 RI specific NodeSetData class ", (Throwable) e2);
        } catch (NoSuchMethodException e3) {
        }
    }

    public static URIDereferencer getInstance() {
        if (resolver == null) {
            init();
        }
        return resolver;
    }

    private static void init() {
        if (resolver == null) {
            synchronized (DSigResolver.class) {
                if (resolver == null) {
                    resolver = new DSigResolver();
                }
            }
        }
    }

    public Data dereference(URIReference uRIReference, XMLCryptoContext xMLCryptoContext) throws URIReferenceException {
        try {
            if (!(uRIReference instanceof DOMURIReference)) {
                return dereferenceURI(uRIReference.getURI(), xMLCryptoContext);
            }
            Node here = ((DOMURIReference) uRIReference).getHere();
            if (here.getNodeType() == 2) {
                return dereferenceURI(uRIReference.getURI(), xMLCryptoContext);
            }
            if (here.getNodeType() == 1 && "SecurityTokenReference".equals(here.getLocalName())) {
                return derefSecurityTokenReference(here, xMLCryptoContext);
            }
            return null;
        } catch (XWSSecurityException e) {
            if (logger.getLevel() == Level.FINEST) {
                logger.log(Level.FINEST, "Error occurred while resolving" + ((String) null), (Throwable) e);
            }
            throw new URIReferenceException(e.getMessage());
        }
    }

    Data dereferenceURI(String str, XMLCryptoContext xMLCryptoContext) throws URIReferenceException, XWSSecurityException {
        FilterProcessingContext filterProcessingContext = (FilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT);
        filterProcessingContext.getSecurableSoapMessage();
        if (str != null && !str.equals("")) {
            return str.charAt(0) == '#' ? dereferenceFragment(SecurableSoapMessage.getIdFromFragmentRef(str), xMLCryptoContext) : (str.startsWith("cid:") || str.startsWith(MessageConstants.ATTACHMENTREF)) ? dereferenceAttachments(str, xMLCryptoContext) : str.startsWith("http") ? dereferenceExternalResource(str, xMLCryptoContext) : dereferenceFragment(str, xMLCryptoContext);
        }
        SOAPPart sOAPPart = filterProcessingContext.getSOAPMessage().getSOAPPart();
        if (this._constructor == null) {
            return convertToData(sOAPPart, true);
        }
        try {
            return (Data) this._constructor.newInstance(sOAPPart, this._false);
        } catch (Exception e) {
            return convertToData(sOAPPart, true);
        }
    }

    Data dereferenceExternalResource(final String str, XMLCryptoContext xMLCryptoContext) throws URIReferenceException, XWSSecurityException {
        URIDereferencer defaultResolver = WSSPolicyConsumerImpl.getInstance().getDefaultResolver();
        final Attr createAttribute = ((FilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT)).getSecurableSoapMessage().getSOAPMessage().getSOAPPart().createAttribute("uri");
        createAttribute.setNodeValue(str);
        try {
            return defaultResolver.dereference(new DOMURIReference() { // from class: com.sun.xml.wss.impl.dsig.DSigResolver.1
                public String getURI() {
                    return str;
                }

                public String getType() {
                    return null;
                }

                public Node getHere() {
                    return createAttribute;
                }
            }, xMLCryptoContext);
        } catch (URIReferenceException e) {
            logger.log(Level.SEVERE, "WSS1325.dsig.externaltarget", str);
            throw e;
        }
    }

    Data dereferenceAttachments(String str, XMLCryptoContext xMLCryptoContext) throws URIReferenceException, XWSSecurityException {
        AttachmentPart attachmentPart = ((FilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT)).getSecurableSoapMessage().getAttachmentPart(str);
        if (attachmentPart == null) {
            throw new URIReferenceException("Attachment Resource with Identifier  " + str + " was not found");
        }
        if (1 == 0) {
            throw new UnsupportedOperationException("Not yet supported ");
        }
        AttachmentData attachmentData = new AttachmentData();
        attachmentData.setAttachmentPart(attachmentPart);
        return attachmentData;
    }

    Data dereferenceFragment(String str, XMLCryptoContext xMLCryptoContext) throws URIReferenceException, XWSSecurityException {
        Object obj;
        FilterProcessingContext filterProcessingContext = (FilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT);
        HashMap elementCache = filterProcessingContext.getElementCache();
        if (elementCache.size() > 0 && (obj = elementCache.get(str)) != null) {
            if (this._constructor == null) {
                return convertToData((Element) obj, true);
            }
            try {
                return (Data) this._constructor.newInstance(obj, this._false);
            } catch (Exception e) {
                return convertToData((Element) obj, true);
            }
        }
        Element elementById = filterProcessingContext.getSecurableSoapMessage().getElementById(str);
        if (elementById == null) {
            throw new URIReferenceException("Resource with fragment Identifier  " + str + " was not found");
        }
        if (this._constructor == null) {
            return convertToData(elementById, true);
        }
        try {
            return (Data) this._constructor.newInstance(elementById, this._false);
        } catch (Exception e2) {
            return convertToData(elementById, true);
        }
    }

    Data convertToData(final Node node, boolean z) {
        final HashSet hashSet = new HashSet();
        if (!z) {
            return new NodeSetData() { // from class: com.sun.xml.wss.impl.dsig.DSigResolver.3
                public Iterator iterator() {
                    return Collections.singletonList(node).iterator();
                }
            };
        }
        toNodeSet(node, hashSet);
        return new NodeSetData() { // from class: com.sun.xml.wss.impl.dsig.DSigResolver.2
            public Iterator iterator() {
                return hashSet.iterator();
            }
        };
    }

    void toNodeSet(Node node, Set set) {
        if (node == null) {
            return;
        }
        switch (node.getNodeType()) {
            case 1:
                set.add(node);
                if (((Element) node).hasAttributes()) {
                    NamedNodeMap attributes = ((Element) node).getAttributes();
                    for (int i = 0; i < attributes.getLength(); i++) {
                        set.add(attributes.item(i));
                    }
                    break;
                }
                break;
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            default:
                set.add(node);
                return;
            case 8:
                return;
            case 9:
                break;
            case 10:
                return;
        }
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return;
            }
            if (node2.getNodeType() == 3) {
                set.add(node2);
                while (node2 != null && node2.getNodeType() == 3) {
                    node2 = node2.getNextSibling();
                }
                if (node2 == null) {
                    return;
                }
            }
            toNodeSet(node2, set);
            firstChild = node2.getNextSibling();
        }
    }

    private Data derefSecurityTokenReference(Node node, XMLCryptoContext xMLCryptoContext) throws XWSSecurityException, URIReferenceException {
        Element asSoapElement;
        Element asSoapElement2;
        FilterProcessingContext filterProcessingContext = (FilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT);
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        SOAPPart sOAPPart = securableSoapMessage.getSOAPPart();
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(XMLUtil.convertToSoapElement(sOAPPart, (Element) node));
        ReferenceElement reference = securityTokenReference.getReference();
        HashMap tokenCache = filterProcessingContext.getTokenCache();
        Element element = null;
        if (reference instanceof DirectReference) {
            String substring = ((DirectReference) reference).getURI().substring(1);
            SecurityToken securityToken = (SecurityToken) tokenCache.get(substring);
            if (securityToken == null) {
                asSoapElement2 = securableSoapMessage.getElementById(substring);
                if (asSoapElement2 == null) {
                    throw new URIReferenceException("Could not locate token with following ID" + substring);
                }
            } else {
                asSoapElement2 = securityToken.getAsSoapElement();
            }
            asSoapElement = (Element) node.getOwnerDocument().importNode(asSoapElement2, true);
        } else if (reference instanceof KeyIdentifier) {
            String valueType = ((KeyIdentifier) reference).getValueType();
            String referenceValue = ((KeyIdentifier) reference).getReferenceValue();
            if (MessageConstants.X509SubjectKeyIdentifier_NS.equals(valueType) || MessageConstants.X509v3SubjectKeyIdentifier_NS.equals(valueType)) {
                X509Certificate x509Certificate = null;
                Object obj = tokenCache.get(referenceValue);
                if ((obj instanceof X509SubjectKeyIdentifier) && obj != null) {
                    x509Certificate = ((X509SubjectKeyIdentifier) obj).getCertificate();
                }
                if (x509Certificate == null) {
                    x509Certificate = filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), XMLUtil.getDecodedBase64EncodedData(referenceValue));
                }
                asSoapElement = new X509SecurityToken((Document) sOAPPart, x509Certificate).getAsSoapElement();
                try {
                    asSoapElement.removeAttribute(ConfigurationConstants.ENCODING_TYPE_ATTRIBUTE_NAME);
                } catch (DOMException e) {
                    throw new XWSSecurityRuntimeException(e.getMessage(), e);
                }
            } else if (MessageConstants.ThumbPrintIdentifier_NS.equals(valueType)) {
                X509Certificate x509Certificate2 = null;
                Object obj2 = tokenCache.get(referenceValue);
                if ((obj2 instanceof X509ThumbPrintIdentifier) && obj2 != null) {
                    x509Certificate2 = ((X509ThumbPrintIdentifier) obj2).getCertificate();
                }
                if (x509Certificate2 == null) {
                    x509Certificate2 = filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), XMLUtil.getDecodedBase64EncodedData(referenceValue), MessageConstants.THUMB_PRINT_TYPE);
                }
                asSoapElement = new X509SecurityToken((Document) sOAPPart, x509Certificate2).getAsSoapElement();
                try {
                    asSoapElement.removeAttribute(ConfigurationConstants.ENCODING_TYPE_ATTRIBUTE_NAME);
                } catch (DOMException e2) {
                    throw new XWSSecurityRuntimeException(e2.getMessage(), e2);
                }
            } else if (MessageConstants.EncryptedKeyIdentifier_NS.equals(valueType)) {
                asSoapElement = null;
            } else if (MessageConstants.WSSE_SAML_KEY_IDENTIFIER_VALUE_TYPE.equals(valueType) || MessageConstants.WSSE_SAML_v2_0_KEY_IDENTIFIER_VALUE_TYPE.equals(valueType)) {
                Element locateSAMLAssertion = securityTokenReference.getSamlAuthorityBinding() != null ? filterProcessingContext.getSecurityEnvironment().locateSAMLAssertion(filterProcessingContext.getExtraneousProperties(), securityTokenReference.getSamlAuthorityBinding(), referenceValue, securableSoapMessage.getSOAPPart()) : SAMLUtil.locateSamlAssertion(referenceValue, securableSoapMessage.getSOAPPart());
                asSoapElement = (Element) node.getOwnerDocument().importNode(locateSAMLAssertion, true);
                try {
                    tokenCache.put(referenceValue, AssertionUtil.fromElement(locateSAMLAssertion));
                } catch (Exception e3) {
                    throw new XWSSecurityException(e3);
                }
            } else {
                try {
                    element = resolveSAMLToken(securityTokenReference, referenceValue, filterProcessingContext);
                } catch (Exception e4) {
                }
                if (element == null) {
                    XWSSecurityException xWSSecurityException = new XWSSecurityException("WSS_DSIG0008:unsupported KeyIdentifier Reference Type " + valueType);
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, xWSSecurityException.getMessage(), xWSSecurityException);
                }
                asSoapElement = (Element) node.getOwnerDocument().importNode(element, true);
            }
        } else {
            if (!(reference instanceof X509IssuerSerial)) {
                throw new XWSSecurityException("Cannot handle reference mechanism: " + reference.getTagName());
            }
            BigInteger serialNumber = ((X509IssuerSerial) reference).getSerialNumber();
            String issuerName = ((X509IssuerSerial) reference).getIssuerName();
            X509Certificate x509Certificate3 = null;
            Object obj3 = tokenCache.get(issuerName + serialNumber);
            if (obj3 instanceof X509IssuerSerial) {
                x509Certificate3 = ((X509IssuerSerial) obj3).getCertificate();
            }
            if (x509Certificate3 == null) {
                x509Certificate3 = filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), serialNumber, issuerName);
            }
            asSoapElement = new X509SecurityToken((Document) sOAPPart, x509Certificate3).getAsSoapElement();
            try {
                asSoapElement.removeAttribute(ConfigurationConstants.ENCODING_TYPE_ATTRIBUTE_NAME);
            } catch (DOMException e5) {
                throw new XWSSecurityException(e5.getMessage(), e5);
            }
        }
        Attr createAttributeNS = node.getOwnerDocument().createAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns");
        createAttributeNS.setValue("");
        if (asSoapElement != null) {
            asSoapElement.setAttributeNodeNS(createAttributeNS);
        }
        return convertToData(asSoapElement, false);
    }

    private static Element resolveSAMLToken(SecurityTokenReference securityTokenReference, String str, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        Assertion assertion = (Assertion) filterProcessingContext.getTokenCache().get(str);
        if (assertion != null) {
            try {
                return SAMLUtil.toElement(filterProcessingContext.getSecurableSoapMessage().getSOAPPart(), assertion);
            } catch (Exception e) {
                throw new XWSSecurityException(e);
            }
        }
        Element locateSAMLAssertion = securityTokenReference.getSamlAuthorityBinding() != null ? filterProcessingContext.getSecurityEnvironment().locateSAMLAssertion(filterProcessingContext.getExtraneousProperties(), securityTokenReference.getSamlAuthorityBinding(), str, filterProcessingContext.getSOAPMessage().getSOAPPart()) : SAMLUtil.locateSamlAssertion(str, filterProcessingContext.getSOAPMessage().getSOAPPart());
        try {
            filterProcessingContext.getTokenCache().put(str, AssertionUtil.fromElement(locateSAMLAssertion));
            return locateSAMLAssertion;
        } catch (Exception e2) {
            throw new XWSSecurityException(e2);
        }
    }
}
