package org.apache.ws.security.message;

import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.transform.STRTransform;
import org.apache.ws.security.util.WSSecurityUtil;
import org.eclipse.osgi.internal.signedcontent.SignedContentConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:wlp/lib/com.ibm.ws.wss4j.1.6.7_1.0.14.jar:org/apache/ws/security/message/WSSecDKSign.class */
public class WSSecDKSign extends WSSecDerivedKeyBase {
    private static Log log = LogFactory.getLog(WSSecDKSign.class);
    private String sigAlgo;
    private String digestAlgo;
    private String canonAlgo;
    private byte[] signatureValue;
    private String keyInfoUri;
    private SecurityTokenReference secRef;
    private String strUri;
    private WSDocInfo wsDocInfo;
    private KeyInfoFactory keyInfoFactory;
    private XMLSignatureFactory signatureFactory;
    private XMLSignature sig;
    private KeyInfo keyInfo;
    private CanonicalizationMethod c14nMethod;
    private Element securityHeader;

    public WSSecDKSign() {
        this.sigAlgo = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
        this.digestAlgo = "http://www.w3.org/2000/09/xmldsig#sha1";
        this.canonAlgo = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.signatureValue = null;
        this.keyInfoUri = null;
        this.secRef = null;
        this.strUri = null;
        this.securityHeader = null;
        init();
    }

    public WSSecDKSign(WSSConfig wSSConfig) {
        super(wSSConfig);
        this.sigAlgo = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
        this.digestAlgo = "http://www.w3.org/2000/09/xmldsig#sha1";
        this.canonAlgo = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.signatureValue = null;
        this.keyInfoUri = null;
        this.secRef = null;
        this.strUri = null;
        this.securityHeader = null;
        init();
    }

    private void init() {
        try {
            this.signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
        } catch (NoSuchProviderException e) {
            this.signatureFactory = XMLSignatureFactory.getInstance("DOM");
        }
        try {
            this.keyInfoFactory = KeyInfoFactory.getInstance("DOM", "ApacheXMLDSig");
        } catch (NoSuchProviderException e2) {
            this.keyInfoFactory = KeyInfoFactory.getInstance("DOM");
        }
    }

    public Document build(Document document, WSSecHeader wSSecHeader) throws WSSecurityException, ConversationException {
        prepare(document, wSSecHeader);
        String sOAPNamespace = WSSecurityUtil.getSOAPNamespace(document.getDocumentElement());
        if (this.parts == null) {
            this.parts = new ArrayList(1);
            this.parts.add(new WSEncryptionPart("Body", sOAPNamespace, "Content"));
        } else {
            for (WSEncryptionPart wSEncryptionPart : this.parts) {
                if ("STRTransform".equals(wSEncryptionPart.getName()) && wSEncryptionPart.getId() == null) {
                    wSEncryptionPart.setId(this.strUri);
                }
            }
        }
        computeSignature(addReferencesToSign(this.parts, wSSecHeader));
        prependDKElementToHeader(wSSecHeader);
        return document;
    }

    public void prepare(Document document, WSSecHeader wSSecHeader) throws WSSecurityException, ConversationException {
        super.prepare(document);
        this.wsDocInfo = new WSDocInfo(document);
        this.securityHeader = wSSecHeader.getSecurityHeader();
        this.sig = null;
        try {
            ExcC14NParameterSpec excC14NParameterSpec = null;
            if (getWsConfig().isWsiBSPCompliant() && this.canonAlgo.equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
                excC14NParameterSpec = new ExcC14NParameterSpec(getInclusivePrefixes(wSSecHeader.getSecurityHeader(), false));
            }
            this.c14nMethod = this.signatureFactory.newCanonicalizationMethod(this.canonAlgo, excC14NParameterSpec);
            this.keyInfoUri = getWsConfig().getIdAllocator().createSecureId("KI-", this.keyInfo);
            this.secRef = new SecurityTokenReference(document);
            this.strUri = getWsConfig().getIdAllocator().createSecureId("STR-", this.secRef);
            this.secRef.setID(this.strUri);
            Reference reference = new Reference(this.document);
            reference.setURI("#" + this.dktId);
            reference.setValueType(ConversationConstants.getWSCNs(getWscVersion()) + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN);
            this.secRef.setReference(reference);
            DOMStructure dOMStructure = new DOMStructure(this.secRef.getElement());
            this.wsDocInfo.addTokenElement(this.secRef.getElement(), false);
            this.keyInfo = this.keyInfoFactory.newKeyInfo(Collections.singletonList(dOMStructure), this.keyInfoUri);
        } catch (Exception e) {
            log.error("", e);
            throw new WSSecurityException(10, "noXMLSig", null, e);
        }
    }

    public Element getSignatureElement() {
        return WSSecurityUtil.getDirectChildElement(this.securityHeader, "Signature", "http://www.w3.org/2000/09/xmldsig#");
    }

    public List<javax.xml.crypto.dsig.Reference> addReferencesToSign(List<WSEncryptionPart> list, WSSecHeader wSSecHeader) throws WSSecurityException {
        return addReferencesToSign(this.document, list, this.wsDocInfo, this.signatureFactory, wSSecHeader, getWsConfig(), this.digestAlgo);
    }

    public void computeSignature(List<javax.xml.crypto.dsig.Reference> list) throws WSSecurityException {
        computeSignature(list, true, null);
    }

    public void computeSignature(List<javax.xml.crypto.dsig.Reference> list, boolean z, Element element) throws WSSecurityException {
        DOMSignContext dOMSignContext;
        try {
            SecretKey prepareSecretKey = WSSecurityUtil.prepareSecretKey(this.sigAlgo, this.derivedKeyBytes);
            this.sig = this.signatureFactory.newXMLSignature(this.signatureFactory.newSignedInfo(this.c14nMethod, this.signatureFactory.newSignatureMethod(this.sigAlgo, null), list), this.keyInfo, null, getWsConfig().getIdAllocator().createId(SignedContentConstants.SIG_DASH, null), null);
            if (z) {
                if (element == null) {
                    element = (Element) this.securityHeader.getFirstChild();
                }
                dOMSignContext = element == null ? new DOMSignContext(prepareSecretKey, this.securityHeader) : new DOMSignContext(prepareSecretKey, this.securityHeader, element);
            } else {
                dOMSignContext = new DOMSignContext(prepareSecretKey, this.securityHeader);
            }
            dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            if ("http://www.w3.org/2001/10/xml-exc-c14n#".equals(this.canonAlgo)) {
                dOMSignContext.putNamespacePrefix("http://www.w3.org/2001/10/xml-exc-c14n#", WSConstants.C14N_EXCL_OMIT_COMMENTS_PREFIX);
            }
            dOMSignContext.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, this.wsDocInfo);
            this.wsDocInfo.setCallbackLookup(this.callbackLookup);
            this.wsDocInfo.setTokensOnContext(dOMSignContext);
            if (this.secRef != null && this.secRef.getElement() != null) {
                WSSecurityUtil.storeElementInContext(dOMSignContext, this.secRef.getElement());
            }
            this.sig.sign(dOMSignContext);
            this.signatureValue = this.sig.getSignatureValue().getValue();
        } catch (Exception e) {
            log.error(e);
            throw new WSSecurityException(10, null, null, e);
        }
    }

    @Override // org.apache.ws.security.message.WSSecDerivedKeyBase
    protected int getDerivedKeyLength() throws WSSecurityException {
        return this.derivedKeyLength > 0 ? this.derivedKeyLength : WSSecurityUtil.getKeyLength(this.sigAlgo);
    }

    public void setSignatureAlgorithm(String str) {
        this.sigAlgo = str;
    }

    public String getSignatureAlgorithm() {
        return this.sigAlgo;
    }

    public String getSignatureId() {
        if (this.sig == null) {
            return null;
        }
        return this.sig.getId();
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlgo = str;
    }

    public String getDigestAlgorithm() {
        return this.digestAlgo;
    }

    public byte[] getSignatureValue() {
        return this.signatureValue;
    }

    public void setSigCanonicalization(String str) {
        this.canonAlgo = str;
    }

    public String getSigCanonicalization() {
        return this.canonAlgo;
    }
}
