package com.sun.xml.wss.helpers;

import com.sun.appserv.management.util.misc.StringUtil;
import com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl;
import com.sun.org.apache.xml.security.c14n.helper.C14nHelper;
import com.sun.org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments;
import com.sun.org.apache.xml.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.security.transforms.Transform;
import com.sun.org.apache.xml.security.transforms.TransformSpi;
import com.sun.org.apache.xml.security.transforms.TransformationException;
import com.sun.org.apache.xml.security.utils.Base64;
import com.sun.org.apache.xpath.internal.XPathAPI;
import com.sun.xml.wss.MessageConstants;
import com.sun.xml.wss.ReferenceElement;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.SecurityTokenReference;
import com.sun.xml.wss.X509SecurityToken;
import com.sun.xml.wss.XMLUtil;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.XWSSecurityRuntimeException;
import com.sun.xml.wss.reference.DirectReference;
import com.sun.xml.wss.reference.KeyIdentifier;
import com.sun.xml.wss.reference.X509IssuerSerial;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFactory;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Attr;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.DocumentTraversal;
import org.w3c.dom.traversal.NodeFilter;
import org.w3c.dom.traversal.TreeWalker;

/* loaded from: input_file:119167-17/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/helpers/TransformSTR.class */
public class TransformSTR extends TransformSpi {
    public static final String implementedTransformURI = "http://schemas.xmlsoap.org/2003/06/STR-Transform";
    private SecurableSoapMessage secureMessage;
    private Document soapDocument;
    private boolean isXMLToken;
    private static SOAPFactory soapFactory;
    protected static Logger log = Logger.getLogger("javax.enterprise.resource.webservices.security", "com.sun.xml.wss.LogStrings");

    /* loaded from: input_file:119167-17/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/helpers/TransformSTR$AlwaysAcceptNodeFilter.class */
    public class AlwaysAcceptNodeFilter implements NodeFilter {
        private final TransformSTR this$0;

        public AlwaysAcceptNodeFilter(TransformSTR transformSTR) {
            this.this$0 = transformSTR;
        }

        @Override // org.w3c.dom.traversal.NodeFilter
        public short acceptNode(Node node) {
            return (short) 1;
        }
    }

    @Override // com.sun.org.apache.xml.security.transforms.TransformSpi
    protected String engineGetURI() {
        return implementedTransformURI;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sun.org.apache.xml.security.transforms.TransformSpi
    public void setTransform(Transform transform) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sun.org.apache.xml.security.transforms.TransformSpi
    public XMLSignatureInput enginePerformTransform(XMLSignatureInput xMLSignatureInput) throws TransformationException {
        try {
            Document ownerDocument = getOwnerDocument(xMLSignatureInput.getNodeSet());
            this.soapDocument = ownerDocument;
            this.secureMessage = SecurableSoapMessage.getDocMessageAssociation(ownerDocument);
            DocumentBuilderFactoryImpl documentBuilderFactoryImpl = new DocumentBuilderFactoryImpl();
            documentBuilderFactoryImpl.setNamespaceAware(true);
            Document parse = documentBuilderFactoryImpl.newDocumentBuilder().parse(xMLSignatureInput.getOctetStream());
            DocumentTraversal documentTraversal = (DocumentTraversal) parse;
            AlwaysAcceptNodeFilter alwaysAcceptNodeFilter = new AlwaysAcceptNodeFilter(this);
            process(documentTraversal.createTreeWalker(parse, -1, alwaysAcceptNodeFilter, true));
            Document parse2 = documentBuilderFactoryImpl.newDocumentBuilder().parse(new ByteArrayInputStream(new Canonicalizer20010315ExclOmitComments().engineCanonicalizeXPathNodeSet(new XMLSignatureInput(parse).getNodeSet())));
            TreeWalker createTreeWalker = ((DocumentTraversal) parse2).createTreeWalker(parse2, -1, alwaysAcceptNodeFilter, true);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream, "UTF8");
            writeBytesForDigestion(createTreeWalker, outputStreamWriter);
            outputStreamWriter.flush();
            outputStreamWriter.close();
            return new XMLSignatureInput(byteArrayOutputStream.toByteArray());
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0605.str.transform.exception", e.getMessage());
            throw new TransformationException(e.getMessage(), e);
        }
    }

    @Override // com.sun.org.apache.xml.security.transforms.TransformSpi
    public boolean wantsOctetStream() {
        return true;
    }

    @Override // com.sun.org.apache.xml.security.transforms.TransformSpi
    public boolean wantsNodeSet() {
        return true;
    }

    @Override // com.sun.org.apache.xml.security.transforms.TransformSpi
    public boolean returnsOctetStream() {
        return true;
    }

    @Override // com.sun.org.apache.xml.security.transforms.TransformSpi
    public boolean returnsNodeSet() {
        return false;
    }

    private void process(TreeWalker treeWalker) throws DOMException, XWSSecurityException {
        Node currentNode = treeWalker.getCurrentNode();
        while (true) {
            Node node = currentNode;
            if (node == null) {
                return;
            }
            if (node.getNodeType() == 1) {
                if (node.getLocalName().equals(MessageConstants.WSSE_SECURITY_TOKEN_REFERENCE_LNAME) && node.getNamespaceURI().equals(MessageConstants.WSSE_NS)) {
                    node.getParentNode().replaceChild(derefSecurityTokenReference(node), node);
                } else {
                    treeWalker.setCurrentNode(treeWalker.firstChild());
                    process(treeWalker);
                }
            } else if (node.getNodeType() == 9) {
                treeWalker.setCurrentNode(treeWalker.firstChild());
                process(treeWalker);
            }
            treeWalker.setCurrentNode(node);
            currentNode = treeWalker.nextSibling();
        }
    }

    private Document getOwnerDocument(Set set) throws TransformationException {
        if (!set.isEmpty()) {
            return ((Node) set.iterator().next()).getOwnerDocument();
        }
        log.log(Level.SEVERE, "WSS0606.str.transform.exception");
        throw new TransformationException();
    }

    private Node derefSecurityTokenReference(Node node) throws XWSSecurityException {
        SOAPElement asSoapElement;
        ReferenceElement reference = new SecurityTokenReference(XMLUtil.convertToSoapElement(this.soapDocument, (Element) node)).getReference();
        if (reference instanceof DirectReference) {
            this.isXMLToken = true;
            String substring = ((DirectReference) reference).getURI().substring(1);
            try {
                asSoapElement = locateSamlAssertion(substring);
            } catch (Exception e) {
                asSoapElement = this.secureMessage.getToken(substring).getAsSoapElement();
            }
        } else if (reference instanceof KeyIdentifier) {
            String valueType = ((KeyIdentifier) reference).getValueType();
            String referenceValue = ((KeyIdentifier) reference).getReferenceValue();
            if (MessageConstants.X509SubjectKeyIdentifier_NS.equals(valueType)) {
                this.isXMLToken = false;
                asSoapElement = new X509SecurityToken(this.soapDocument, this.secureMessage.getSecurityEnvironment().getCertificate(getDecodedBase64EncodedData(referenceValue))).getAsSoapElement();
                try {
                    asSoapElement.removeAttribute("EncodingType");
                } catch (DOMException e2) {
                    log.log(Level.SEVERE, "WSS0607.str.transform.exception");
                    throw new XWSSecurityRuntimeException(e2.getMessage(), e2);
                }
            } else {
                if (!MessageConstants.WSSE_SAML_KEY_IDENTIFIER_VALUE_TYPE.equals(valueType)) {
                    log.log(Level.SEVERE, "WSS0334.unsupported.keyidentifier");
                    XWSSecurityException xWSSecurityException = new XWSSecurityException(new StringBuffer().append("WSS0334:unsupported KeyIdentifier Reference Type: ").append(valueType).toString());
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, xWSSecurityException.getMessage(), xWSSecurityException);
                }
                this.isXMLToken = true;
                asSoapElement = locateSamlAssertion(referenceValue);
            }
        } else {
            if (!(reference instanceof X509IssuerSerial)) {
                log.log(Level.SEVERE, "WSS0608.illegal.reference.mechanism");
                throw new XWSSecurityException(new StringBuffer().append("Cannot handle reference mechanism: ").append(reference.getTagName()).toString());
            }
            this.isXMLToken = false;
            asSoapElement = new X509SecurityToken(this.soapDocument, this.secureMessage.getSecurityEnvironment().getCertificate(((X509IssuerSerial) reference).getSerialNumber(), ((X509IssuerSerial) reference).getIssuerName())).getAsSoapElement();
            try {
                asSoapElement.removeAttribute("EncodingType");
            } catch (DOMException e3) {
                log.log(Level.SEVERE, "WSS0607.str.transform.exception");
                throw new XWSSecurityException(e3.getMessage(), e3);
            }
        }
        return node.getOwnerDocument().importNode(asSoapElement, true);
    }

    private void writeBytesForDigestion(TreeWalker treeWalker, Writer writer) throws Exception {
        Node currentNode = treeWalker.getCurrentNode();
        while (true) {
            Node node = currentNode;
            if (node == null) {
                return;
            }
            switch (node.getNodeType()) {
                case 1:
                    writer.write("<");
                    writer.write(((Element) node).getTagName());
                    writeElementAttributes((Element) node, writer);
                    writer.write(">");
                    Node firstChild = treeWalker.firstChild();
                    if (firstChild != null) {
                        treeWalker.setCurrentNode(firstChild);
                        writeBytesForDigestion(treeWalker, writer);
                    }
                    writer.write("</");
                    writer.write(((Element) node).getTagName());
                    writer.write(">");
                    break;
                case 3:
                    String nodeValue = node.getNodeValue();
                    Element element = (Element) node.getParentNode();
                    if (!element.getLocalName().equals(MessageConstants.WSSE_BINARY_SECURITY_TOKEN_LNAME) || !element.getNamespaceURI().equals(MessageConstants.WSSE_NS) || this.isXMLToken) {
                        if (!this.isXMLToken) {
                            log.log(Level.SEVERE, "WSS0609.unknown.referenced.token");
                            XWSSecurityException xWSSecurityException = new XWSSecurityException("The referenced token is not an XML Token and also not a Raw Binary Security Token");
                            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, xWSSecurityException.getMessage(), xWSSecurityException);
                        }
                        writer.write(nodeValue);
                        break;
                    } else {
                        StringBuffer stringBuffer = new StringBuffer();
                        for (int i = 0; i < nodeValue.length(); i++) {
                            char charAt = nodeValue.charAt(i);
                            if (charAt != '\n') {
                                stringBuffer.append(charAt);
                            }
                        }
                        writer.write(stringBuffer.toString());
                        break;
                    }
                case 9:
                    treeWalker.setCurrentNode(treeWalker.firstChild());
                    writeBytesForDigestion(treeWalker, writer);
                    break;
            }
            treeWalker.setCurrentNode(node);
            currentNode = treeWalker.nextSibling();
        }
    }

    private void writeElementAttributes(Element element, Writer writer) throws Exception {
        Document ownerDocument = element.getOwnerDocument();
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        Vector vector = new Vector();
        for (int i = 0; i < length; i++) {
            vector.add((Attr) attributes.item(i));
        }
        if (element.getParentNode() instanceof Document) {
            Attr createAttributeNS = ownerDocument.createAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns");
            createAttributeNS.setValue("");
            vector.add(createAttributeNS);
        }
        Object[] sortAttributes = C14nHelper.sortAttributes(vector.toArray());
        for (int i2 = 0; i2 < sortAttributes.length; i2++) {
            outputAttrToWriter(writer, ((Attr) sortAttributes[i2]).getNodeName(), ((Attr) sortAttributes[i2]).getNodeValue());
        }
    }

    private void outputAttrToWriter(Writer writer, String str, String str2) throws IOException {
        writer.write(" ");
        writer.write(str);
        writer.write("=\"");
        writer.write(str2);
        writer.write(StringUtil.QUOTE);
    }

    private SOAPElement locateSamlAssertion(String str) throws XWSSecurityException {
        try {
            SOAPElement createElement = soapFactory.createElement("namespaceContext");
            createElement.addNamespaceDeclaration(MessageConstants.SAML_PREFIX, MessageConstants.SAML_v1_0_NS);
            NodeList selectNodeList = XPathAPI.selectNodeList(this.soapDocument, new StringBuffer().append("//saml:Assertion[@AssertionID=\"").append(str).append("\"]").toString(), createElement);
            int length = selectNodeList.getLength();
            if (length > 1) {
                throw new XWSSecurityException("The SAML Assertion Id given is not unique");
            }
            if (length == 0) {
                throw new XWSSecurityException(new StringBuffer().append("No SAML Assertion found with  AssertionID = ").append(str).toString());
            }
            return XMLUtil.convertToSoapElement(this.soapDocument, (Element) selectNodeList.item(0));
        } catch (SOAPException e) {
            throw new XWSSecurityException(e);
        } catch (TransformerException e2) {
            throw new XWSSecurityException(e2);
        }
    }

    private static byte[] getDecodedBase64EncodedData(String str) throws XWSSecurityException {
        try {
            return Base64.decode(str);
        } catch (Base64DecodingException e) {
            log.log(Level.SEVERE, "WSS0144.unableto.decode.base64.data", e.getMessage());
            throw new XWSSecurityException("Unable to decode Base64 encoded data", e);
        }
    }

    static {
        soapFactory = null;
        try {
            soapFactory = SOAPFactory.newInstance();
        } catch (SOAPException e) {
        }
    }
}
