package com.ibm.xml.soap.security.dsig;

import com.ibm.trl.soap.SOAPHeaderEntry;
import com.ibm.trl.soapimpl.SOAPDocumentImpl;
import com.ibm.trl.util.Logger;
import com.ibm.trl.util.xml.XPathProcessor;
import com.ibm.websphere.pmi.reqmetrics.PmiReqMetrics;
import com.ibm.ws.webservices.wssecurity.audit.WSSAuditEventGenerator;
import com.ibm.ws.wssecurity.xss4j.domutil.XPathCanonicalizer;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.ws.wssecurity.xss4j.dsig.SignatureStructureException;
import com.ibm.ws.wssecurity.xss4j.dsig.XSignatureException;
import com.ibm.xml.soap.security.dsig.AlgorithmChecker;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Reader;
import java.io.Writer;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.apache.soap.Constants;
import org.apache.soap.SOAPException;
import org.eclipse.wst.common.internal.emf.resource.DefaultTranslatorFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/xml/soap/security/dsig/SOAPVerifier.class */
public class SOAPVerifier extends SOAPSignatureHandler {
    private static final String XPATH_ENCODING = ".//*/@Encoding";
    private String verifierActorURI;
    private AlgorithmChecker algorithmChecker;
    private AuthenticatedPartsChecker authenticatedPartsChecker;
    private List defaultPublicKeys;
    private List soapDSigLoggers;
    private PKIXChecker pkixChecker;
    private static final String ALGORITHM = "LDAP";
    private static final String XPATH_CONFIG = "/" + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "SOAPVerifierConfig");
    private static final String XPATH_ACTOR = XPATH_CONFIG + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "SOAPActor");
    private static final String XPATH_ALLOWEDALGORITHMS = XPATH_CONFIG + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "AllowedAlgorithms");
    private static final String XPATH_ALGORITHM = XPATH_ALLOWEDALGORITHMS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", WSSAuditEventGenerator.ALGORITHM);
    private static final String XPATH_DEFAULTVERIFICATIONKEYS = XPATH_CONFIG + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "DefaultVerificationKeys");
    private static final String XPATH_DEFAULTPUBLICKEY = XPATH_DEFAULTVERIFICATIONKEYS + '/' + XPathProcessor.getXPath("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
    private static final String XPATH_REQUIREDAUTHENTICATEDPARTS = XPATH_CONFIG + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "RequiredAuthenticatedParts");
    private static final String XPATH_REFERENCE = XPATH_REQUIREDAUTHENTICATEDPARTS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "Reference");
    private static final String XPATH_PART = XPATH_REFERENCE + "/@part";
    private static final String XPATH_PKIXPARAMETERS = XPATH_CONFIG + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "PKIXParameters");
    private static final String XPATH_TRUSTANCHORLIST = XPATH_PKIXPARAMETERS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "TrustAnchorList");
    private static final String XPATH_TRUSTANCHOR = XPATH_TRUSTANCHORLIST + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "TrustAnchor");
    private static final String XPATH_TRUSTANCHOR_KEYINFO = XPATH_TRUSTANCHOR + '/' + XPathProcessor.getXPath("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
    private static final String XPATH_TRUSTANCHOR_KEYSTORE = XPATH_TRUSTANCHOR + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "KeyStore");
    private static final String XPATH_TRUSTEDROOTLIST = XPATH_PKIXPARAMETERS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "TrustedRootList");
    private static final String XPATH_TRUSTEDROOT = XPATH_TRUSTEDROOTLIST + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "TrustedRoot");
    private static final String XPATH_TRUSTEDROOT_KEYINFO = XPATH_TRUSTEDROOT + '/' + XPathProcessor.getXPath("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
    private static final String XPATH_TRUSTEDROOT_KEYSTORE = XPATH_TRUSTEDROOT + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "KeyStore");
    private static final String XPATH_INITIALPOLICIES = XPATH_PKIXPARAMETERS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "InitialPolicies");
    private static final String XPATH_CERTIFICATEPOLICY = XPATH_INITIALPOLICIES + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "CertificatePolicy");
    private static final String XPATH_POLICYMAPPINGINHIBITED = XPATH_PKIXPARAMETERS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "PolicyMappingInhibited");
    private static final String XPATH_EXPLICITPOLICYREQUIRED = XPATH_PKIXPARAMETERS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "ExplicitPolicyRequired");
    private static final String XPATH_REVOCATIONENABLED = XPATH_PKIXPARAMETERS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "RevocationEnabled");
    private static final String XPATH_TARGETKEYUSAGE = XPATH_PKIXPARAMETERS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "TargetKeyUsage");
    private static final String XPATH_KEYUSAGE = XPATH_TARGETKEYUSAGE + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "KeyUsage");
    private static final String XPATH_TARGETEXTENDEDKEYUSAGE = XPATH_PKIXPARAMETERS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "TargetExtendedKeyUsage");
    private static final String XPATH_EXTENDEDKEYUSAGE = XPATH_TARGETEXTENDEDKEYUSAGE + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "ExtendedKeyUsage");
    private static final String XPATH_CERTSTORELIST = XPATH_PKIXPARAMETERS + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "CertStoreList");
    private static final String XPATH_LDAPCERTSTORE = XPATH_CERTSTORELIST + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "LDAPCertStore");
    private static final String XPATH_LDAPSERVER = XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "LDAPServer");
    private static final String XPATH_COLLECTIONCERTSTORE = XPATH_CERTSTORELIST + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "CollectionCertStore");
    private static final String XPATH_X509CERTIFICATE = XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "X509Certificate");
    private static final String XPATH_CANONICALIZATIONMETHOD = ".//" + XPathProcessor.getXPath("http://www.w3.org/2000/09/xmldsig#", "CanonicalizationMethod");
    private static final String XPATH_SIGNATUREMETHOD = ".//" + XPathProcessor.getXPath("http://www.w3.org/2000/09/xmldsig#", "SignatureMethod");
    private static final String XPATH_DIGESTMETHOD = ".//" + XPathProcessor.getXPath("http://www.w3.org/2000/09/xmldsig#", "DigestMethod");
    private static final String XPATH_TRANSFORM = ".//" + XPathProcessor.getXPath("http://www.w3.org/2000/09/xmldsig#", "Transform");
    private static final String XPATH_LOG = XPATH_CONFIG + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "Log");
    private static final String XPATH_SOAPDSIGLOGGER = XPATH_LOG + '/' + XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "SOAPDSigLogger");
    private static final Map KEY_USAGE_TABLE = new HashMap();

    @Override // com.ibm.xml.soap.transport.AbstractSOAPHandler
    public void initialize(InputSource inputSource) throws SOAPException {
        Document loadDocument = loadDocument(inputSource, false);
        this.verifierActorURI = getActorURI(loadDocument);
        Logger.normal("Verifier actor URI: " + this.verifierActorURI, 3);
        this.algorithmChecker = getAlgorithmChecker(loadDocument);
        this.authenticatedPartsChecker = getAuthenticatedPartsChecker(loadDocument);
        this.defaultPublicKeys = getDefaultPublicKeys(loadDocument);
        this.soapDSigLoggers = getSOAPDSigLoggers(loadDocument);
        this.pkixChecker = getPKIXChecker(loadDocument);
    }

    private String getActorURI(Document document) throws SOAPException {
        Element element;
        NodeList processXPath = processXPath(document, XPATH_ACTOR);
        return (processXPath == null || processXPath.getLength() < 1 || (element = (Element) processXPath.item(0)) == null) ? "" : element.getAttribute(PmiReqMetrics.URI_FILTER_TYPE);
    }

    private List getSOAPDSigLoggers(Document document) throws SOAPException {
        String str = null;
        try {
            LinkedList linkedList = new LinkedList();
            NodeList processXPath = processXPath(document, XPATH_SOAPDSIGLOGGER);
            int length = processXPath.getLength();
            for (int i = 0; i < length; i++) {
                Element element = (Element) processXPath.item(i);
                String attribute = element.getAttribute("class");
                str = attribute;
                Class<?> cls = Class.forName(attribute);
                SOAPDSigLogger sOAPDSigLogger = (SOAPDSigLogger) cls.newInstance();
                sOAPDSigLogger.init(element, this.home);
                linkedList.add(sOAPDSigLogger);
                Logger.normal("SOAPDSigLogger: class='" + cls.getName() + "' params='" + new String(XPathCanonicalizer.serializeSubset(element, true)) + "' instance='" + sOAPDSigLogger + "'", 3);
            }
            return linkedList;
        } catch (ClassNotFoundException e) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, "Can't load class: '" + str + "', please check your CLASSPATH and the class name.", e);
        } catch (IllegalAccessException e2) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, "Can't access to the constructor of " + str, e2);
        } catch (InstantiationException e3) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, "Can't instantiate '" + str + "'", e3);
        }
    }

    private AlgorithmChecker getAlgorithmChecker(Document document) throws SOAPException {
        AlgorithmChecker algorithmChecker = new AlgorithmChecker();
        NodeList processXPath = processXPath(document, XPATH_ALGORITHM);
        int length = processXPath.getLength();
        for (int i = 0; i < length; i++) {
            Element element = (Element) processXPath.item(i);
            algorithmChecker.add(new AlgorithmChecker.Algorithm(element.getAttribute("type"), element.getAttribute(PmiReqMetrics.URI_FILTER_TYPE)));
        }
        Logger.normal("Allowed Algorithms: " + algorithmChecker, 3);
        return algorithmChecker;
    }

    private AuthenticatedPartsChecker getAuthenticatedPartsChecker(Document document) throws SOAPException {
        AuthenticatedPartsChecker authenticatedPartsChecker = new AuthenticatedPartsChecker();
        NodeList processXPath = processXPath(document, XPATH_PART);
        int length = processXPath.getLength();
        for (int i = 0; i < length; i++) {
            authenticatedPartsChecker.setFlag(processXPath.item(i).getNodeValue());
        }
        Logger.normal("Required Authenticated Parts: " + authenticatedPartsChecker, 3);
        return authenticatedPartsChecker;
    }

    private List getDefaultPublicKeys(Document document) throws SOAPException {
        LinkedList linkedList = new LinkedList();
        NodeList processXPath = processXPath(document, XPATH_DEFAULTPUBLICKEY);
        int length = processXPath.getLength();
        for (int i = 0; i < length; i++) {
            linkedList.add(createKeyInfo((Element) processXPath.item(i)));
        }
        return linkedList;
    }

    private static boolean checkOID(String str) {
        for (int i = 0; i < str.length(); i++) {
            if (".0123456789".indexOf(str.charAt(i)) < 0) {
                return false;
            }
        }
        return true;
    }

    private PKIXChecker getPKIXChecker(Document document) throws SOAPException {
        PKIXChecker pKIXChecker;
        NodeList processXPath = processXPath(document, XPATH_TRUSTANCHOR_KEYSTORE);
        NodeList processXPath2 = processXPath(document, XPATH_TRUSTEDROOT_KEYSTORE);
        if (processXPath.getLength() != 0) {
            pKIXChecker = new PKIXChecker(getKeyStore((Element) processXPath.item(0)));
        } else if (processXPath2.getLength() != 0) {
            pKIXChecker = new PKIXChecker(getKeyStore((Element) processXPath2.item(0)));
        } else {
            HashSet hashSet = new HashSet();
            NodeList processXPath3 = processXPath(document, XPATH_TRUSTANCHOR_KEYINFO);
            int length = processXPath3.getLength();
            for (int i = 0; i < length; i++) {
                for (KeyInfo.X509Data x509Data : createKeyInfo((Element) processXPath3.item(i)).getX509Data()) {
                    for (X509Certificate x509Certificate : x509Data.getCertificates()) {
                        hashSet.add(x509Certificate);
                    }
                }
            }
            NodeList processXPath4 = processXPath(document, XPATH_TRUSTEDROOT_KEYINFO);
            int length2 = processXPath4.getLength();
            for (int i2 = 0; i2 < length2; i2++) {
                for (KeyInfo.X509Data x509Data2 : createKeyInfo((Element) processXPath4.item(i2)).getX509Data()) {
                    for (X509Certificate x509Certificate2 : x509Data2.getCertificates()) {
                        hashSet.add(x509Certificate2);
                    }
                }
            }
            pKIXChecker = new PKIXChecker(hashSet);
        }
        PKIXBuilderParameters template = pKIXChecker.getTemplate();
        NodeList processXPath5 = processXPath(document, XPATH_CERTIFICATEPOLICY + "/text()");
        int length3 = processXPath5.getLength();
        if (length3 != 0) {
            HashSet hashSet2 = new HashSet();
            for (int i3 = 0; i3 < length3; i3++) {
                hashSet2.add(processXPath5.item(i3).getNodeValue().trim());
            }
            template.setInitialPolicies(hashSet2);
        }
        template.setPolicyMappingInhibited(evalFlag(document, XPATH_POLICYMAPPINGINHIBITED));
        template.setExplicitPolicyRequired(evalFlag(document, XPATH_EXPLICITPOLICYREQUIRED));
        template.setRevocationEnabled(evalFlag(document, XPATH_REVOCATIONENABLED));
        X509CertSelector x509CertSelector = (X509CertSelector) template.getTargetCertConstraints();
        boolean[] zArr = {false, false, false, false, false, false, false, false, false};
        NodeList processXPath6 = processXPath(document, XPATH_KEYUSAGE + "/text()");
        int length4 = processXPath6.getLength();
        for (int i4 = 0; i4 < length4; i4++) {
            enableKeyUsage(processXPath6.item(i4).getNodeValue().trim(), zArr);
        }
        if (Logger.getLevel() == 3) {
            HashSet hashSet3 = new HashSet(zArr.length);
            for (boolean z : zArr) {
                hashSet3.add(z ? "1" : "0");
            }
            Logger.normal("Key Usage: " + hashSet3, 3);
        }
        x509CertSelector.setKeyUsage(zArr);
        HashSet hashSet4 = new HashSet();
        NodeList processXPath7 = processXPath(document, XPATH_EXTENDEDKEYUSAGE + "/text()");
        int length5 = processXPath7.getLength();
        for (int i5 = 0; i5 < length5; i5++) {
            String trim = processXPath7.item(i5).getNodeValue().trim();
            if (checkOID(trim)) {
                hashSet4.add(trim);
            } else {
                Logger.normal("OID is needed in an ExtendedKeyUsage element: " + trim, 3);
            }
        }
        try {
            Logger.normal("Extended Key Usage: " + hashSet4, 3);
            x509CertSelector.setExtendedKeyUsage(hashSet4);
            NodeList processXPath8 = processXPath(document, XPATH_LDAPCERTSTORE);
            int length6 = processXPath8.getLength();
            for (int i6 = 0; i6 < length6; i6++) {
                Element element = (Element) processXPath8.item(i6);
                CertStore createLDAPCertStore = createLDAPCertStore(processXPath(element, XPATH_LDAPSERVER + "/@host").item(0).getNodeValue(), Integer.parseInt(processXPath(element, XPATH_LDAPSERVER + "/@port").item(0).getNodeValue()), element.getAttribute("provider"));
                if (createLDAPCertStore != null) {
                    template.addCertStore(createLDAPCertStore);
                }
            }
            NodeList processXPath9 = processXPath(document, XPATH_COLLECTIONCERTSTORE);
            int length7 = processXPath9.getLength();
            HashMap hashMap = new HashMap();
            for (int i7 = 0; i7 < length7; i7++) {
                Element element2 = (Element) processXPath9.item(i7);
                String attribute = element2.getAttribute("provider");
                CertificateFactory certificateFactory = (CertificateFactory) hashMap.get(attribute);
                if (certificateFactory == null) {
                    certificateFactory = createCertificateFactory(attribute);
                    hashMap.put(attribute, certificateFactory);
                }
                template.addCertStore(createCollectionCertStore(processXPath(element2, XPATH_X509CERTIFICATE + "/@href"), certificateFactory, attribute));
            }
            return pKIXChecker;
        } catch (IOException e) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Invalid Extended Key Usage: " + hashSet4, e);
        }
    }

    private void verify(SOAPHeaderEntry sOAPHeaderEntry) throws SOAPException {
        Element signatureElement = this.soapSignature.getSignatureElement(sOAPHeaderEntry);
        checkAlgorithm(signatureElement, XPATH_CANONICALIZATIONMETHOD);
        checkAlgorithm(signatureElement, XPATH_SIGNATUREMETHOD);
        checkAlgorithm(signatureElement, XPATH_DIGESTMETHOD);
        checkAlgorithm(signatureElement, XPATH_TRANSFORM);
        checkEncoding(signatureElement);
        this.authenticatedPartsChecker.check(this.soapSignature.getIDResolver(), signatureElement);
        if (signatureElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo").getLength() != 0) {
            checkValidity(sOAPHeaderEntry);
            return;
        }
        Node node = null;
        Iterator it = this.defaultPublicKeys.iterator();
        int i = 1;
        while (it.hasNext()) {
            Element element = (Element) signatureElement.getOwnerDocument().importNode(((KeyInfo) it.next()).getKeyInfo(), true);
            String prefix = element.getPrefix();
            String str = prefix == null ? "xmlns" : DefaultTranslatorFactory.XMLNS + prefix;
            if ("".equals(element.getAttribute(str))) {
                element.setAttribute(str, "http://www.w3.org/2000/09/xmldsig#");
            }
            if (node == null) {
                signatureElement.appendChild(element);
            } else {
                signatureElement.replaceChild(element, node);
            }
            int i2 = i;
            i++;
            Logger.normal("Trying validation by using the default key #" + i2, 0);
            Logger.normal("Target SOAP-SEC header: " + new String(XPathCanonicalizer.serializeSubset(sOAPHeaderEntry.getDOMEntity(), true)), 0);
            checkValidity(sOAPHeaderEntry);
            node = element;
        }
    }

    @Override // com.ibm.xml.soap.transport.EditorComponent
    public void edit(Reader reader, Writer writer) throws SOAPException {
        try {
            SOAPDocumentImpl sOAPDocumentImpl = new SOAPDocumentImpl(loadDocument(new InputSource(reader), false));
            boolean z = false;
            for (SOAPHeaderEntry sOAPHeaderEntry : this.soapSignature.getSignatureEntries(sOAPDocumentImpl)) {
                Logger.normal("Found a <SOAP-SEC:Signature>, verifying...", 0);
                try {
                    verify(sOAPHeaderEntry);
                    z = true;
                    break;
                } catch (Exception e) {
                    Logger.normal("Verification failed due to " + e.getClass().getName() + ": " + e.getMessage(), 0);
                    Logger.normal("Verification done", 0);
                }
            }
            Iterator it = this.soapDSigLoggers.iterator();
            if (!z) {
                while (it.hasNext()) {
                    ((SOAPDSigLogger) it.next()).verificationFailed(sOAPDocumentImpl);
                }
                throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Invalid signature");
            }
            while (it.hasNext()) {
                ((SOAPDSigLogger) it.next()).verificationSucceeded(sOAPDocumentImpl);
            }
            XPathCanonicalizer.serializeAll(sOAPDocumentImpl.getDocument(), true, writer);
            writer.flush();
        } catch (IOException e2) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "IO error", e2);
        }
    }

    private void checkValidity(SOAPHeaderEntry sOAPHeaderEntry) throws SOAPException {
        try {
            if (this.soapSignature.verify(sOAPHeaderEntry, this.pkixChecker.check(this.soapSignature.getSignatureElement(sOAPHeaderEntry)))) {
            } else {
                throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Invalid signature");
            }
        } catch (CertificateException e) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Invalid certificate", e);
        } catch (SignatureStructureException e2) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Invalid signature element", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Unknown algorithm", e3);
        } catch (InvalidKeySpecException e4) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Invalid key spec", e4);
        }
    }

    private void checkAlgorithm(Element element, String str) throws SOAPException {
        Logger.normal("Checking algorithms...", 0);
        NodeList processXPath = processXPath(element, str);
        int length = processXPath.getLength();
        for (int i = 0; i < length; i++) {
            Element element2 = (Element) processXPath.item(i);
            AlgorithmChecker.Algorithm algorithm = new AlgorithmChecker.Algorithm(element2.getLocalName(), element2.getAttribute(WSSAuditEventGenerator.ALGORITHM));
            if (!this.algorithmChecker.check(algorithm)) {
                throw new SOAPException(Constants.FAULT_CODE_CLIENT, "" + algorithm + " is not allowed");
            }
        }
        Logger.normal("Checking algorithms, done.", 0);
    }

    private void checkEncoding(Element element) throws SOAPException {
        Logger.normal("Checking encoding...", 0);
        NodeList processXPath = processXPath(element, XPATH_ENCODING);
        int length = processXPath.getLength();
        for (int i = 0; i < length; i++) {
            AlgorithmChecker.Algorithm algorithm = new AlgorithmChecker.Algorithm(processXPath.item(i).getLocalName(), processXPath.item(i).getNodeValue());
            if (!this.algorithmChecker.check(algorithm)) {
                throw new SOAPException(Constants.FAULT_CODE_CLIENT, "" + algorithm + " is not allowed");
            }
        }
        Logger.normal("Checking encoding, done.", 0);
    }

    KeyInfo createKeyInfo(Element element) throws SOAPException {
        try {
            return new KeyInfo(element);
        } catch (XSignatureException e) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, "Invalid key spec: " + new String(XPathCanonicalizer.serializeSubset(element, true)), e);
        }
    }

    CertStore createLDAPCertStore(String str, int i, String str2) throws SOAPException {
        try {
            LDAPCertStoreParameters lDAPCertStoreParameters = new LDAPCertStoreParameters(str, i);
            if ("".equals(str2)) {
                CertStore.getInstance("LDAP", lDAPCertStoreParameters);
            } else {
                CertStore.getInstance("LDAP", lDAPCertStoreParameters, str2);
            }
            return null;
        } catch (InvalidAlgorithmParameterException e) {
            Logger.normal("LDAPCertStore: " + e.getMessage() + " host=" + str + " port=" + i, 4);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Unknown algorithm: LDAP", e2);
        } catch (NoSuchProviderException e3) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "No such provider: " + str2, e3);
        } catch (Exception e4) {
            Logger.normal("Ignore an error: LDAPCertStore: " + e4.getMessage() + " host=" + str + " port=" + i, 3);
            return null;
        }
    }

    CertStore createCollectionCertStore(NodeList nodeList, CertificateFactory certificateFactory, String str) throws SOAPException {
        HashSet hashSet = new HashSet();
        int length = nodeList.getLength();
        for (int i = 0; i < length; i++) {
            hashSet.add(loadX509Certificate(nodeList.item(i).getNodeValue(), certificateFactory));
        }
        try {
            CollectionCertStoreParameters collectionCertStoreParameters = new CollectionCertStoreParameters(hashSet);
            return "".equals(str) ? CertStore.getInstance("Collection", collectionCertStoreParameters) : CertStore.getInstance("Collection", collectionCertStoreParameters, str);
        } catch (InvalidAlgorithmParameterException e) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Can't create a CollectionCertStore", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Can't create a CollectionCertStore", e2);
        } catch (NoSuchProviderException e3) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "No such provider: " + str, e3);
        }
    }

    private X509Certificate loadX509Certificate(String str, CertificateFactory certificateFactory) throws SOAPException {
        try {
            File file = new File(this.home, str);
            str = file.getCanonicalPath();
            Logger.normal("Loading an X509Certificate: " + str, 3);
            return (X509Certificate) certificateFactory.generateCertificate(new FileInputStream(file));
        } catch (IOException e) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Can't open an X509Certificate file: " + str, e);
        } catch (CertificateException e2) {
            throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Invalid X509Certificate: " + str, e2);
        }
    }

    public static void main(String[] strArr) throws Exception {
        SOAPVerifier sOAPVerifier = new SOAPVerifier();
        sOAPVerifier.initialize(new InputSource(strArr[0]));
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(System.out);
        sOAPVerifier.edit(new FileReader(strArr[1]), outputStreamWriter);
        outputStreamWriter.flush();
        System.out.flush();
    }

    private CertificateFactory createCertificateFactory(String str) throws SOAPException {
        if (str != null) {
            try {
                if (!"".equals(str)) {
                    return CertificateFactory.getInstance("X.509", str);
                }
            } catch (NoSuchProviderException e) {
                throw new SOAPException(Constants.FAULT_CODE_CLIENT, "No such provider: " + str, e);
            } catch (CertificateException e2) {
                throw new SOAPException(Constants.FAULT_CODE_CLIENT, "Can't create an X.509 CertificateFactory", e2);
            }
        }
        return CertificateFactory.getInstance("X.509");
    }

    private void enableKeyUsage(String str, boolean[] zArr) throws SOAPException {
        Integer num = (Integer) KEY_USAGE_TABLE.get(str);
        if (num == null) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, "Unknown OID: '" + str + "'");
        }
        zArr[num.intValue()] = true;
    }

    static {
        int i = 0 + 1;
        KEY_USAGE_TABLE.put("DIGITAL_SIGNATURE", new Integer(0));
        int i2 = i + 1;
        KEY_USAGE_TABLE.put("NON_REPUDIATION", new Integer(i));
        int i3 = i2 + 1;
        KEY_USAGE_TABLE.put("KEY_ENCIPHERMENT", new Integer(i2));
        int i4 = i3 + 1;
        KEY_USAGE_TABLE.put("DATA_ENCHIPERMENT", new Integer(i3));
        int i5 = i4 + 1;
        KEY_USAGE_TABLE.put("KEY_AGREEMENT", new Integer(i4));
        int i6 = i5 + 1;
        KEY_USAGE_TABLE.put("KEY_CERT_SIGN", new Integer(i5));
        int i7 = i6 + 1;
        KEY_USAGE_TABLE.put("CRL_SIGN", new Integer(i6));
        int i8 = i7 + 1;
        KEY_USAGE_TABLE.put("ENCIPHER_ONLY", new Integer(i7));
        int i9 = i8 + 1;
        KEY_USAGE_TABLE.put("DECIPHER_ONLY", new Integer(i8));
    }
}
