package com.ibm.ws.webservices.wssecurity.dsig;

import com.ibm.ws.webservices.wssecurity.Constants;
import com.ibm.ws.webservices.wssecurity.KRBConstants;
import com.ibm.ws.webservices.wssecurity.keyinfo.KeyInfoConsumer;
import com.ibm.ws.webservices.wssecurity.util.DOMUtil;
import com.ibm.ws.webservices.wssecurity.util.IntegralDialectElementSelector;
import com.ibm.ws.wssecurity.xss4j.domutil.IndentConfig;
import com.ibm.ws.wssecurity.xss4j.domutil.XPathCanonicalizer;
import com.ibm.ws.wssecurity.xss4j.dsig.IDResolver;
import com.ibm.ws.wssecurity.xss4j.dsig.SignatureContext;
import com.ibm.ws.wssecurity.xss4j.dsig.Transform;
import com.ibm.ws.wssecurity.xss4j.dsig.TransformContext;
import com.ibm.ws.wssecurity.xss4j.dsig.TransformException;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import javax.xml.namespace.QName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:wasJars/was-wssecurity.jar:com/ibm/ws/webservices/wssecurity/dsig/STRDereferenceTransformer.class */
public class STRDereferenceTransformer extends Transform {
    private static final String comp = "security.wssecurity";
    public static final String STRT = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";
    private String _nsWsse = Constants.NS_WSSE;
    private String _nsWsu = Constants.NS_WSU;
    private Document _document;
    private IDResolver _idResolver;
    private STRDTKeyInfoResolver _kiResolver;
    private String _c14nMethod;
    private Hashtable _prefixList;
    private String _keyInfoSignature;
    private static final TraceComponent tc = Tr.register(STRDereferenceTransformer.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = STRDereferenceTransformer.class.getName();

    @Override // com.ibm.ws.wssecurity.xss4j.dsig.Transform
    public String getURI() {
        return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";
    }

    @Override // com.ibm.ws.wssecurity.xss4j.dsig.Transform
    public Element createTransformElement(Document document, IndentConfig indentConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createTransformElement(Document factory[" + document + "],IndentConfig iconf[" + indentConfig + "])");
        }
        Element createTransformElement = super.createTransformElement(document, indentConfig);
        if (this._c14nMethod != null) {
            Element element = null;
            if (("http://www.w3.org/2001/10/xml-exc-c14n#".equals(this._c14nMethod) || "http://www.w3.org/2001/10/xml-exc-c14n#WithComments".equals(this._c14nMethod)) && this._prefixList != null) {
                String serializePrefixList = ExclusiveCanonicalizer.serializePrefixList(this._prefixList);
                element = document.createElementNS("http://www.w3.org/2001/10/xml-exc-c14n#", "InclusiveNamespaces");
                element.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://www.w3.org/2001/10/xml-exc-c14n#");
                element.setAttribute("PrefixList", serializePrefixList);
            }
            Element createElementNS = document.createElementNS(Constants.NS_DSIG, "CanonicalizationMethod");
            createElementNS.setAttribute("Algorithm", this._c14nMethod);
            if (element != null) {
                createElementNS.appendChild(element);
            }
            String namespacePrefix = DOMUtil.getNamespacePrefix(createTransformElement, this._nsWsse);
            boolean z = false;
            if (namespacePrefix == null) {
                namespacePrefix = "wsse:";
                z = true;
            } else if (!"".equals(namespacePrefix)) {
                namespacePrefix = namespacePrefix + ":";
            }
            Element createElementNS2 = document.createElementNS(this._nsWsse, namespacePrefix + "TransformationParameters");
            if (z) {
                createElementNS2.setAttribute("xmlns:wsse", this._nsWsse);
            }
            createElementNS2.appendChild(createElementNS);
            createTransformElement.appendChild(createElementNS2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createTransformElement(Document factory,IndentConfig iconf) returns Element[" + createTransformElement + "]");
        }
        return createTransformElement;
    }

    @Override // com.ibm.ws.wssecurity.xss4j.dsig.Transform
    public void setParameter(Node node) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setParameter(Node node[" + DOMUtil.getDisplayName(node) + "])");
        }
        this._c14nMethod = null;
        this._prefixList = null;
        Node node2 = node;
        while (true) {
            Node node3 = node2;
            if (node3 == null) {
                break;
            }
            if (node3.getNodeType() == 1) {
                Element element = (Element) node3;
                if (DOMUtil.equals(element, this._nsWsse, "TransformationParameters")) {
                    Element firstElement = DOMUtil.getFirstElement(element);
                    while (true) {
                        Element element2 = firstElement;
                        if (element2 != null) {
                            if (DOMUtil.equals(element2, Constants.NS_DSIG, "CanonicalizationMethod") && element2.hasAttribute("Algorithm")) {
                                this._c14nMethod = element2.getAttribute("Algorithm");
                                if ("http://www.w3.org/2001/10/xml-exc-c14n#".equals(this._c14nMethod) || "http://www.w3.org/2001/10/xml-exc-c14n#WithComments".equals(this._c14nMethod)) {
                                    Element firstElement2 = DOMUtil.getFirstElement(element2);
                                    while (true) {
                                        Element element3 = firstElement2;
                                        if (element3 != null) {
                                            if (DOMUtil.equals(element3, "http://www.w3.org/2001/10/xml-exc-c14n#", "InclusiveNamespaces") && element3.hasAttribute("PrefixList")) {
                                                this._prefixList = ExclusiveCanonicalizer.parsePrefixList(element3.getAttribute("PrefixList"));
                                            }
                                            firstElement2 = DOMUtil.getNextElement(element3);
                                        }
                                    }
                                }
                            }
                            firstElement = DOMUtil.getNextElement(element2);
                        }
                    }
                }
            }
            node2 = node3.getNextSibling();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setParameter(Node node)");
        }
    }

    @Override // com.ibm.ws.wssecurity.xss4j.dsig.Transform
    public void transform(TransformContext transformContext) throws TransformException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "transform(TransformContext context[" + transformContext + "])");
        }
        SignatureContext signatureContext = transformContext.getSignatureContext();
        if (signatureContext instanceof WSSSignatureContext) {
            WSSSignatureContext wSSSignatureContext = (WSSSignatureContext) signatureContext;
            this._document = wSSSignatureContext.getDocument();
            this._idResolver = wSSSignatureContext.getIDResolver();
            this._kiResolver = wSSSignatureContext.getSTRDTKeyInfoResolver();
            int wssVersion = wSSSignatureContext.getWssVersion();
            this._nsWsse = Constants.NAMESPACES[0][wssVersion];
            this._nsWsu = Constants.NAMESPACES[1][wssVersion];
            this._keyInfoSignature = wSSSignatureContext.getKeyInfoSignature();
        }
        NodeList nodeList = null;
        switch (transformContext.getType()) {
            case 0:
            case 1:
                nodeList = XPathCanonicalizer.toNodeset(transformContext.getDocument(), null, true);
                break;
            case 2:
                nodeList = transformContext.getNodeset();
                break;
            case 3:
                nodeList = XPathCanonicalizer.toNodeset(transformContext.getNode(), null, true);
                break;
        }
        byte[] bArr = null;
        if (nodeList != null) {
            typeCheck(nodeList, this._keyInfoSignature);
            try {
                bArr = transform(nodeList);
            } catch (RuntimeException e) {
                Tr.processException(e, clsName + ".transform", "215", this);
                throw e;
            } catch (Exception e2) {
                Tr.processException(e2, clsName + ".transform", "218", this);
                throw TransformException.create(e2);
            }
        }
        transformContext.setContent(bArr, "UTF-8");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "transform(TransformContext context)");
        }
    }

    private byte[] transform(NodeList nodeList) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "transform(NodeList nodeSet[" + nodeList + "])");
        }
        byte[] serializeNodeSet = serializeNodeSet(nodeList, dereferenceSTR(nodeList));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "transform(NodeList nodeSet)");
        }
        return serializeNodeSet;
    }

    private Map dereferenceSTR(NodeList nodeList) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "dereferenceSTR(NodeList nodeSet[" + nodeList + "])");
        }
        HashMap hashMap = new HashMap();
        int length = nodeList.getLength();
        for (int i = 0; i < length; i++) {
            Node item = nodeList.item(i);
            if (item.getNodeType() == 1) {
                Element element = (Element) item;
                if (DOMUtil.equals(element, Constants.NS_WSSE, KRBConstants.ELM_SECURITY_TOKEN_REFERENCE)) {
                    hashMap.put(item, convertToNodeSet(dereferenceSTR(element)));
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "dereferenceSTR(NodeList nodeSet), returns Map[" + hashMap + "]");
        }
        return hashMap;
    }

    private byte[] serializeNodeSet(NodeList nodeList, Map map) throws SoapSecurityException {
        byte[] serializeSubset;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "serializeNodeSet(NodeList nodeSet[" + nodeList + "],Map replNodeSets[" + map + "])");
        }
        if (this._c14nMethod == null) {
            throw SoapSecurityException.format("security.wssecurity.STRDereferenceTransformer.s01");
        }
        if ("http://www.w3.org/TR/2001/REC-xml-c14n-20010315".equals(this._c14nMethod)) {
            serializeSubset = Canonicalizer.serializeSubset(nodeList, false, map);
        } else if ("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments".equals(this._c14nMethod)) {
            serializeSubset = Canonicalizer.serializeSubset(nodeList, true, map);
        } else if ("http://www.w3.org/2001/10/xml-exc-c14n#".equals(this._c14nMethod)) {
            serializeSubset = ExclusiveCanonicalizer.serializeSubset(this._prefixList, nodeList, false, map);
        } else {
            if (!"http://www.w3.org/2001/10/xml-exc-c14n#WithComments".equals(this._c14nMethod)) {
                throw SoapSecurityException.format("security.wssecurity.STRDereferenceTransformer.s02", this._c14nMethod);
            }
            serializeSubset = ExclusiveCanonicalizer.serializeSubset(this._prefixList, nodeList, true, map);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "serializeNodeSet(NodeList nodeSet,Map replNodeSets)");
        }
        return serializeSubset;
    }

    private NodeList dereferenceSTR(Element element) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "dereferenceSTR(Element secTokenRef[" + DOMUtil.getDisplayName(element) + "])");
        }
        NodeList wrapInNodeList = wrapInNodeList(dereferenceToST(element));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "dereferenceSTR(Element secTokenRef)");
        }
        return wrapInNodeList;
    }

    private Object dereferenceToST(Element element) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "dereferenceToST(Element secTokenRef[" + DOMUtil.getDisplayName(element) + "])");
        }
        Object obj = null;
        Element firstElement = DOMUtil.getFirstElement(element);
        if (DOMUtil.equals(firstElement, this._nsWsse, "Embedded")) {
            obj = dereferenceEmbedded(firstElement);
        } else if (DOMUtil.equals(firstElement, this._nsWsse, KRBConstants.ELM_REFERENCE)) {
            obj = dereferenceReference(firstElement);
        } else if (DOMUtil.equals(firstElement, this._nsWsse, KRBConstants.ELM_KEYIDENTIFIER)) {
            obj = dereferenceOthers(element, KeyInfoConsumer.KEYID);
        } else if (DOMUtil.equals(firstElement, Constants.NS_DSIG, "X509Data")) {
            obj = dereferenceOthers(element, KeyInfoConsumer.X509ISSUER);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "dereferenceToST(Element secTokenRef)");
        }
        return obj;
    }

    private Object dereferenceEmbedded(Element element) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "dereferenceEmbedded(Element embedded[" + DOMUtil.getDisplayName(element) + "])");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = null;
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                break;
            }
            if (nodeListImpl == null) {
                nodeListImpl = new XPathCanonicalizer.NodeListImpl();
            }
            nodeListImpl.add(node);
            firstChild = node.getNextSibling();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "dereferenceEmbedded(Element embedded) returns Object[" + nodeListImpl + "]");
        }
        return nodeListImpl;
    }

    private Object dereferenceReference(Element element) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "dereferenceReference(Element ref[" + DOMUtil.getDisplayName(element) + "])");
        }
        String str = null;
        if (element.hasAttribute("URI")) {
            str = element.getAttribute("URI");
        }
        QName qName = null;
        if (element.hasAttribute("ValueType")) {
            qName = DOMUtil.getQName(element, element.getAttribute("ValueType"));
        }
        Object resolveURI = resolveURI(str, qName);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "dereferenceReference(Element ref) returns Object[" + resolveURI + "]");
        }
        return resolveURI;
    }

    private Object resolveURI(String str, QName qName) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "resolveURI(String uri[" + str + "],QName valType[" + qName + "])");
        }
        Element element = null;
        if (str != null) {
            if (str.length() < 2 || str.charAt(0) != '#') {
                throw SoapSecurityException.format("security.wssecurity.STRDereferenceTransformer.s04", str);
            }
            String substring = str.substring(1);
            if (this._idResolver == null) {
                throw SoapSecurityException.format("security.wssecurity.STRDereferenceTransformer.s03");
            }
            Element resolveID = this._idResolver.resolveID(this._document, substring);
            if (resolveID != null) {
                element = resolveID;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "resolveURI(String uri,QName valType) returns Object[" + element + "]");
        }
        return element;
    }

    private Object dereferenceOthers(Element element, String str) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "dereferenceOthers(Element secTokenRef[" + DOMUtil.getDisplayName(element) + "],String keyInfoType[" + str + "])");
        }
        Element element2 = null;
        if (this._kiResolver != null) {
            element2 = this._kiResolver.resolve(element, str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "dereferenceOthers(Element secTokenRef,String keyInfoType) returns Object[" + element2 + "]");
        }
        return element2;
    }

    private NodeList wrapInNodeList(Object obj) throws SoapSecurityException {
        NodeList nodeList;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "wrapInNodeList(Object secToken[" + obj + "])");
        }
        if (obj instanceof Element) {
            XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl(1);
            nodeListImpl.add((Element) obj);
            nodeList = nodeListImpl;
        } else {
            if (!(obj instanceof NodeList)) {
                throw SoapSecurityException.format("security.wssecurity.STRDereferenceTransformer.s05");
            }
            nodeList = (NodeList) obj;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "wrapInNodeList(Object secToken) returns NodeList[" + nodeList + "]");
        }
        return nodeList;
    }

    private NodeList convertToNodeSet(NodeList nodeList) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "convertToNodeSet(NodeList apexNodes[" + nodeList + "])");
        }
        XPathCanonicalizer.NodeListImpl nodeListImpl = new XPathCanonicalizer.NodeListImpl();
        int length = nodeList.getLength();
        for (int i = 0; i < length; i++) {
            NodeList nodeset = XPathCanonicalizer.toNodeset(nodeList.item(i), null, true);
            int length2 = nodeset.getLength();
            for (int i2 = 0; i2 < length2; i2++) {
                nodeListImpl.add(nodeset.item(i2));
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "convertToNodeSet(NodeList apexNodes) returns NodeList[" + nodeListImpl + "]");
        }
        return nodeListImpl;
    }

    private void typeCheck(NodeList nodeList, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "typeIsOk(NodeList nodeset,String kiSign[" + str + "])");
        }
        if (str == null || IntegralDialectElementSelector.KEYSIGNMETHOD[0].equals(str)) {
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= nodeList.getLength()) {
                    break;
                }
                Node item = nodeList.item(i);
                if (item.getNodeType() == 1 && DOMUtil.equals(item, Constants.NS_DSIG, KRBConstants.ELM_KEYINFO)) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z && tc.isDebugEnabled()) {
                Tr.debug(tc, "The nodeset to be signed doesn't include ds:KeyInfo element though the method to sign a key is [" + str + "].");
            }
        } else if (IntegralDialectElementSelector.KEYSIGNMETHOD[1].equals(str)) {
            boolean z2 = false;
            int i2 = 0;
            while (true) {
                if (i2 >= nodeList.getLength()) {
                    break;
                }
                Node item2 = nodeList.item(i2);
                if (item2.getNodeType() == 1 && DOMUtil.equals(item2, Constants.NS_DSIG, KRBConstants.ELM_KEYINFO)) {
                    z2 = true;
                    break;
                }
                i2++;
            }
            if (z2 && tc.isDebugEnabled()) {
                Tr.debug(tc, "The nodeset to be signed includes ds:KeyInfo element though the method to sign a key is [" + str + "].");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "typeIsOk(NodeList nodeset,String kiSign)");
        }
    }
}
