package com.ibm.xml.soap.security.dsig;

import com.ibm.trl.soapimpl.SOAPDocumentImpl;
import com.ibm.trl.util.Logger;
import com.ibm.trl.util.xml.DOMHandler;
import com.ibm.trl.util.xml.QName;
import com.ibm.trl.util.xml.XPathProcessor;
import com.ibm.ws.wssecurity.xss4j.domutil.XPathCanonicalizer;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.xml.soap.security.util.SwingPasswordHandler;
import com.ibm.xml.soap.security.util.UnknownAliasException;
import java.io.Reader;
import java.io.Writer;
import java.rmi.server.UID;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.apache.soap.Constants;
import org.apache.soap.SOAPException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/xml/soap/security/dsig/SOAPSigner.class */
public final class SOAPSigner extends SOAPSignatureHandler {
    private static final String ELEM_TS = "timestamp";
    private static final String ELEM_NONCE = "nonce";
    private SwingPasswordHandler passwordHandler = new SwingPasswordHandler();
    private Key privateKey;
    private KeyInfo keyInfo;
    private Element template;
    private String verifierActorURI;
    private static final String XPATH_CONFIG = new StringBuffer().append("/").append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "SOAPSignerConfig")).toString();
    private static final String XPATH_ACTOR = new StringBuffer().append(XPATH_CONFIG).append('/').append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "SOAPActor")).toString();
    private static final String XPATH_KEYSTORE = new StringBuffer().append(XPATH_CONFIG).append('/').append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "KeyStore")).toString();
    private static final String XPATH_POLICY = new StringBuffer().append(XPATH_CONFIG).append('/').append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "Policy")).toString();
    private static final String XPATH_PRIVATEKEY = new StringBuffer().append(XPATH_POLICY).append('/').append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "PrivateKey")).toString();
    private static final String XPATH_PUBLICKEY = new StringBuffer().append(XPATH_POLICY).append('/').append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "PublicKey")).toString();
    private static final String XPATH_INCLUDEKEYNAME = new StringBuffer().append(XPATH_PUBLICKEY).append('/').append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "IncludeKeyName")).toString();
    private static final String XPATH_INCLUDEKEYVALUE = new StringBuffer().append(XPATH_PUBLICKEY).append('/').append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "IncludeKeyValue")).toString();
    private static final String XPATH_INCLUDEX509DATA = new StringBuffer().append(XPATH_PUBLICKEY).append('/').append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "IncludeX509Data")).toString();
    private static final String XPATH_TEMPLATE = new StringBuffer().append(XPATH_POLICY).append('/').append(XPathProcessor.getXPath("http://www.ibm.com/xml/soap/#SOAPSignature", "Template")).toString();
    private static final String XPATH_TEMPLATE1 = new StringBuffer().append(XPATH_TEMPLATE).append("/*[position()=1]").toString();
    private static final String XPATH_SIGNATURE = new StringBuffer().append(XPATH_TEMPLATE).append('/').append(XPathProcessor.getXPath("http://www.w3.org/2000/09/xmldsig#", SOAPSignature.ELEM_SIGNATURE)).toString();
    private static final String XPATH_KEYINFO = new StringBuffer().append(XPATH_SIGNATURE).append('/').append(XPathProcessor.getXPath("http://www.w3.org/2000/09/xmldsig#", "KeyInfo")).toString();
    private static final String ELEM_VALUEOFTS = "ValueOfTimestamp";
    private static final QName QNAME_VALUEOFTS = new QName("http://www.ibm.com/xml/soap/#SOAPSignature", ELEM_VALUEOFTS);
    private static final String ELEM_VALUEOFNONCE = "ValueOfNonce";
    private static final QName QNAME_VALUEOFNONCE = new QName("http://www.ibm.com/xml/soap/#SOAPSignature", ELEM_VALUEOFNONCE);

    @Override // com.ibm.xml.soap.transport.AbstractSOAPHandler
    public void initialize(InputSource inputSource) throws SOAPException {
        Document loadDocument = loadDocument(inputSource, false);
        this.verifierActorURI = getActorURI(loadDocument);
        Logger.normal(new StringBuffer().append("Verifier actor URI: ").append(this.verifierActorURI).toString(), 3);
        KeyStore keyStore = getKeyStore((Element) processXPath(loadDocument, XPATH_KEYSTORE).item(0));
        this.privateKey = getPrivateKey(loadDocument, keyStore);
        this.keyInfo = getKeyInfo(loadDocument, keyStore);
        this.template = getTemplate(loadDocument);
    }

    private String getActorURI(Document document) throws SOAPException {
        Element element;
        NodeList processXPath = processXPath(document, XPATH_ACTOR);
        return (processXPath == null || processXPath.getLength() < 1 || (element = (Element) processXPath.item(0)) == null) ? "" : element.getAttribute("URI");
    }

    private Key getPrivateKey(Document document, KeyStore keyStore) throws SOAPException {
        Element element = (Element) processXPath(document, XPATH_PRIVATEKEY).item(0);
        String attribute = element.getAttribute("alias");
        char[] charArray = element.getAttribute("keypass").toCharArray();
        if (charArray.length == 0) {
            try {
                charArray = this.passwordHandler.query(attribute);
            } catch (UnknownAliasException e) {
                throw new SOAPException(Constants.FAULT_CODE_SERVER, new StringBuffer().append("Couldn't get a key from the key store: alias='").append(attribute).append("': Please check the key password").toString(), e);
            }
        }
        Logger.normal(new StringBuffer().append("Key alias: ").append(attribute).toString(), 3);
        Logger.normal(new StringBuffer().append("Key password: ").append(new String(charArray)).toString(), 3);
        try {
            return keyStore.getKey(attribute, charArray);
        } catch (KeyStoreException e2) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, new StringBuffer().append("Couldn't get a key(alias='").append(attribute).append("') from the key store due to a key store exception").toString(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, "Encountered unknown algorithm while loading a key", e3);
        } catch (UnrecoverableKeyException e4) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, new StringBuffer().append("Couldn't get a key from the key store: alias='").append(attribute).append("': Please check the key password").toString(), e4);
        }
    }

    private KeyInfo getKeyInfo(Document document, KeyStore keyStore) throws SOAPException {
        if (processXPath(document, XPATH_KEYINFO).item(0) != null) {
            return null;
        }
        String attribute = ((Element) processXPath(document, XPATH_PRIVATEKEY).item(0)).getAttribute("alias");
        try {
            Certificate certificate = keyStore.getCertificate(attribute);
            if (certificate == null) {
                throw new SOAPException(Constants.FAULT_CODE_SERVER, new StringBuffer().append("No such key alias: ").append(attribute).toString());
            }
            KeyInfo keyInfo = null;
            if (evalFlag(document, XPATH_INCLUDEKEYNAME)) {
                if (0 == 0) {
                    keyInfo = new KeyInfo();
                }
                Logger.normal("Include KeyName", 3);
                keyInfo.setKeyNames(new String[]{attribute});
            }
            if (evalFlag(document, XPATH_INCLUDEKEYVALUE)) {
                if (keyInfo == null) {
                    keyInfo = new KeyInfo();
                }
                Logger.normal("Include KeyValue", 3);
                keyInfo.setKeyValue(certificate.getPublicKey());
            }
            if (evalFlag(document, XPATH_INCLUDEX509DATA)) {
                if (keyInfo == null) {
                    keyInfo = new KeyInfo();
                }
                Logger.normal("Include X509Data", 3);
                KeyInfo.X509Data x509Data = new KeyInfo.X509Data();
                x509Data.setCertificate((X509Certificate) certificate);
                keyInfo.setX509Data(new KeyInfo.X509Data[]{x509Data});
            }
            return keyInfo;
        } catch (KeyStoreException e) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, new StringBuffer().append("Couldn't get a certificate(alias='").append(attribute).append("') from the key store due to a key store exception").toString(), e);
        }
    }

    private Element getTemplate(Document document) throws SOAPException {
        Element element = (Element) processXPath(document, XPATH_TEMPLATE1).item(0);
        Logger.normal(new StringBuffer().append("Raw Template:\n").append(new String(XPathCanonicalizer.serializeSubset(element, true))).toString(), 3);
        return element;
    }

    @Override // com.ibm.xml.soap.transport.EditorComponent
    public void edit(Reader reader, Writer writer) throws SOAPException {
        try {
            SOAPDocumentImpl sOAPDocumentImpl = new SOAPDocumentImpl(loadDocument(new InputSource(reader), false));
            Element element = (Element) sOAPDocumentImpl.getDocument().importNode(this.template, true);
            processTimestamp(element);
            this.soapSignature.sign(sOAPDocumentImpl, element, this.privateKey, this.keyInfo, this.verifierActorURI);
            XPathCanonicalizer.serializeAll(sOAPDocumentImpl.getDocument(), true, writer);
        } catch (Exception e) {
            throw new SOAPException(Constants.FAULT_CODE_SERVER, "An exception occured while processing the signature", e);
        }
    }

    private void processTimestamp(Element element) {
        while (true) {
            Element findElement = findElement(element, QNAME_VALUEOFTS);
            if (findElement == null) {
                return;
            } else {
                replacedBy(findElement, createTimestamp(findElement.getOwnerDocument()));
            }
        }
    }

    private void processNonce(Element element) {
        while (true) {
            Element findElement = findElement(element, QNAME_VALUEOFNONCE);
            if (findElement == null) {
                return;
            } else {
                replacedBy(findElement, createNonce(findElement.getOwnerDocument()));
            }
        }
    }

    private Element createTimestamp(Document document) {
        Element createElementNS = document.createElementNS("http://www.ibm.com/xml/soap/#SOAPSignature", "timestamp");
        String date = new Date().toString();
        Logger.normal(new StringBuffer().append("Timestamp: ").append(date).toString(), 3);
        createElementNS.appendChild(document.createTextNode(date));
        return createElementNS;
    }

    private Element createNonce(Document document) {
        Element createElementNS = document.createElementNS("http://www.ibm.com/xml/soap/#SOAPSignature", "nonce");
        createElementNS.appendChild(document.createTextNode(new UID().toString()));
        return createElementNS;
    }

    private Element findElement(Node node, QName qName) {
        if (DOMHandler.isNodeNamedNS(node, qName)) {
            return (Element) node;
        }
        NodeList childNodes = node.getChildNodes();
        int length = childNodes.getLength();
        for (int i = 0; i < length; i++) {
            Element findElement = findElement(childNodes.item(i), qName);
            if (findElement != null) {
                return findElement;
            }
        }
        return null;
    }

    private void replacedBy(Element element, Element element2) {
        element.getParentNode().replaceChild(element2, element);
    }
}
