package com.sun.identity.saml.xmlsig;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.services.util.Base64;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import netscape.ldap.LDAPCache;
import org.apache.xml.security.Init;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.IdResolver;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:115766-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/saml/xmlsig/AMSignatureProvider.class */
public class AMSignatureProvider implements SignatureProvider {
    private KeyProvider keystore;
    private String c14nMethod;
    private String transformAlg;
    private static final String DEF_ID_ATTRIBUTE = "id";
    private boolean checkCert;

    public AMSignatureProvider() {
        this.keystore = null;
        this.c14nMethod = null;
        this.transformAlg = null;
        this.checkCert = true;
        Init.init();
        try {
            this.keystore = (KeyProvider) Class.forName(SAMLUtils.bundle.getString("keyproviderimplclass")).newInstance();
        } catch (Exception e) {
            SAMLUtils.debug.error("AMSignatureProvider:constructor error");
        }
        try {
            this.c14nMethod = SAMLUtils.bundle.getString("canonicalizationMethod");
            if (this.c14nMethod != null) {
                this.c14nMethod = this.c14nMethod.trim();
            }
        } catch (Exception e2) {
            this.c14nMethod = null;
        }
        try {
            this.transformAlg = SAMLUtils.bundle.getString("transformAlgorithm");
            if (this.transformAlg != null) {
                this.transformAlg = this.transformAlg.trim();
            }
        } catch (Exception e3) {
            this.transformAlg = null;
        }
        try {
            String str = SystemProperties.get("com.sun.identity.saml.checkcert");
            if (str != null) {
                if (str.trim().equalsIgnoreCase("off")) {
                    this.checkCert = false;
                } else if (str.trim().equalsIgnoreCase("on")) {
                    this.checkCert = true;
                } else {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SystemProperty: com.sun.identity.saml.checkcert has invalid value. Choose default, turn ON checkcert.");
                    }
                    this.checkCert = true;
                }
            }
        } catch (Exception e4) {
            this.checkCert = true;
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public void initialize(KeyProvider keyProvider) {
        if (keyProvider == null) {
            SAMLUtils.debug.error("Key Provider is null");
        } else {
            this.keystore = keyProvider;
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str) throws XMLSignatureException {
        return signXML(document, str, SAMLUtils.bundle.getString("xmlsigalgorithm"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2) throws XMLSignatureException {
        XMLSignature xMLSignature;
        if (document == null) {
            SAMLUtils.debug.error("signXML: doc is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Constants.setSignatureSpecNSprefix("");
            if (this.keystore == null) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullkeystore"));
            }
            PrivateKey privateKey = this.keystore.getPrivateKey(str);
            if (privateKey == null) {
                SAMLUtils.debug.error("private key is null");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullprivatekey"));
            }
            Element documentElement = document.getDocumentElement();
            if (str2 == null || str2.equals("")) {
                str2 = SAMLUtils.bundle.getString("xmlsigalgorithm");
            }
            if (!isValidAlgorithm(str2)) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidalgorithm"));
            }
            if (this.c14nMethod == null || this.c14nMethod.equals("")) {
                xMLSignature = new XMLSignature(document, "", str2);
            } else {
                if (!isValidCanonicalizationMethod(this.c14nMethod)) {
                    throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidCanonicalizationMethod"));
                }
                xMLSignature = new XMLSignature(document, "", str2, this.c14nMethod);
            }
            documentElement.appendChild(xMLSignature.getElement());
            xMLSignature.getSignedInfo().addResourceResolver(new OfflineResolver());
            Transforms transforms = new Transforms(document);
            transforms.addTransform(SAMLConstants.TRANSFORM_ENVELOPED_SIGNATURE);
            if (this.transformAlg != null && !this.transformAlg.equals("")) {
                if (!isValidTransformAlgorithm(this.transformAlg)) {
                    throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidTransformAlgorithm"));
                }
                transforms.addTransform(this.transformAlg);
            }
            xMLSignature.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            xMLSignature.addKeyInfo(this.keystore.getX509Certificate(str));
            xMLSignature.sign(privateKey);
            return xMLSignature.getElement();
        } catch (Exception e) {
            SAMLUtils.debug.error("signXML Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public String signXML(String str, String str2) throws XMLSignatureException {
        return signXML(str, str2, SAMLUtils.bundle.getString("xmlsigalgorithm"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public String signXML(String str, String str2, String str3) throws XMLSignatureException {
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: xmlString is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str2 == null || str2.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Element signXML = signXML(XMLUtils.toDOMDocument(str, SAMLUtils.debug), str2, str3);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2000);
            org.apache.xml.security.utils.XMLUtils.outputDOM(signXML, byteArrayOutputStream);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            SAMLUtils.debug.error("signXML Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2, String str3) throws XMLSignatureException {
        return signXML(document, str, str2, "id", str3, false, null);
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2, String str3, String str4) throws XMLSignatureException {
        return signXML(document, str, str2, "id", str3, false, str4);
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2, String str3, String str4, boolean z) throws XMLSignatureException {
        return signXML(document, str, str2, str3, str4, z, null);
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public String signXML(String str, String str2, String str3, String str4, String str5, boolean z) throws XMLSignatureException {
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: xmlString is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Element signXML = signXML(XMLUtils.toDOMDocument(str, SAMLUtils.debug), str2, str3, str4, str5, z, null);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2000);
            org.apache.xml.security.utils.XMLUtils.outputDOM(signXML, byteArrayOutputStream);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            SAMLUtils.debug.error("signXML Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2, String str3, String str4, boolean z, String str5) throws XMLSignatureException {
        if (document == null) {
            SAMLUtils.debug.error("signXML: doc is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Constants.setSignatureSpecNSprefix("");
            PrivateKey privateKey = this.keystore.getPrivateKey(str);
            if (privateKey == null) {
                SAMLUtils.debug.error("private key is null");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullprivatekey"));
            }
            Element element = (Element) XPathAPI.selectSingleNode(document, new StringBuffer().append("//*[@").append(str3).append("=\"").append(str4).append("\"]").toString());
            if (element == null) {
                SAMLUtils.debug.error("signXML: could not resolv id attribute");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidIDAttribute"));
            }
            if (!str4.equals("id")) {
                IdResolver.registerElementById(element, str4);
            }
            if (str2 == null || str2.equals("")) {
                str2 = SAMLUtils.bundle.getString("xmlsigalgorithm");
            }
            if (!isValidAlgorithm(str2)) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidalgorithm"));
            }
            XMLSignature xMLSignature = new XMLSignature(document, "", str2, "http://www.w3.org/2001/10/xml-exc-c14n#");
            if (str5 == null) {
                element.appendChild(xMLSignature.getElement());
            } else {
                element.insertBefore(xMLSignature.getElement(), XPathAPI.selectSingleNode(document, str5));
            }
            xMLSignature.getSignedInfo().addResourceResolver(new OfflineResolver());
            if (!str3.equals("id")) {
                IdResolver.registerElementById(element, str4);
            }
            Transforms transforms = new Transforms(document);
            transforms.addTransform(SAMLConstants.TRANSFORM_ENVELOPED_SIGNATURE);
            transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
            xMLSignature.addDocument(new StringBuffer().append(LDAPCache.DELIM).append(str4).toString(), transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            if (z) {
                xMLSignature.addKeyInfo(this.keystore.getX509Certificate(str));
            }
            xMLSignature.sign(privateKey);
            return xMLSignature.getElement();
        } catch (Exception e) {
            SAMLUtils.debug.error("signXML Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public String signXML(String str, String str2, String str3, String str4) throws XMLSignatureException {
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: xmlString is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str2 == null || str2.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Element signXML = signXML(XMLUtils.toDOMDocument(str, SAMLUtils.debug), str2, str3, str4);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2000);
            org.apache.xml.security.utils.XMLUtils.outputDOM(signXML, byteArrayOutputStream);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            SAMLUtils.debug.error("signXML Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2, List list) throws XMLSignatureException {
        return signXML(document, str, str2, (String) null, list);
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signXML(Document document, String str, String str2, String str3, List list) throws XMLSignatureException {
        if (document == null) {
            SAMLUtils.debug.error("signXML: doc is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        Element documentElement = document.getDocumentElement();
        try {
            Constants.setSignatureSpecNSprefix("");
            PrivateKey privateKey = this.keystore.getPrivateKey(str);
            if (privateKey == null) {
                SAMLUtils.debug.error("private key is null");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullprivatekey"));
            }
            if (str2 == null || str2.equals("")) {
                str2 = SAMLUtils.bundle.getString("xmlsigalgorithm");
            }
            if (!isValidAlgorithm(str2)) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidalgorithm"));
            }
            XMLSignature xMLSignature = new XMLSignature(document, "", str2, "http://www.w3.org/2001/10/xml-exc-c14n#");
            documentElement.appendChild(xMLSignature.getElement());
            int size = list.size();
            for (int i = 0; i < size; i++) {
                Transforms transforms = new Transforms(document);
                if (str3 != null) {
                    transforms.addTransform(str3);
                }
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                String str4 = (String) list.get(i);
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("id = ").append(str4).toString());
                }
                xMLSignature.addDocument(new StringBuffer().append(LDAPCache.DELIM).append(str4).toString(), transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            }
            xMLSignature.addKeyInfo(this.keystore.getX509Certificate(str));
            xMLSignature.sign(privateKey);
            return xMLSignature.getElement();
        } catch (Exception e) {
            SAMLUtils.debug.error("signXML Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public String signXML(String str, String str2, String str3, List list) throws XMLSignatureException {
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: xmlString is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str2 == null || str2.equals("")) {
            SAMLUtils.debug.error("signXML: certAlias is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Element signXML = signXML(XMLUtils.toDOMDocument(str, SAMLUtils.debug), str2, str3, list);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2000);
            org.apache.xml.security.utils.XMLUtils.outputDOM(signXML, byteArrayOutputStream);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            e.printStackTrace();
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signWithWSSSAMLTokenProfile(Document document, Certificate certificate, String str, String str2, List list) throws XMLSignatureException {
        if (document == null) {
            SAMLUtils.debug.error("signXML: doc is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (certificate == null) {
            SAMLUtils.debug.error("signWithWSSSAMLTokenProfile: Certificate is null");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (str == null) {
            SAMLUtils.debug.error("signWithWSSSAMLTokenProfile: AssertionID is null");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        Element element = (Element) document.getDocumentElement().getElementsByTagNameNS("http://schemas.xmlsoap.org/ws/2003/06/secext", "Security").item(0);
        try {
            Constants.setSignatureSpecNSprefix("");
            PrivateKey privateKey = this.keystore.getPrivateKey(this.keystore.getCertificateAlias(certificate));
            if (privateKey == null) {
                SAMLUtils.debug.error("private key is null");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullprivatekey"));
            }
            if (str2 == null || str2.equals("")) {
                str2 = SAMLUtils.bundle.getString("xmlsigalgorithm");
            }
            if (!isValidAlgorithm(str2)) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidalgorithm"));
            }
            XMLSignature xMLSignature = new XMLSignature(document, "", str2, "http://www.w3.org/2001/10/xml-exc-c14n#");
            element.appendChild(xMLSignature.getElement());
            int size = list.size();
            for (int i = 0; i < size; i++) {
                Transforms transforms = new Transforms(document);
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                String str3 = (String) list.get(i);
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("id = ").append(str3).toString());
                }
                xMLSignature.addDocument(new StringBuffer().append(LDAPCache.DELIM).append(str3).toString(), transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            }
            KeyInfo keyInfo = xMLSignature.getKeyInfo();
            Element createElementNS = document.createElementNS("http://schemas.xmlsoap.org/ws/2003/06/secext", "SecurityTokenReference");
            keyInfo.addUnknownElement(createElementNS);
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://schemas.xmlsoap.org/ws/2003/06/secext");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:sec", "urn:liberty:sec:2003-08");
            createElementNS.setAttributeNS(null, "Usage", "sec:MessageAuthentication");
            Element createElementNS2 = document.createElementNS("http://schemas.xmlsoap.org/ws/2003/06/secext", "Reference");
            createElementNS2.setAttributeNS(null, "URI", new StringBuffer().append(LDAPCache.DELIM).append(str).toString());
            createElementNS.appendChild(createElementNS2);
            xMLSignature.sign(privateKey);
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("SAML Signed doc = ").append(XMLUtils.print(document.getDocumentElement())).toString());
            }
            return xMLSignature.getElement();
        } catch (Exception e) {
            SAMLUtils.debug.error("signWithWSSX509TokenProfile Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public Element signWithWSSX509TokenProfile(Document document, Certificate certificate, String str, List list) throws XMLSignatureException {
        if (document == null) {
            SAMLUtils.debug.error("signXML: doc is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message(new StringBuffer().append("Soap Envlope: ").append(XMLUtils.print(document.getDocumentElement())).toString());
        }
        Element element = (Element) document.getDocumentElement().getElementsByTagNameNS("http://schemas.xmlsoap.org/ws/2003/06/secext", "Security").item(0);
        try {
            Constants.setSignatureSpecNSprefix("");
            PrivateKey privateKey = this.keystore.getPrivateKey(this.keystore.getCertificateAlias(certificate));
            if (privateKey == null) {
                SAMLUtils.debug.error("private key is null");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("nullprivatekey"));
            }
            if (str == null || str.equals("")) {
                str = SAMLUtils.bundle.getString("xmlsigalgorithm");
            }
            if (!isValidAlgorithm(str)) {
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidalgorithm"));
            }
            XMLSignature xMLSignature = new XMLSignature(document, "", str, "http://www.w3.org/2001/10/xml-exc-c14n#");
            element.appendChild(xMLSignature.getElement());
            int size = list.size();
            for (int i = 0; i < size; i++) {
                Transforms transforms = new Transforms(document);
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                String str2 = (String) list.get(i);
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("id = ").append(str2).toString());
                }
                xMLSignature.addDocument(new StringBuffer().append(LDAPCache.DELIM).append(str2).toString(), transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            }
            KeyInfo keyInfo = xMLSignature.getKeyInfo();
            Element createElementNS = document.createElementNS("http://schemas.xmlsoap.org/ws/2003/06/secext", "SecurityTokenReference");
            keyInfo.addUnknownElement(createElementNS);
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://schemas.xmlsoap.org/ws/2003/06/secext");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:sec", "urn:liberty:sec:2003-08");
            createElementNS.setAttributeNS(null, "Usage", "sec:MessageAuthentication");
            String attributeNS = ((Element) element.getElementsByTagNameNS("http://schemas.xmlsoap.org/ws/2003/06/secext", "BinarySecurityToken").item(0)).getAttributeNS(SAMLConstants.NS_WSU, SAMLConstants.TAG_ID);
            Element createElementNS2 = document.createElementNS("http://schemas.xmlsoap.org/ws/2003/06/secext", "Reference");
            createElementNS.appendChild(createElementNS2);
            createElementNS2.setAttributeNS(null, "URI", new StringBuffer().append(LDAPCache.DELIM).append(attributeNS).toString());
            xMLSignature.sign(privateKey);
            return xMLSignature.getElement();
        } catch (Exception e) {
            SAMLUtils.debug.error("signWithWSSX509TokenProfile Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Document document, String str) throws XMLSignatureException {
        if (document == null) {
            SAMLUtils.debug.error("verifyXMLSignature: document is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            String[] strArr = {"AssertionID", "RequestID", IFSConstants.RESPONSE_ID};
            for (int i = 0; i < strArr.length; i++) {
                NodeList selectNodeList = XPathAPI.selectNodeList(document, new StringBuffer().append("//*[@").append(strArr[i]).append("]").toString());
                if (selectNodeList != null && selectNodeList.getLength() != 0) {
                    int length = selectNodeList.getLength();
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("found ").append(strArr[i]).append("=").append(length).toString());
                    }
                    for (int i2 = 0; i2 < length; i2++) {
                        Element element = (Element) selectNodeList.item(i2);
                        String attribute = element.getAttribute(strArr[i]);
                        if (attribute != null && !attribute.equals("")) {
                            if (SAMLUtils.debug.messageEnabled()) {
                                SAMLUtils.debug.message(new StringBuffer().append("found ").append(strArr[i]).append("=").append(attribute).append(" elment=").append(XMLUtils.print(element)).toString());
                            }
                            IdResolver.registerElementById(element, attribute);
                        }
                    }
                }
            }
            NodeList selectNodeList2 = XPathAPI.selectNodeList(document, "//ds:Signature", org.apache.xml.security.utils.XMLUtils.createDSctx(document, SAMLConstants.PREFIX_DS, SAMLConstants.XMLSIG_NAMESPACE_URI));
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("verifyXMLSignature: sigElements size = ").append(selectNodeList2.getLength()).toString());
            }
            X509Certificate x509Certificate = this.keystore.getX509Certificate(str);
            PublicKey publicKey = this.keystore.getPublicKey(str);
            for (int i3 = 0; i3 < selectNodeList2.getLength(); i3++) {
                Element element2 = (Element) selectNodeList2.item(i3);
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("Sig(").append(i3).append(") = ").append(XMLUtils.print(element2)).toString());
                }
                XMLSignature xMLSignature = new XMLSignature(element2, "");
                xMLSignature.addResourceResolver(new OfflineResolver());
                PublicKey x509PublicKey = getX509PublicKey(document, xMLSignature.getKeyInfo());
                if (x509PublicKey != null) {
                    if (!xMLSignature.checkSignatureValue(x509PublicKey)) {
                        return false;
                    }
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("verifyXMLSignature: Signature ").append(i3).append(" verified").toString());
                    }
                } else {
                    if (str == null || str.equals("")) {
                        return false;
                    }
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Could not find a KeyInfo, try to use certAlias");
                    }
                    if (x509Certificate != null) {
                        if (!xMLSignature.checkSignatureValue(x509Certificate)) {
                            return false;
                        }
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message(new StringBuffer().append("verifyXMLSignature: Signature ").append(i3).append(" verified").toString());
                        }
                    } else {
                        if (publicKey == null) {
                            SAMLUtils.debug.error("Could not find public key based on certAlias to verify signature");
                            return false;
                        }
                        if (!xMLSignature.checkSignatureValue(publicKey)) {
                            return false;
                        }
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message(new StringBuffer().append("verifyXMLSignature: Signature ").append(i3).append(" verified").toString());
                        }
                    }
                }
            }
            return true;
        } catch (Exception e) {
            SAMLUtils.debug.error("verifyXMLSignature Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Document document) throws XMLSignatureException {
        if (document != null) {
            return verifyXMLSignature(document, (String) null);
        }
        SAMLUtils.debug.error("verifyXMLSignature: document is null.");
        throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Element element) throws XMLSignatureException {
        if (element != null) {
            return verifyXMLSignature(XMLUtils.print(element));
        }
        SAMLUtils.debug.error("signXML: element is null.");
        throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Element element, String str) throws XMLSignatureException {
        return verifyXMLSignature(element, "id", str);
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Element element, String str, String str2) throws XMLSignatureException {
        if (element != null) {
            return verifyXMLSignature(XMLUtils.print(element), str, str2);
        }
        SAMLUtils.debug.error("signXML: element is null.");
        throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(Document document, Certificate certificate) throws XMLSignatureException {
        if (document != null) {
            return verifyXMLSignature(document, this.keystore.getCertificateAlias(certificate));
        }
        SAMLUtils.debug.error("verifyXMLSignature: document is null.");
        throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(String str) throws XMLSignatureException {
        return verifyXMLSignature(str, (String) null);
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(String str, String str2) throws XMLSignatureException {
        return verifyXMLSignature(str, "id", str2);
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public boolean verifyXMLSignature(String str, String str2, String str3) throws XMLSignatureException {
        if (str == null || str.equals("")) {
            SAMLUtils.debug.error("signXML: xmlString is null.");
            throw new XMLSignatureException(SAMLUtils.bundle.getString("nullInput"));
        }
        try {
            Document dOMDocument = XMLUtils.toDOMDocument(str, SAMLUtils.debug);
            XMLSignature xMLSignature = new XMLSignature((Element) XPathAPI.selectSingleNode(dOMDocument, "//ds:Signature[1]", org.apache.xml.security.utils.XMLUtils.createDSctx(dOMDocument, SAMLConstants.PREFIX_DS, SAMLConstants.XMLSIG_NAMESPACE_URI)), "");
            xMLSignature.addResourceResolver(new OfflineResolver());
            if (((Element) XPathAPI.selectSingleNode(dOMDocument, new StringBuffer().append("//*[@").append(str2).append("=\"").append(dOMDocument.getDocumentElement().getAttribute(str2)).append("\"]").toString())) == null) {
                SAMLUtils.debug.error("verifyXML: could not resolv id attribute");
                throw new XMLSignatureException(SAMLUtils.bundle.getString("invalidIDAttribute"));
            }
            String[] strArr = {"AssertionID", "RequestID", IFSConstants.RESPONSE_ID};
            for (int i = 0; i < strArr.length; i++) {
                NodeList selectNodeList = XPathAPI.selectNodeList(dOMDocument, new StringBuffer().append("//*[@").append(strArr[i]).append("]").toString());
                if (selectNodeList != null && selectNodeList.getLength() != 0) {
                    int length = selectNodeList.getLength();
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("found ").append(strArr[i]).append("=").append(length).toString());
                    }
                    for (int i2 = 0; i2 < length; i2++) {
                        Element element = (Element) selectNodeList.item(i2);
                        String attribute = element.getAttribute(strArr[i]);
                        if (attribute != null && !attribute.equals("")) {
                            if (SAMLUtils.debug.messageEnabled()) {
                                SAMLUtils.debug.message(new StringBuffer().append("found ").append(strArr[i]).append("=").append(attribute).append(" elment=").append(XMLUtils.print(element)).toString());
                            }
                            IdResolver.registerElementById(element, attribute);
                        }
                    }
                }
            }
            PublicKey x509PublicKey = getX509PublicKey(dOMDocument, xMLSignature.getKeyInfo());
            if (x509PublicKey != null) {
                return xMLSignature.checkSignatureValue(x509PublicKey);
            }
            if (str3 == null || str3.equals("")) {
                return false;
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("Could not find a KeyInfo, try to use certAlias");
            }
            X509Certificate x509Certificate = this.keystore.getX509Certificate(str3);
            if (x509Certificate != null) {
                return xMLSignature.checkSignatureValue(x509Certificate);
            }
            PublicKey publicKey = this.keystore.getPublicKey(str3);
            if (publicKey != null) {
                return xMLSignature.checkSignatureValue(publicKey);
            }
            SAMLUtils.debug.error("Could not find public key based on certAlias to verify signature");
            return false;
        } catch (Exception e) {
            SAMLUtils.debug.error("verifyXMLSignature Exception: ", e);
            throw new XMLSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml.xmlsig.SignatureProvider
    public KeyProvider getKeyProvider() {
        return this.keystore;
    }

    private PublicKey getX509PublicKey(Document document, KeyInfo keyInfo) {
        PublicKey publicKey = null;
        if (keyInfo != null) {
            try {
                if (keyInfo.containsX509Data()) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Found X509Data element in the KeyInfo");
                    }
                    X509Certificate x509Certificate = keyInfo.getX509Certificate();
                    if (this.checkCert) {
                        if (this.keystore.getCertificateAlias(x509Certificate) == null) {
                            SAMLUtils.debug.error("verifyXMLSignature: certificate is not trusted.");
                            throw new XMLSignatureException(SAMLUtils.bundle.getString("untrustedCertificate"));
                        }
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("verifyXMLSignature: certificate is trused.");
                        }
                    } else if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Skip checking whether the cert in the cert db.");
                    }
                    publicKey = getPublicKey(x509Certificate);
                } else {
                    publicKey = getWSSTokenProfilePublicKey(document);
                }
            } catch (Exception e) {
                SAMLUtils.debug.error("getX509Certificate(KeyInfo) Exception: ", e);
            }
        }
        return publicKey;
    }

    private PublicKey getWSSTokenProfilePublicKey(Document document) {
        PublicKey publicKey = null;
        try {
            SAMLUtils.debug.message("getWSSTTokenProfilePublicKey: entering");
            Element element = (Element) ((Element) XPathAPI.selectSingleNode((Element) document.getDocumentElement().getElementsByTagNameNS("http://schemas.xmlsoap.org/ws/2003/06/secext", "Security").item(0), "ds:Signature[1]", org.apache.xml.security.utils.XMLUtils.createDSctx(document, SAMLConstants.PREFIX_DS, SAMLConstants.XMLSIG_NAMESPACE_URI))).getElementsByTagNameNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "KeyInfo").item(0);
            Element element2 = (Element) element.getElementsByTagNameNS("http://schemas.xmlsoap.org/ws/2003/06/secext", "Reference").item(0);
            if (element2 != null) {
                String substring = element2.getAttribute("URI").substring(1);
                Node selectSingleNode = XPathAPI.selectSingleNode(document, new StringBuffer().append("//*[@wsu:Id=\"").append(substring).append("\"]").toString(), org.apache.xml.security.utils.XMLUtils.createDSctx(document, SAMLConstants.PREFIX_WSU, SAMLConstants.NS_WSU));
                if (selectSingleNode != null) {
                    SAMLUtils.debug.message("X509 Token");
                    publicKey = getPublicKey(getCertificate(selectSingleNode.getChildNodes().item(0).getNodeValue().trim(), ((Element) selectSingleNode).getAttribute("ValueType")));
                } else {
                    SAMLUtils.debug.message("SAML Token");
                    Element element3 = (Element) XPathAPI.selectSingleNode(document, new StringBuffer().append("//*[@AssertionID=\"").append(substring).append("\"]").toString());
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("SAML Assertion = ").append(XMLUtils.print(element3)).toString());
                    }
                    Element element4 = (Element) element3.getElementsByTagNameNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "KeyInfo").item(0);
                    if (element4 == null) {
                        SAMLUtils.debug.message("getWSSTokenProfilePublicKey: no KeyInfo found!");
                        throw new Exception(SAMLUtils.bundle.getString("nullKeyInfo"));
                    }
                    Element element5 = (Element) element4.getElementsByTagNameNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_X509DATA).item(0);
                    if (element5 != null) {
                        String nodeValue = element5.getChildNodes().item(0).getChildNodes().item(0).getNodeValue();
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message(new StringBuffer().append("certString = ").append(nodeValue).toString());
                        }
                        return getPublicKey(getCertificate(nodeValue, null));
                    }
                    publicKey = getPublicKeybyDSARSAkeyValue(document, element4);
                }
            } else {
                SAMLUtils.debug.error("getWSSTokenProfilePublicKey: unknow Security Token Reference");
            }
        } catch (Exception e) {
            SAMLUtils.debug.error("getWSSTokenProfilePublicKey Exception: ", e);
        }
        return publicKey;
    }

    private PublicKey getPublicKeybyDSARSAkeyValue(Document document, Element element) throws XMLSignatureException {
        PublicKey publicKey = null;
        Element element2 = (Element) element.getElementsByTagNameNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_DSAKEYVALUE).item(0);
        if (element2 != null) {
            NodeList childNodes = element2.getChildNodes();
            int length = childNodes.getLength();
            if (length > 0) {
                BigInteger bigInteger = null;
                BigInteger bigInteger2 = null;
                BigInteger bigInteger3 = null;
                BigInteger bigInteger4 = null;
                for (int i = 0; i < length; i++) {
                    Node item = childNodes.item(i);
                    if (item.getNodeType() == 1) {
                        String localName = item.getLocalName();
                        BigInteger bigInteger5 = new BigInteger(Base64.decode(item.getChildNodes().item(0).getNodeValue()));
                        if (localName.equals("P")) {
                            bigInteger = bigInteger5;
                        } else if (localName.equals("Q")) {
                            bigInteger2 = bigInteger5;
                        } else if (localName.equals("G")) {
                            bigInteger3 = bigInteger5;
                        } else {
                            if (!localName.equals("Y")) {
                                throw new XMLSignatureException();
                            }
                            bigInteger4 = bigInteger5;
                        }
                    }
                }
                try {
                    publicKey = new DSAKeyValue(document, bigInteger, bigInteger2, bigInteger3, bigInteger4).getPublicKey();
                } catch (Exception e) {
                    throw new XMLSignatureException(SAMLUtils.bundle.getString("errorObtainPK"));
                }
            }
        } else {
            Element element3 = (Element) element.getElementsByTagNameNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_RSAKEYVALUE).item(0);
            if (element3 != null) {
                NodeList childNodes2 = element3.getChildNodes();
                int length2 = childNodes2.getLength();
                BigInteger bigInteger6 = null;
                BigInteger bigInteger7 = null;
                if (length2 > 0) {
                    for (int i2 = 0; i2 < length2; i2++) {
                        Node item2 = childNodes2.item(i2);
                        if (item2.getNodeType() == 1) {
                            String localName2 = item2.getLocalName();
                            BigInteger bigInteger8 = new BigInteger(Base64.decode(item2.getChildNodes().item(0).getNodeValue()));
                            if (localName2.equals("Exponent")) {
                                bigInteger7 = bigInteger8;
                            } else {
                                if (!localName2.equals("Modulus")) {
                                    throw new XMLSignatureException();
                                }
                                bigInteger6 = bigInteger8;
                            }
                        }
                    }
                }
                try {
                    publicKey = new RSAKeyValue(document, bigInteger6, bigInteger7).getPublicKey();
                } catch (Exception e2) {
                    throw new XMLSignatureException(SAMLUtils.bundle.getString("errorObtainPK"));
                }
            }
        }
        return publicKey;
    }

    private X509Certificate getCertificate(String str, String str2) {
        X509Certificate x509Certificate = null;
        try {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("getCertificate(Assertion) : ").append(str).toString());
            }
            StringBuffer stringBuffer = new StringBuffer(100);
            stringBuffer.append("-----BEGIN CERTIFICATE-----\n");
            stringBuffer.append(str);
            stringBuffer.append("\n-----END CERTIFICATE-----");
            byte[] bytes = stringBuffer.toString().getBytes();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
            if (str2 == null || !str2.equals("wsse:PKCS7")) {
                while (byteArrayInputStream.available() > 0) {
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                }
            } else {
                Iterator<? extends Certificate> it = certificateFactory.generateCertificates(byteArrayInputStream).iterator();
                while (it.hasNext()) {
                    x509Certificate = (X509Certificate) it.next();
                }
            }
        } catch (Exception e) {
            SAMLUtils.debug.error("getCertificate Exception: ", e);
        }
        return x509Certificate;
    }

    private PublicKey getPublicKey(X509Certificate x509Certificate) {
        PublicKey publicKey = null;
        if (x509Certificate != null) {
            publicKey = x509Certificate.getPublicKey();
        }
        return publicKey;
    }

    private boolean isValidAlgorithm(String str) {
        return str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_SHA1) || str.equals("http://www.w3.org/2000/09/xmldsig#dsa-sha1") || str.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1") || str.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1") || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5) || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_RSA_RIPEMD160) || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_RSA_SHA256) || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_RSA_SHA384) || str.equals(SAMLConstants.ALGO_ID_SIGNATURE_RSA_SHA512) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_RIPEMD160) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_SHA256) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_SHA384) || str.equals(SAMLConstants.ALGO_ID_MAC_HMAC_SHA512);
    }

    private boolean isValidCanonicalizationMethod(String str) {
        return str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315") || str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments") || str.equals("http://www.w3.org/2001/10/xml-exc-c14n#") || str.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
    }

    private boolean isValidTransformAlgorithm(String str) {
        return str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315") || str.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments") || str.equals("http://www.w3.org/2001/10/xml-exc-c14n#") || str.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments") || str.equals(SAMLConstants.TRANSFORM_XSLT) || str.equals(SAMLConstants.TRANSFORM_BASE64_DECODE) || str.equals(SAMLConstants.TRANSFORM_XPATH) || str.equals(SAMLConstants.TRANSFORM_ENVELOPED_SIGNATURE) || str.equals(SAMLConstants.TRANSFORM_XPOINTER) || str.equals(SAMLConstants.TRANSFORM_XPATH2FILTER04) || str.equals(SAMLConstants.TRANSFORM_XPATH2FILTER) || str.equals(SAMLConstants.TRANSFORM_XPATHFILTERCHGP);
    }
}
