package com.sun.xml.wss.filter;

import com.sun.org.apache.xml.security.exceptions.AlgorithmAlreadyRegisteredException;
import com.sun.org.apache.xml.security.signature.SignedInfo;
import com.sun.org.apache.xml.security.transforms.Transform;
import com.sun.org.apache.xml.security.utils.resolver.ResourceResolver;
import com.sun.org.apache.xpath.internal.XPathAPI;
import com.sun.xml.wss.ExtendedMessageFilter;
import com.sun.xml.wss.MessageConstants;
import com.sun.xml.wss.PolicyViolationException;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.SecurityHeader;
import com.sun.xml.wss.SignatureHeaderBlock;
import com.sun.xml.wss.Target;
import com.sun.xml.wss.XMLUtil;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.XWSSecurityRuntimeException;
import com.sun.xml.wss.configuration.AllowSignature;
import com.sun.xml.wss.configuration.SecurityRequirement;
import com.sun.xml.wss.configuration.SecurityRequirements;
import com.sun.xml.wss.configuration.VerifyRequirement;
import com.sun.xml.wss.helpers.KeyResolver;
import com.sun.xml.wss.helpers.ResolverId;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.logging.Level;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:119166-14/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/filter/VerifyFilter.class */
public class VerifyFilter extends FilterBase implements ExtendedMessageFilter {
    ArrayList optionalTargets;
    ArrayList optionalNodeList;
    private boolean enableLogging;
    SecurityRequirement receiverRequirement;
    static Class class$com$sun$xml$wss$SignatureHeaderBlock;

    public VerifyFilter() {
        this.optionalTargets = null;
        this.optionalNodeList = null;
        this.enableLogging = false;
        this.receiverRequirement = null;
    }

    public VerifyFilter(SecurityRequirement securityRequirement, ArrayList arrayList) {
        this.optionalTargets = null;
        this.optionalNodeList = null;
        this.enableLogging = false;
        this.receiverRequirement = null;
        this.receiverRequirement = securityRequirement;
        this.optionalTargets = arrayList;
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void setReceiverRequirement(SecurityRequirement securityRequirement) {
        this.receiverRequirement = securityRequirement;
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void setReceiverRequirements(SecurityRequirements securityRequirements) throws UnsupportedOperationException {
        throw new UnsupportedOperationException("Operation not supported");
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void enableOperationsLog(boolean z) {
        this.enableLogging = z;
    }

    @Override // com.sun.xml.wss.filter.FilterBase, com.sun.xml.wss.MessageFilter
    public void init() throws XWSSecurityException {
    }

    private ArrayList getOptionalNodeList(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        if (this.optionalTargets == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = this.optionalTargets.iterator();
        while (it.hasNext()) {
            Target target = (Target) it.next();
            if (target.getType().equals("uri")) {
                arrayList.add((Node) securableSoapMessage.getMessageParts(target));
            } else {
                NodeList nodeList = (NodeList) securableSoapMessage.getMessageParts(target);
                for (int i = 0; i < nodeList.getLength(); i++) {
                    arrayList.add(nodeList.item(i));
                }
            }
        }
        return arrayList;
    }

    @Override // com.sun.xml.wss.MessageFilter
    public void process(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        if (verify(securableSoapMessage)) {
            return;
        }
        log.log(Level.SEVERE, "WSS0167.signature.verification.failed");
        throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_CHECK, "Signature verification failed", new XWSSecurityException("Signature verification failed"));
    }

    private boolean verify(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException, PolicyViolationException {
        Class cls;
        if (!SecurableSoapMessage.isStrTransformAdded()) {
            try {
                Transform.register(MessageConstants.STR_TRANSFORM_URI, "com.sun.xml.wss.helpers.TransformSTR");
                SecurableSoapMessage.setStrTransformAdded(true);
            } catch (AlgorithmAlreadyRegisteredException e) {
                throw new XWSSecurityException(e);
            }
        }
        SecurityHeader findSecurityHeader = securableSoapMessage.findSecurityHeader();
        SignatureHeaderBlock signatureHeaderBlock = null;
        try {
            if (class$com$sun$xml$wss$SignatureHeaderBlock == null) {
                cls = class$("com.sun.xml.wss.SignatureHeaderBlock");
                class$com$sun$xml$wss$SignatureHeaderBlock = cls;
            } else {
                cls = class$com$sun$xml$wss$SignatureHeaderBlock;
            }
            signatureHeaderBlock = (SignatureHeaderBlock) findSecurityHeader.getCurrentHeaderBlock(cls);
        } catch (XWSSecurityException e2) {
            log.log(Level.SEVERE, "WSS0129.no.dssignature.in.security.headerblock", new Object[]{e2});
            securableSoapMessage.generateSecurityHeaderException("WSS0129: Could not retrieve the ds:Signature element from the wsse:Security header block");
        }
        try {
            SecurableSoapMessage.setDocMessageAssociation(signatureHeaderBlock.getOwnerDocument(), securableSoapMessage);
            if (this.receiverRequirement != null) {
                if (this.optionalTargets != null) {
                    this.optionalNodeList = getOptionalNodeList(securableSoapMessage);
                }
                checkIfReceiverReqsAreMet(this.receiverRequirement, signatureHeaderBlock, securableSoapMessage);
            }
            checkForDsCanonicalizationMethod(signatureHeaderBlock, securableSoapMessage);
            PublicKey publicKey = (PublicKey) KeyResolver.getKey(signatureHeaderBlock.getKeyInfoHeaderBlock(), true, securableSoapMessage);
            if (publicKey == null) {
                log.log(Level.SEVERE, "WSS0336.cannot.locate.publickey.for.signature.verification");
                throw new XWSSecurityException("Couldn't locate the public key for signature verification");
            }
            if (!SecurableSoapMessage.isWsuIdResolverAdded()) {
                ResourceResolver.registerAtStart(ResolverId.getResolverName());
                SecurableSoapMessage.setWsuIdResolverAdded(true);
            }
            try {
                boolean checkSignatureValue = signatureHeaderBlock.checkSignatureValue(publicKey);
                try {
                    if (this.enableLogging) {
                        updateOperationsLog(securableSoapMessage, signatureHeaderBlock);
                    }
                    return checkSignatureValue;
                } catch (Exception e3) {
                    throw new XWSSecurityRuntimeException(e3);
                }
            } catch (XWSSecurityException e4) {
                log.log(Level.SEVERE, "WSS0133.exception.while.verifying.signature", new Object[]{e4.getCause().getMessage()});
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_CHECK, "Signature Verification Failed", e4.getCause());
            }
        } finally {
            SecurableSoapMessage.removeDocMessageAssociation(signatureHeaderBlock.getOwnerDocument());
        }
    }

    private void updateOperationsLog(SecurableSoapMessage securableSoapMessage, SignatureHeaderBlock signatureHeaderBlock) throws Exception {
        HashSet hashSet = new HashSet();
        SignedInfo dSSignedInfo = signatureHeaderBlock.getDSSignedInfo();
        int length = dSSignedInfo.getLength();
        for (int i = 0; i < length; i++) {
            hashSet.add(securableSoapMessage.getElementByWsuId(dSSignedInfo.item(i).getURI().substring(1)));
        }
        securableSoapMessage.logSignatureReferences(hashSet);
    }

    private void checkIfReceiverReqsAreMet(SecurityRequirement securityRequirement, SignatureHeaderBlock signatureHeaderBlock, SecurableSoapMessage securableSoapMessage) throws PolicyViolationException {
        ArrayList arrayList = null;
        if (securityRequirement instanceof VerifyRequirement) {
            arrayList = ((VerifyRequirement) securityRequirement).getTargets();
        } else if (securityRequirement instanceof AllowSignature) {
            arrayList = ((AllowSignature) securityRequirement).getTargets();
        }
        ArrayList listOfSignedElements = getListOfSignedElements(signatureHeaderBlock.getDSSignedInfo(), securableSoapMessage);
        Iterator it = arrayList.iterator();
        int i = 0;
        while (it.hasNext()) {
            Target target = (Target) it.next();
            String type = target.getType();
            String value = target.getValue();
            if (type.equals(Target.TARGET_TYPE_VALUE_QNAME)) {
                String convertToXpath = XMLUtil.convertToXpath(value);
                try {
                    NodeList selectNodeList = XPathAPI.selectNodeList(securableSoapMessage.getSOAPPart(), convertToXpath, securableSoapMessage.getNSContext());
                    i += selectNodeList.getLength();
                    verifyIfTargetsSigned(convertToArrayList(selectNodeList), listOfSignedElements, convertToXpath);
                } catch (Exception e) {
                    throw new XWSSecurityRuntimeException(e);
                }
            } else if (type.equals("xpath")) {
                try {
                    NodeList selectNodeList2 = XPathAPI.selectNodeList(securableSoapMessage.getSOAPPart(), value, securableSoapMessage.getNSContext());
                    i += selectNodeList2.getLength();
                    verifyIfTargetsSigned(convertToArrayList(selectNodeList2), listOfSignedElements, value);
                } catch (Exception e2) {
                    throw new XWSSecurityRuntimeException(e2);
                }
            } else if (type.equals("uri")) {
                try {
                    Element elementById = XMLUtil.getElementById(securableSoapMessage.getSOAPPart(), value);
                    ArrayList arrayList2 = new ArrayList();
                    if (elementById != null) {
                        arrayList2.add(elementById);
                        i++;
                    }
                    verifyIfTargetsSigned(arrayList2, listOfSignedElements, value);
                } catch (Exception e3) {
                    throw new XWSSecurityRuntimeException(e3);
                }
            } else {
                continue;
            }
        }
        Iterator it2 = listOfSignedElements.iterator();
        while (it2.hasNext()) {
            Node node = (Node) it2.next();
            if (!this.optionalNodeList.contains(node)) {
                throw new PolicyViolationException(new StringBuffer().append("Target for Signature: ").append(node.getLocalName()).append(" does not meet receiver requirements").toString());
            }
        }
    }

    private ArrayList getListOfSignedElements(SignedInfo signedInfo, SecurableSoapMessage securableSoapMessage) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < signedInfo.getLength(); i++) {
            try {
                arrayList.add(XMLUtil.getElementById(securableSoapMessage.getSOAPPart(), signedInfo.item(i).getURI().substring(1)));
            } catch (Exception e) {
                throw new XWSSecurityRuntimeException(e);
            }
        }
        return arrayList;
    }

    private void verifyIfTargetsSigned(ArrayList arrayList, ArrayList arrayList2, String str) throws PolicyViolationException {
        String stringBuffer = new StringBuffer().append("Receiver requirement for signature target: ").append(str).append(" , has not been met").toString();
        if (arrayList.isEmpty()) {
            throw new PolicyViolationException(stringBuffer);
        }
        for (int i = 0; i < arrayList.size(); i++) {
            if (!arrayList2.contains(arrayList.get(i))) {
                throw new PolicyViolationException(stringBuffer);
            }
            arrayList2.remove(arrayList.get(i));
        }
    }

    public void checkForDsCanonicalizationMethod(SignatureHeaderBlock signatureHeaderBlock, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        try {
            Node selectSingleNode = XPathAPI.selectSingleNode(signatureHeaderBlock.getAsSoapElement(), "ds:SignedInfo/ds:Reference/ds:Transforms/ds:Transform[@Algorithm=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform\"]", securableSoapMessage.getNSContext());
            if (null == selectSingleNode) {
                return;
            }
            try {
                if (null == XPathAPI.selectSingleNode(selectSingleNode, "wsse:TransformationParameters/ds:CanonicalizationMethod[@Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"]", securableSoapMessage.getNSContext())) {
                    XWSSecurityException xWSSecurityException = new XWSSecurityException("http://www.w3.org/2001/10/xml-exc-c14n# CanonicalizationMethod was expected as a TransformationParameter inside the STR-Transform");
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_UNSUPPORTED_ALGORITHM, xWSSecurityException.getMessage(), xWSSecurityException);
                }
            } catch (TransformerException e) {
                throw new XWSSecurityException(e);
            }
        } catch (TransformerException e2) {
            throw new XWSSecurityException(e2.getMessage(), e2);
        }
    }

    private ArrayList convertToArrayList(NodeList nodeList) {
        ArrayList arrayList = new ArrayList();
        if (nodeList != null) {
            for (int i = 0; i < nodeList.getLength(); i++) {
                arrayList.add(nodeList.item(i));
            }
        }
        return arrayList;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
