package org.opensaml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
import org.apache.xml.security.transforms.params.XPath2FilterContainer;
import org.apache.xml.security.utils.Constants;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/opensaml/SAMLSignedObject.class */
public abstract class SAMLSignedObject extends SAMLObject implements Cloneable {
    private XMLSignature sig = null;
    private boolean sig_from_parse = false;

    public Object getNativeSignature() {
        return this.sig;
    }

    @Override // org.opensaml.SAMLObject
    public void fromDOM(Element element) throws SAMLException {
        Node node;
        super.fromDOM(element);
        Node firstChild = element.getFirstChild();
        while (true) {
            node = firstChild;
            if (node == null || (node.getNodeType() == 1 && XML.isElementNamed((Element) node, "http://www.w3.org/2000/09/xmldsig#", Constants._TAG_SIGNATURE))) {
                break;
            } else {
                firstChild = node.getNextSibling();
            }
        }
        if (node != null) {
            try {
                this.sig = new XMLSignature((Element) node, null);
                this.sig_from_parse = true;
            } catch (IOException e) {
                throw new InvalidCryptoException(new StringBuffer("SAMLSignedObject.fromDOM() detected an I/O exception: ").append(e.getMessage()).toString(), e);
            } catch (XMLSecurityException e2) {
                throw new InvalidCryptoException(new StringBuffer("SAMLSignedObject.fromDOM() detected an XML security exception: ").append(e2.getMessage()).toString(), e2);
            }
        }
    }

    @Override // org.opensaml.SAMLObject
    public Node toDOM() throws DOMException {
        return this.root != null ? this.root : this.sig != null ? toDOM(this.sig.getDocument()) : super.toDOM();
    }

    protected abstract void insertSignature() throws SAMLException;

    /* JADX INFO: Access modifiers changed from: protected */
    public Element getSignatureElement() {
        if (this.sig != null) {
            return this.sig.getElement();
        }
        return null;
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [java.lang.String[], java.lang.String[][]] */
    public void sign(String str, Key key, Collection collection, boolean z) throws SAMLException {
        if (isSigned()) {
            throw new InvalidCryptoException("SAMLSignedObject.sign() can't sign object a second time");
        }
        toDOM();
        plantRoot();
        try {
            this.sig = new XMLSignature(this.root.getOwnerDocument(), null, str);
            insertSignature();
            Transforms transforms = new Transforms(this.sig.getDocument());
            if (z) {
                transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
            } else {
                transforms.setXPathNamespaceContext("ds", "http://www.w3.org/2000/09/xmldsig#");
                transforms.setXPathNamespaceContext("signs", this.root.getNamespaceURI());
                transforms.addTransform("http://www.w3.org/2002/06/xmldsig-filter2", XPath2FilterContainer.newInstances(this.sig.getDocument(), new String[]{new String[]{XPath2FilterContainer.INTERSECT, new StringBuffer("here()/ancestor::signs:").append(this.root.getLocalName()).append("[1]").toString()}, new String[]{XPath2FilterContainer.SUBTRACT, "here()/ancestor::ds:Signature[1]"}}));
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                transforms.item(1).getElement().appendChild(new InclusiveNamespaces(this.root.getOwnerDocument(), this.config.getProperty("inclusive-namespace-prefixes")).getElement());
            }
            this.sig.addDocument("", transforms);
            X509Data x509Data = new X509Data(this.root.getOwnerDocument());
            if (collection != null) {
                for (Object obj : collection) {
                    if (obj instanceof X509Certificate) {
                        x509Data.addCertificate((X509Certificate) obj);
                    }
                }
            }
            if (x509Data.lengthCertificate() > 0) {
                KeyInfo keyInfo = new KeyInfo(this.root.getOwnerDocument());
                keyInfo.add(x509Data);
                this.sig.getElement().appendChild(keyInfo.getElement());
            }
            this.sig.sign(key);
        } catch (XMLSecurityException e) {
            throw new InvalidCryptoException(new StringBuffer("SAMLSignedObject.sign() detected an XML security exception: ").append(e.getMessage()).toString(), e);
        }
    }

    public void verify(boolean z) throws SAMLException {
        verify((Key) null, z);
    }

    public void verify(Certificate certificate, boolean z) throws SAMLException {
        verify(certificate.getPublicKey(), z);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void verify(Key key, boolean z) throws SAMLException {
        if (!isSigned()) {
            throw new InvalidCryptoException("SAMLSignedObject.verify() can't verify unsigned object");
        }
        try {
            boolean z2 = false;
            SignedInfo signedInfo = this.sig.getSignedInfo();
            if (signedInfo.getLength() == 1) {
                Reference item = signedInfo.item(0);
                if (item.getURI() == null || item.getURI().equals("")) {
                    Transforms transforms = item.getTransforms();
                    if (z) {
                        z2 = transforms.getLength() == 1 && transforms.item(0).getURI().equals("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
                    } else if (transforms.getLength() == 2 && transforms.item(0).getURI().equals("http://www.w3.org/2002/06/xmldsig-filter2") && transforms.item(1).getURI().equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
                        NodeList elementsByTagNameNS = transforms.item(0).getElement().getElementsByTagNameNS("http://www.w3.org/2002/06/xmldsig-filter2", "XPath");
                        if (elementsByTagNameNS.getLength() == 2) {
                            XPath2FilterContainer newInstance = XPath2FilterContainer.newInstance((Element) elementsByTagNameNS.item(0), null);
                            XPath2FilterContainer newInstance2 = XPath2FilterContainer.newInstance((Element) elementsByTagNameNS.item(1), null);
                            z2 = newInstance.isIntersect() && newInstance.getXPathFilterStr().trim().equals(new StringBuffer("here()/ancestor::signs:").append(this.root.getLocalName()).append("[1]").toString()) && newInstance2.isSubtract() && newInstance2.getXPathFilterStr().trim().equals("here()/ancestor::ds:Signature[1]");
                        }
                    }
                }
            }
            if (!z2) {
                throw new InvalidCryptoException("SAMLSignedObject.verify() detected an invalid set of signature Transforms");
            }
            if (key == null) {
                if (this.sig_from_parse) {
                    key = this.sig.getKeyInfo().getPublicKey();
                } else {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byteArrayOutputStream.write(Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315").canonicalizeSubtree(this.sig.getElement().getLastChild()));
                    System.err.write(byteArrayOutputStream.toByteArray());
                    key = new KeyInfo(XML.parserPool.parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).getDocumentElement(), null).getPublicKey();
                }
            }
            if (!this.sig.checkSignatureValue(key)) {
                throw new InvalidCryptoException("SAMLSignedObject.verify() failed to validate signature value");
            }
        } catch (IOException e) {
            throw new InvalidCryptoException(new StringBuffer("SAMLSignedObject.verify() detected an I/O exception: ").append(e.getMessage()).toString(), e);
        } catch (XMLSecurityException e2) {
            throw new InvalidCryptoException(new StringBuffer("SAMLSignedObject.verify() detected an XML security exception: ").append(e2.getMessage()).toString(), e2);
        } catch (SAXException e3) {
            throw new InvalidCryptoException(new StringBuffer("SAMLSignedObject.verify() detected a XML parsing exception: ").append(e3.getMessage()).toString(), e3);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public Iterator getX509Certificates() throws SAMLException {
        if (!isSigned()) {
            throw new InvalidCryptoException("SAMLSignedObject.getX509Certificates() can't examine unsigned object");
        }
        KeyInfo keyInfo = this.sig.getKeyInfo();
        if (keyInfo.containsX509Data()) {
            try {
                X509Data itemX509Data = keyInfo.itemX509Data(0);
                if (itemX509Data.containsCertificate()) {
                    ArrayList arrayList = new ArrayList(itemX509Data.lengthCertificate());
                    for (int i = 0; i < itemX509Data.lengthCertificate(); i++) {
                        arrayList.add(itemX509Data.itemCertificate(i).getX509Certificate());
                    }
                    return arrayList.iterator();
                }
            } catch (XMLSecurityException e) {
                throw new InvalidCryptoException(new StringBuffer("SAMLSignedObject.getX509Certificates() detected an XML security exception: ").append(e.getMessage()).toString(), e);
            }
        }
        throw new InvalidCryptoException("SAMLSignedObject.getX509Certificates() can't find any X.509 certificates in signature");
    }

    public String getSignatureAlgorithm() throws SAMLException {
        if (isSigned()) {
            return this.sig.getSignedInfo().getSignatureMethodURI();
        }
        throw new InvalidCryptoException("SAMLSignedObject.getSignatureAlgorithm() can't examine unsigned object");
    }

    public boolean isSigned() {
        return this.sig != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.SAMLObject
    public Object clone() throws CloneNotSupportedException {
        SAMLSignedObject sAMLSignedObject = (SAMLSignedObject) super.clone();
        sAMLSignedObject.sig = null;
        return sAMLSignedObject;
    }
}
