package org.n52.security.service.crypto;

import java.io.ByteArrayInputStream;
import java.util.Map;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAP11Constants;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.n52.security.common.crypto.KeyPair;
import org.n52.security.common.xml.DOMParser;
import org.n52.security.common.xml.DOMSerializer;
import org.n52.security.common.xml.DocumentTraverser;
import org.n52.security.common.xml.DocumentVisitorAdapter;
import org.n52.security.common.xml.XMLNamespaceAttributeDeclarationRemover;
import org.n52.security.common.xml.XMLPathCtx;
import org.n52.security.common.xml.XMLPrefixRemover;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/n52/security/service/crypto/SoapMessageSecurer.class */
public class SoapMessageSecurer implements SoapDocumentSecurer {
    private static final Log LOG;
    private KeyPair mKeyPair;
    private boolean mEmbeddCertificateAsBinarySecurityToken;
    private boolean mEmbeddCertificateAsX509KeyIdentifier;
    static Class class$org$n52$security$service$crypto$SoapMessageSecurer;
    private String mSignatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    private int m_timeToLive = 10;
    private boolean m_removePrefixes = false;
    private boolean m_removeNamespaceDeclarations = false;

    public SoapMessageSecurer() {
    }

    public SoapMessageSecurer(KeyPair keyPair) {
        if (keyPair == null) {
            throw new IllegalArgumentException("<keyPair> must not null");
        }
        this.mKeyPair = keyPair;
    }

    protected Crypto getCrypto() {
        return new SingleKeyPairCrypto(getKeyPair());
    }

    protected String getKeyAlias() {
        return getKeyPair().getAlias();
    }

    public KeyPair getKeyPair() {
        return this.mKeyPair;
    }

    public void setKeyPair(KeyPair keyPair) {
        this.mKeyPair = keyPair;
    }

    public String getSignatureAlgorithm() {
        return this.mSignatureAlgorithm;
    }

    public void setSignatureAlgorithm(String str) {
        this.mSignatureAlgorithm = str;
    }

    public boolean isEmbeddCertificateAsBinarySecurityToken() {
        return this.mEmbeddCertificateAsBinarySecurityToken;
    }

    public void setEmbeddCertificateAsBinarySecurityToken(boolean z) {
        this.mEmbeddCertificateAsBinarySecurityToken = z;
        if (this.mEmbeddCertificateAsBinarySecurityToken) {
            setEmbeddCertificateAsX509KeyIdentifier(false);
        }
    }

    public boolean isEmbeddCertificateAsSerialIssuer() {
        return (isEmbeddCertificateAsBinarySecurityToken() || isEmbeddCertificateAsX509KeyIdentifier()) ? false : true;
    }

    public void setEmbeddCertificateAsSerialIssuer(boolean z) {
        if (z) {
            setEmbeddCertificateAsBinarySecurityToken(false);
            setEmbeddCertificateAsX509KeyIdentifier(false);
        }
    }

    public boolean isEmbeddCertificateAsX509KeyIdentifier() {
        return this.mEmbeddCertificateAsX509KeyIdentifier;
    }

    public void setEmbeddCertificateAsX509KeyIdentifier(boolean z) {
        this.mEmbeddCertificateAsX509KeyIdentifier = z;
        if (this.mEmbeddCertificateAsX509KeyIdentifier) {
            setEmbeddCertificateAsBinarySecurityToken(false);
        }
    }

    public int getTimeToLive() {
        return this.m_timeToLive;
    }

    public void setTimeToLive(int i) {
        this.m_timeToLive = i;
    }

    public boolean isRemovePrefixes() {
        return this.m_removePrefixes;
    }

    public void setRemovePrefixes(boolean z) {
        this.m_removePrefixes = z;
    }

    public boolean isRemoveNamespaceDeclarations() {
        return this.m_removeNamespaceDeclarations;
    }

    public void setRemoveNamespaceDeclarations(boolean z) {
        this.m_removeNamespaceDeclarations = z;
    }

    @Override // org.n52.security.service.crypto.SoapDocumentSecurer
    public Document secure(Document document, Map map) throws SecuringException {
        SOAP11Constants sOAP11Constants;
        if (LOG.isTraceEnabled()) {
            LOG.trace(new StringBuffer().append("SoapMessageSecurer.secure ").append(DOMSerializer.createNew().serializeToString(document)).toString());
        }
        try {
            String namespaceURI = document.getDocumentElement().getNamespaceURI();
            if (SOAPConstants.SOAP11_CONSTANTS.getEnvelopeURI().equals(namespaceURI)) {
                sOAP11Constants = SOAPConstants.SOAP11_CONSTANTS;
            } else {
                if (!SOAPConstants.SOAP12_CONSTANTS.getEnvelopeURI().equals(namespaceURI)) {
                    throw new IllegalArgumentException(new StringBuffer().append("Expectes SOAP 1.1 or SOAP 1.2 document. But document with namespace <").append(namespaceURI).append("> was given.").toString());
                }
                sOAP11Constants = SOAPConstants.SOAP12_CONSTANTS;
            }
            Document normalize = normalize(document, namespaceURI);
            if (normalize.getDocumentElement().getPrefix() == null) {
                normalize.getDocumentElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:soap", namespaceURI);
            }
            WSSecHeader wSSecHeader = new WSSecHeader();
            wSSecHeader.insertSecurityHeader(normalize);
            if (getTimeToLive() > 0) {
                WSSecTimestamp wSSecTimestamp = new WSSecTimestamp();
                wSSecTimestamp.setTimeToLive(getTimeToLive());
                wSSecTimestamp.prepare(normalize);
                wSSecTimestamp.prependToHeader(wSSecHeader);
            }
            WSSecSignature wSSecSignature = new WSSecSignature();
            if (getKeyAlias() != null) {
                wSSecSignature.setUserInfo(getKeyAlias(), "");
            }
            if (isEmbeddCertificateAsBinarySecurityToken()) {
                wSSecSignature.setKeyIdentifierType(1);
            } else if (isEmbeddCertificateAsX509KeyIdentifier()) {
                wSSecSignature.setKeyIdentifierType(3);
            } else {
                wSSecSignature.setKeyIdentifierType(2);
            }
            wSSecSignature.setSignatureAlgorithm(getSignatureAlgorithm());
            wSSecSignature.prepare(normalize, getCrypto(), wSSecHeader);
            Vector vector = new Vector();
            addPartsToSign(sOAP11Constants, wSSecHeader, vector);
            wSSecSignature.addReferencesToSign(vector, wSSecHeader);
            wSSecSignature.prependToHeader(wSSecHeader);
            if (isEmbeddCertificateAsBinarySecurityToken()) {
                wSSecSignature.prependBSTElementToHeader(wSSecHeader);
            }
            removeDuplicatedXMLNSWSSEDeclarations(wSSecHeader.getSecurityHeader());
            wSSecSignature.computeSignature();
            if (LOG.isTraceEnabled()) {
                LOG.trace(new StringBuffer().append("SoapMessageSecurer.secured: ").append(DOMSerializer.createNew().serializeToString(normalize)).toString());
            }
            return normalize;
        } catch (WSSecurityException e) {
            throw new SecuringException((Throwable) e);
        }
    }

    private void removeDuplicatedXMLNSWSSEDeclarations(Element element) {
        new DocumentTraverser().traverseDepthFirst(element, new DocumentVisitorAdapter(this) { // from class: org.n52.security.service.crypto.SoapMessageSecurer.1
            boolean firstFound = false;
            private final SoapMessageSecurer this$0;

            {
                this.this$0 = this;
            }

            public void visit(Attr attr) {
                if (attr.getName().startsWith("xmlns") && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(attr.getValue())) {
                    if (this.firstFound) {
                        attr.getOwnerElement().removeAttributeNode(attr);
                    } else {
                        this.firstFound = true;
                    }
                }
            }
        });
    }

    protected void addPartsToSign(SOAPConstants sOAPConstants, WSSecHeader wSSecHeader, Vector vector) {
        vector.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        WSEncryptionPart checkForSAMLSecurityToken = checkForSAMLSecurityToken(wSSecHeader);
        if (checkForSAMLSecurityToken != null) {
            vector.add(checkForSAMLSecurityToken);
        }
    }

    protected WSEncryptionPart checkForSAMLSecurityToken(WSSecHeader wSSecHeader) {
        Element element = (Element) XMLPathCtx.createNew().addNamespace("saml2", "urn:oasis:names:tc:SAML:2.0:assertion").findIn(wSSecHeader.getSecurityHeader()).node("./saml2:Assertion").get();
        if (element == null) {
            return null;
        }
        String attribute = element.getAttribute("ID");
        WSSecurityUtil.setNamespace(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
        element.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", attribute);
        return new WSEncryptionPart(attribute, "Content");
    }

    protected Document normalize(Document document, String str) throws SecuringException {
        try {
            if (isRemoveNamespaceDeclarations() || isRemoveNamespaceDeclarations()) {
                Node node = XMLPathCtx.createNew().addNamespace("s", str).findIn(document).node("/s:Envelope/s:Body/*").get();
                if (isRemovePrefixes()) {
                    new XMLPrefixRemover().removePrefixes((Element) node);
                }
                if (isRemoveNamespaceDeclarations()) {
                    new XMLNamespaceAttributeDeclarationRemover().removeNSDecls((Element) node);
                }
            }
            return DOMParser.createNew().parse(new InputSource(new ByteArrayInputStream(DOMSerializer.createNew().serializeToBytes(document))));
        } catch (Exception e) {
            throw new SecuringException(e);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$service$crypto$SoapMessageSecurer == null) {
            cls = class$("org.n52.security.service.crypto.SoapMessageSecurer");
            class$org$n52$security$service$crypto$SoapMessageSecurer = cls;
        } else {
            cls = class$org$n52$security$service$crypto$SoapMessageSecurer;
        }
        LOG = LogFactory.getLog(cls);
    }
}
