package xsul.dsig.globus;

import java.io.ByteArrayOutputStream;
import java.security.cert.X509Certificate;
import org.apache.shiro.config.Ini;
import org.apache.xml.security.Init;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.GlobusCredentialException;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import xsul.MLogger;
import xsul.XsulException;
import xsul.dsig.SOAPEnvelopeSigner;
import xsul.dsig.globus.security.authentication.SOAPBodyIdResolver;
import xsul.dsig.globus.security.authentication.wssec.PKIPathSecurityToken;
import xsul.dsig.globus.security.authentication.wssec.Reference;
import xsul.dsig.globus.security.authentication.wssec.SecurityTokenReference;
import xsul.dsig.globus.security.authentication.wssec.WSSecurityUtil;

/* loaded from: input_file:WEB-INF/lib/xsul-2.10.5_b.jar:xsul/dsig/globus/GlobusCredSOAPEnvelopeSigner.class */
public class GlobusCredSOAPEnvelopeSigner extends SOAPEnvelopeSigner {
    private static final MLogger logger = MLogger.getLogger();
    private static GlobusCredSOAPEnvelopeSigner instance;
    protected GlobusCredential cred;

    public static synchronized SOAPEnvelopeSigner getInstance() {
        if (instance == null) {
            instance = new GlobusCredSOAPEnvelopeSigner();
        }
        return instance;
    }

    public static SOAPEnvelopeSigner getInstance(GlobusCredential globusCredential) throws XsulException {
        if (globusCredential == null) {
            throw new XsulException("globus credential can not be null");
        }
        return new GlobusCredSOAPEnvelopeSigner(globusCredential);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GlobusCredSOAPEnvelopeSigner() {
        useGlobusCredentialbyDefault();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GlobusCredSOAPEnvelopeSigner(GlobusCredential globusCredential) {
        if (globusCredential == null) {
            throw new IllegalArgumentException();
        }
        this.cred = globusCredential;
    }

    public GlobusCredential getGlobusCredential() {
        return this.cred;
    }

    private GlobusCredential useGlobusCredentialbyDefault() throws XsulException {
        try {
            this.cred = GlobusCredential.getDefaultCredential();
            return this.cred;
        } catch (GlobusCredentialException e) {
            throw new XsulException("could not obtain default globus credential", e);
        }
    }

    protected ResourceResolverSpi getResourceResolver() {
        return SOAPBodyIdResolver.getInstance();
    }

    @Override // xsul.dsig.SOAPEnvelopeSigner
    public Document signSoapMessage(Document document) throws XsulException {
        try {
            Element element = (Element) document.getFirstChild();
            if (logger.isFinestEnabled()) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                XMLUtils.outputDOM(element, byteArrayOutputStream);
                logger.finest("rootElemen=\n" + byteArrayOutputStream.toString());
            }
            Element element2 = (Element) element.getFirstChild();
            Element element3 = (Element) WSSecurityUtil.getDirectChild(element, "Header", "http://schemas.xmlsoap.org/soap/envelope/");
            if (element3 == null) {
                logger.finest(">>>>>>> cannot find header. making new header. ");
                element3 = document.createElementNS("http://schemas.xmlsoap.org/soap/envelope/", "Header");
                element3.setPrefix(element.getPrefix());
                element.insertBefore(element3, element2);
            }
            Element element4 = (Element) WSSecurityUtil.getDirectChild(element3, "Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            if (element4 == null) {
                logger.finest("\n>>>>>>> cannot find wssec. making new wssec. ");
                element4 = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Security");
                element3.appendChild(element4);
            }
            String addBodyID = addBodyID(document);
            String str = "token" + System.currentTimeMillis();
            XMLSignature xMLSignature = new XMLSignature(document, "http://extreme.indiana.edu/xmlsecurity", "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/10/xml-exc-c14n#");
            xMLSignature.getSignedInfo().addResourceResolver(getResourceResolver());
            Transforms transforms = new Transforms(document);
            transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
            xMLSignature.addDocument(Ini.COMMENT_POUND + addBodyID, transforms);
            Reference reference = new Reference(document);
            reference.setURI(Ini.COMMENT_POUND + str);
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
            securityTokenReference.setReference(reference);
            xMLSignature.getKeyInfo().addUnknownElement(securityTokenReference.getElement());
            if (getGlobusCredential() == null) {
                throw new XsulException("Globus Credential not found!");
            }
            xMLSignature.sign(this.cred.getPrivateKey());
            X509Certificate[] certificateChain = this.cred.getCertificateChain();
            logger.finest("signed with cred=" + this.cred);
            PKIPathSecurityToken pKIPathSecurityToken = new PKIPathSecurityToken(document);
            pKIPathSecurityToken.setX509Certificates(certificateChain, true);
            pKIPathSecurityToken.setID(str);
            Element element5 = (Element) element4.getFirstChild();
            if (element5 != null) {
                logger.finest("inserting signature after assertion");
                element4.insertBefore(pKIPathSecurityToken.getElement(), element5);
                element4.insertBefore(xMLSignature.getElement(), element5);
            } else {
                element4.appendChild(pKIPathSecurityToken.getElement());
                element4.appendChild(xMLSignature.getElement());
            }
            logger.finest("new sig verified ?: " + xMLSignature.getSignedInfo().verify(false));
            return document;
        } catch (Exception e) {
            throw new XsulException("could not sign message " + e, e);
        }
    }

    protected boolean doAdditionalSigning(Element element, PKIPathSecurityToken pKIPathSecurityToken, XMLSignature xMLSignature) throws DOMException {
        return false;
    }

    static {
        Init.init();
    }
}
