package org.apache.camel.component.xmlsecurity.processor;

import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.dsig.Manifest;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.camel.Exchange;
import org.apache.camel.Message;
import org.apache.camel.component.xmlsecurity.api.ValidationFailedHandler;
import org.apache.camel.component.xmlsecurity.api.XmlSignature2Message;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureFormatException;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureInvalidException;
import org.apache.camel.util.IOHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/camel/component/xmlsecurity/processor/XmlVerifierProcessor.class */
public class XmlVerifierProcessor extends XmlSignatureProcessor {
    private static final Logger LOG = LoggerFactory.getLogger(XmlVerifierProcessor.class);
    private final XmlVerifierConfiguration config;

    public XmlVerifierProcessor(XmlVerifierConfiguration xmlVerifierConfiguration) {
        this.config = xmlVerifierConfiguration;
    }

    @Override // org.apache.camel.component.xmlsecurity.processor.XmlSignatureProcessor
    public XmlVerifierConfiguration getConfiguration() {
        return this.config;
    }

    public void process(Exchange exchange) throws Exception {
        InputStream inputStream = (InputStream) exchange.getIn().getMandatoryBody(InputStream.class);
        try {
            try {
                Message out = exchange.getOut();
                out.copyFrom(exchange.getIn());
                verify(inputStream, out);
                clearMessageHeaders(out);
                IOHelper.close(inputStream, "input stream");
            } catch (Exception e) {
                exchange.setOut((Message) null);
                throw e;
            }
        } catch (Throwable th) {
            IOHelper.close(inputStream, "input stream");
            throw th;
        }
    }

    protected void verify(InputStream inputStream, Message message) throws Exception {
        XMLSignatureFactory xMLSignatureFactory;
        LOG.debug("Verification of XML signature document started");
        Document parseInput = parseInput(inputStream);
        Node signatureNode = getSignatureNode(parseInput);
        try {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
        } catch (NoSuchProviderException e) {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        }
        KeySelector keySelector = getConfiguration().getKeySelector();
        if (keySelector == null) {
            throw new IllegalStateException("Wrong configuration. Key selector is missing.");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(keySelector, signatureNode);
        dOMValidateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
        dOMValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
        if (getConfiguration().getSecureValidation() == Boolean.TRUE) {
            dOMValidateContext.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
            dOMValidateContext.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
        }
        setUriDereferencerAndBaseUri(dOMValidateContext);
        setCryptoContextProperties(dOMValidateContext);
        XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext);
        executeApplicationCheck(message, parseInput, unmarshalXMLSignature);
        try {
            boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
            boolean z = validate;
            if (!validate) {
                z = handleSignatureValidationFailed(dOMValidateContext, unmarshalXMLSignature);
            }
            if (!z) {
                throw new XmlSignatureInvalidException("");
            }
            LOG.debug("XML signature verified");
            map2Message(unmarshalXMLSignature, message, parseInput);
        } catch (XMLSignatureException e2) {
            throw getConfiguration().getValidationFailedHandler().onXMLSignatureException(e2);
        }
    }

    private void executeApplicationCheck(final Message message, final Document document, final XMLSignature xMLSignature) throws Exception {
        if (getConfiguration().getXmlSignatureChecker() != null) {
            getConfiguration().getXmlSignatureChecker().checkBeforeCoreValidation(new XmlSignatureChecker.Input() { // from class: org.apache.camel.component.xmlsecurity.processor.XmlVerifierProcessor.1
                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public SignedInfo getSignedInfo() {
                    return xMLSignature.getSignedInfo();
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public XMLSignature.SignatureValue getSignatureValue() {
                    return xMLSignature.getSignatureValue();
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public List<? extends XMLObject> getObjects() {
                    return xMLSignature.getObjects();
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public Document getMessageBodyDocument() {
                    return document;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public Message getMessage() {
                    return message;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public KeyInfo getKeyInfo() {
                    return xMLSignature.getKeyInfo();
                }
            });
        }
    }

    private void map2Message(XMLSignature xMLSignature, Message message, final Document document) throws Exception {
        final ArrayList arrayList = new ArrayList(xMLSignature.getSignedInfo().getReferences());
        final ArrayList arrayList2 = new ArrayList(xMLSignature.getObjects());
        getConfiguration().getXmlSignature2Message().mapToMessage(new XmlSignature2Message.Input() { // from class: org.apache.camel.component.xmlsecurity.processor.XmlVerifierProcessor.2
            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public List<Reference> getReferences() {
                return arrayList;
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public List<XMLObject> getObjects() {
                return arrayList2;
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public Document getMessageBodyDocument() {
                return document;
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public Boolean omitXmlDeclaration() {
                return XmlVerifierProcessor.this.getConfiguration().getOmitXmlDeclaration();
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public Object getOutputNodeSearch() {
                return XmlVerifierProcessor.this.getConfiguration().getOutputNodeSearch();
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public String getOutputNodeSearchType() {
                return XmlVerifierProcessor.this.getConfiguration().getOutputNodeSearchType();
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public Boolean getRemoveSignatureElements() {
                return XmlVerifierProcessor.this.getConfiguration().getRemoveSignatureElements();
            }
        }, message);
    }

    private Node getSignatureNode(Document document) throws IOException, ParserConfigurationException, XmlSignatureFormatException {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new XmlSignatureFormatException("Message is not a correct XML signature document: 'Signature' element is missing. Check the sent message.");
        }
        if (elementsByTagNameNS.getLength() != 1) {
            throw new XmlSignatureFormatException("XML signature document is not supported; it contains more than one signature element. Check the sent message.");
        }
        Node item = elementsByTagNameNS.item(0);
        LOG.debug("Signature element found");
        return item;
    }

    protected boolean handleSignatureValidationFailed(DOMValidateContext dOMValidateContext, XMLSignature xMLSignature) throws Exception {
        ValidationFailedHandler validationFailedHandler = getConfiguration().getValidationFailedHandler();
        LOG.debug("handleSignatureValidationFailed called");
        try {
            validationFailedHandler.start();
            XMLSignature.SignatureValue signatureValue = xMLSignature.getSignatureValue();
            if (!signatureValue.validate(dOMValidateContext)) {
                validationFailedHandler.signatureValueValidationFailed(signatureValue);
            }
            for (Reference reference : xMLSignature.getSignedInfo().getReferences()) {
                if (!reference.validate(dOMValidateContext)) {
                    validationFailedHandler.referenceValidationFailed(reference);
                }
            }
            if (Boolean.TRUE.equals(dOMValidateContext.getProperty("org.jcp.xml.dsig.validateManifests"))) {
                Iterator it = xMLSignature.getObjects().iterator();
                while (it.hasNext()) {
                    for (Manifest manifest : ((XMLObject) it.next()).getContent()) {
                        if (manifest instanceof Manifest) {
                            for (Reference reference2 : manifest.getReferences()) {
                                if (!reference2.validate(dOMValidateContext)) {
                                    validationFailedHandler.manifestReferenceValidationFailed(reference2);
                                }
                            }
                        }
                    }
                }
            }
            boolean ignoreCoreValidationFailure = validationFailedHandler.ignoreCoreValidationFailure();
            LOG.debug("Ignore Core Validation failure: {}", Boolean.valueOf(ignoreCoreValidationFailure));
            validationFailedHandler.end();
            return ignoreCoreValidationFailure;
        } catch (Throwable th) {
            validationFailedHandler.end();
            throw th;
        }
    }

    protected Document parseInput(InputStream inputStream) throws XmlSignatureFormatException, ParserConfigurationException, IOException {
        try {
            return XmlSignatureHelper.newDocumentBuilder(getConfiguration().getDisallowDoctypeDecl()).parse(inputStream);
        } catch (SAXException e) {
            throw new XmlSignatureFormatException("Message has wrong format, it is not a XML signature document. Check the sent message.", e);
        }
    }
}
