package org.apache.camel.component.xmlsecurity.processor;

import java.io.InputStream;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.dsig.Manifest;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.transform.Result;
import javax.xml.validation.Schema;
import org.apache.camel.CamelContext;
import org.apache.camel.Exchange;
import org.apache.camel.Message;
import org.apache.camel.component.xmlsecurity.api.ValidationFailedHandler;
import org.apache.camel.component.xmlsecurity.api.XmlSignature2Message;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureFormatException;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureInvalidException;
import org.apache.camel.support.processor.validation.DefaultValidationErrorHandler;
import org.apache.camel.util.IOHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.ErrorHandler;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/camel/component/xmlsecurity/processor/XmlVerifierProcessor.class */
public class XmlVerifierProcessor extends XmlSignatureProcessor {
    private static final Logger LOG = LoggerFactory.getLogger(XmlVerifierProcessor.class);
    private final XmlVerifierConfiguration config;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/camel/component/xmlsecurity/processor/XmlVerifierProcessor$CheckerInputBuilder.class */
    public static class CheckerInputBuilder {
        private boolean xmlSchemaValidationExecuted;
        private int totalCountOfSignatures;
        private SignedInfo signedInfo;
        private XMLSignature.SignatureValue signatureValue;
        private List<? extends XMLObject> objects;
        private Document messageBodyDocument;
        private Message message;
        private KeyInfo keyInfo;
        private Element currentSignatureElement;
        private int currentCountOfSignatures;

        CheckerInputBuilder() {
        }

        CheckerInputBuilder xmlSchemaValidationExecuted(boolean z) {
            this.xmlSchemaValidationExecuted = z;
            return this;
        }

        CheckerInputBuilder totalCountOfSignatures(int i) {
            this.totalCountOfSignatures = i;
            return this;
        }

        CheckerInputBuilder signedInfo(SignedInfo signedInfo) {
            this.signedInfo = signedInfo;
            return this;
        }

        CheckerInputBuilder signatureValue(XMLSignature.SignatureValue signatureValue) {
            this.signatureValue = signatureValue;
            return this;
        }

        CheckerInputBuilder objects(List<? extends XMLObject> list) {
            this.objects = list;
            return this;
        }

        CheckerInputBuilder messageBodyDocument(Document document) {
            this.messageBodyDocument = document;
            return this;
        }

        CheckerInputBuilder message(Message message) {
            this.message = message;
            return this;
        }

        CheckerInputBuilder keyInfo(KeyInfo keyInfo) {
            this.keyInfo = keyInfo;
            return this;
        }

        CheckerInputBuilder currentSignatureElement(Element element) {
            this.currentSignatureElement = element;
            return this;
        }

        CheckerInputBuilder currentCountOfSignatures(int i) {
            this.currentCountOfSignatures = i;
            return this;
        }

        XmlSignatureChecker.Input build() {
            return new XmlSignatureChecker.Input() { // from class: org.apache.camel.component.xmlsecurity.processor.XmlVerifierProcessor.CheckerInputBuilder.1
                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public boolean isXmlSchemaValidationExecuted() {
                    return CheckerInputBuilder.this.xmlSchemaValidationExecuted;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public int getTotalCountOfSignatures() {
                    return CheckerInputBuilder.this.totalCountOfSignatures;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public SignedInfo getSignedInfo() {
                    return CheckerInputBuilder.this.signedInfo;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public XMLSignature.SignatureValue getSignatureValue() {
                    return CheckerInputBuilder.this.signatureValue;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public List<? extends XMLObject> getObjects() {
                    return CheckerInputBuilder.this.objects;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public Document getMessageBodyDocument() {
                    return CheckerInputBuilder.this.messageBodyDocument;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public Message getMessage() {
                    return CheckerInputBuilder.this.message;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public KeyInfo getKeyInfo() {
                    return CheckerInputBuilder.this.keyInfo;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public Element getCurrentSignatureElement() {
                    return CheckerInputBuilder.this.currentSignatureElement;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureChecker.Input
                public int getCurrentCountOfSignatures() {
                    return CheckerInputBuilder.this.currentCountOfSignatures;
                }
            };
        }
    }

    public XmlVerifierProcessor(CamelContext camelContext, XmlVerifierConfiguration xmlVerifierConfiguration) {
        super(camelContext);
        this.config = xmlVerifierConfiguration;
    }

    @Override // org.apache.camel.component.xmlsecurity.processor.XmlSignatureProcessor
    public XmlVerifierConfiguration getConfiguration() {
        return this.config;
    }

    public void process(Exchange exchange) throws Exception {
        InputStream inputStream = (InputStream) exchange.getIn().getMandatoryBody(InputStream.class);
        try {
            try {
                Message out = exchange.getOut();
                out.copyFrom(exchange.getIn());
                verify(inputStream, out);
                clearMessageHeaders(out);
                IOHelper.close(inputStream, "input stream");
            } catch (Exception e) {
                exchange.setOut((Message) null);
                throw e;
            }
        } catch (Throwable th) {
            IOHelper.close(inputStream, "input stream");
            throw th;
        }
    }

    protected void verify(InputStream inputStream, Message message) throws Exception {
        XMLSignatureFactory xMLSignatureFactory;
        LOG.debug("Verification of XML signature document started");
        Document parseInput = parseInput(inputStream, message);
        try {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
        } catch (NoSuchProviderException e) {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        }
        KeySelector keySelector = getConfiguration().getKeySelector();
        if (keySelector == null) {
            throw new IllegalStateException("Wrong configuration. Key selector is missing.");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(keySelector, parseInput);
        dOMValidateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
        dOMValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE);
        if (getConfiguration().getSecureValidation() == Boolean.TRUE) {
            dOMValidateContext.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
            dOMValidateContext.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
        }
        setUriDereferencerAndBaseUri(dOMValidateContext);
        setCryptoContextProperties(dOMValidateContext);
        NodeList signatureNodes = getSignatureNodes(parseInput);
        ArrayList arrayList = new ArrayList(3);
        ArrayList arrayList2 = new ArrayList(3);
        int length = signatureNodes.getLength();
        for (int i = 0; i < length; i++) {
            Element element = (Element) signatureNodes.item(i);
            dOMValidateContext.setNode(element);
            XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext);
            if (getConfiguration().getXmlSignatureChecker() != null) {
                getConfiguration().getXmlSignatureChecker().checkBeforeCoreValidation(new CheckerInputBuilder().message(message).messageBodyDocument(parseInput).keyInfo(unmarshalXMLSignature.getKeyInfo()).currentCountOfSignatures(i + 1).currentSignatureElement(element).objects(unmarshalXMLSignature.getObjects()).signatureValue(unmarshalXMLSignature.getSignatureValue()).signedInfo(unmarshalXMLSignature.getSignedInfo()).totalCountOfSignatures(length).xmlSchemaValidationExecuted(getSchemaResourceUri(message) != null).build());
            }
            try {
                boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
                boolean z = validate;
                if (!validate) {
                    z = handleSignatureValidationFailed(dOMValidateContext, unmarshalXMLSignature);
                }
                if (!z) {
                    throw new XmlSignatureInvalidException("XML signature validation failed");
                }
                LOG.debug("XML signature {} verified", Integer.valueOf(i + 1));
                arrayList.addAll(unmarshalXMLSignature.getObjects());
                arrayList2.addAll(unmarshalXMLSignature.getSignedInfo().getReferences());
            } catch (XMLSignatureException e2) {
                throw getConfiguration().getValidationFailedHandler().onXMLSignatureException(e2);
            }
        }
        map2Message(arrayList2, arrayList, message, parseInput);
    }

    private void map2Message(final List<Reference> list, final List<XMLObject> list2, Message message, final Document document) throws Exception {
        getConfiguration().getXmlSignature2Message().mapToMessage(new XmlSignature2Message.Input() { // from class: org.apache.camel.component.xmlsecurity.processor.XmlVerifierProcessor.1
            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public List<Reference> getReferences() {
                return list;
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public List<XMLObject> getObjects() {
                return list2;
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public Document getMessageBodyDocument() {
                return document;
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public Boolean omitXmlDeclaration() {
                return XmlVerifierProcessor.this.getConfiguration().getOmitXmlDeclaration();
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public Object getOutputNodeSearch() {
                return XmlVerifierProcessor.this.getConfiguration().getOutputNodeSearch();
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public String getOutputNodeSearchType() {
                return XmlVerifierProcessor.this.getConfiguration().getOutputNodeSearchType();
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public Boolean getRemoveSignatureElements() {
                return XmlVerifierProcessor.this.getConfiguration().getRemoveSignatureElements();
            }

            @Override // org.apache.camel.component.xmlsecurity.api.XmlSignature2Message.Input
            public String getOutputXmlEncoding() {
                return XmlVerifierProcessor.this.getConfiguration().getOutputXmlEncoding();
            }
        }, message);
    }

    private NodeList getSignatureNodes(Document document) throws XmlSignatureFormatException {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new XmlSignatureFormatException("Message is not a correct XML signature document: 'Signature' element is missing. Check the sent message.");
        }
        LOG.debug("{} signature elements found", Integer.valueOf(elementsByTagNameNS.getLength()));
        return elementsByTagNameNS;
    }

    protected boolean handleSignatureValidationFailed(DOMValidateContext dOMValidateContext, XMLSignature xMLSignature) throws Exception {
        ValidationFailedHandler validationFailedHandler = getConfiguration().getValidationFailedHandler();
        LOG.debug("handleSignatureValidationFailed called");
        try {
            validationFailedHandler.start();
            XMLSignature.SignatureValue signatureValue = xMLSignature.getSignatureValue();
            if (!signatureValue.validate(dOMValidateContext)) {
                validationFailedHandler.signatureValueValidationFailed(signatureValue);
            }
            for (Reference reference : xMLSignature.getSignedInfo().getReferences()) {
                if (!reference.validate(dOMValidateContext)) {
                    validationFailedHandler.referenceValidationFailed(reference);
                }
            }
            if (Boolean.TRUE.equals(dOMValidateContext.getProperty("org.jcp.xml.dsig.validateManifests"))) {
                Iterator it = xMLSignature.getObjects().iterator();
                while (it.hasNext()) {
                    for (Manifest manifest : ((XMLObject) it.next()).getContent()) {
                        if (manifest instanceof Manifest) {
                            for (Reference reference2 : manifest.getReferences()) {
                                if (!reference2.validate(dOMValidateContext)) {
                                    validationFailedHandler.manifestReferenceValidationFailed(reference2);
                                }
                            }
                        }
                    }
                }
            }
            boolean ignoreCoreValidationFailure = validationFailedHandler.ignoreCoreValidationFailure();
            LOG.debug("Ignore Core Validation failure: {}", Boolean.valueOf(ignoreCoreValidationFailure));
            validationFailedHandler.end();
            return ignoreCoreValidationFailure;
        } catch (Throwable th) {
            validationFailedHandler.end();
            throw th;
        }
    }

    protected Document parseInput(InputStream inputStream, Message message) throws Exception {
        try {
            ErrorHandler defaultValidationErrorHandler = new DefaultValidationErrorHandler();
            Schema schema = getSchema(message);
            DocumentBuilder newDocumentBuilder = XmlSignatureHelper.newDocumentBuilder(getConfiguration().getDisallowDoctypeDecl(), schema);
            newDocumentBuilder.setErrorHandler(defaultValidationErrorHandler);
            Document parse = newDocumentBuilder.parse(inputStream);
            defaultValidationErrorHandler.handleErrors(message.getExchange(), schema, (Result) null);
            return parse;
        } catch (SAXException e) {
            throw new XmlSignatureFormatException("Message has wrong format, it is not a XML signature document. Check the sent message.", e);
        }
    }
}
