package org.apache.camel.component.xmlsecurity.processor;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.validation.Schema;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import org.apache.camel.CamelContext;
import org.apache.camel.Exchange;
import org.apache.camel.Message;
import org.apache.camel.component.xmlsecurity.api.SignatureType;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureConstants;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureException;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureFormatException;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureInvalidKeyException;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureNoKeyException;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties;
import org.apache.camel.support.processor.validation.DefaultValidationErrorHandler;
import org.apache.camel.support.processor.validation.ValidatorErrorHandler;
import org.apache.camel.util.IOHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.ErrorHandler;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/camel/component/xmlsecurity/processor/XmlSignerProcessor.class */
public class XmlSignerProcessor extends XmlSignatureProcessor {
    private static final Logger LOG = LoggerFactory.getLogger(XmlSignerProcessor.class);
    private static final String SHA512 = "sha512";
    private static final String SHA384 = "sha384";
    private static final String SHA256 = "sha256";
    private static final String SHA224 = "sha224";
    private static final String SHA1 = "sha1";
    private static final String RIPEMD160 = "ripemd160";
    private static final String HTTP_WWW_W3_ORG_2001_04_XMLDSIG_MORE_SHA224 = "http://www.w3.org/2001/04/xmldsig-more#sha224";
    private static final String HTTP_WWW_W3_ORG_2001_04_XMLDSIG_MORE_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384";
    private final XmlSignerConfiguration config;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/camel/component/xmlsecurity/processor/XmlSignerProcessor$ComparableNode.class */
    public static class ComparableNode implements Comparable<ComparableNode> {
        private final String referenceUri;
        private final int level;

        ComparableNode(Element element, String str) {
            this.referenceUri = str;
            this.level = calculateLevel(element);
        }

        private int calculateLevel(Element element) {
            int i = 0;
            Node node = element;
            while (true) {
                Node node2 = node;
                if (node2 == null) {
                    return i;
                }
                if (1 == node2.getNodeType()) {
                    i++;
                    if (i > 10000) {
                        throw new IllegalStateException("Hierachy level is limited to 10000");
                    }
                }
                node = node2.getParentNode();
            }
        }

        @Override // java.lang.Comparable
        public int compareTo(ComparableNode comparableNode) {
            return comparableNode.level - this.level;
        }

        String getReferenceUri() {
            return this.referenceUri;
        }

        static List<String> getReferenceUris(List<ComparableNode> list) {
            ArrayList arrayList = new ArrayList(list.size());
            Iterator<ComparableNode> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getReferenceUri());
            }
            return arrayList;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/camel/component/xmlsecurity/processor/XmlSignerProcessor$InputBuilder.class */
    public static class InputBuilder {
        private XMLSignatureFactory signatureFactory;
        private String signatureAlgorithm;
        private Node parent;
        private Node messageBodyNode;
        private Message message;
        private KeyInfo keyInfo;
        private String contentDigestAlgorithm;
        private String signatureId;
        private String contentReferenceUri;
        private SignatureType signatureType;
        private String prefixForXmlSignatureNamespace;

        private InputBuilder() {
        }

        public InputBuilder signatureFactory(XMLSignatureFactory xMLSignatureFactory) {
            this.signatureFactory = xMLSignatureFactory;
            return this;
        }

        public InputBuilder signatureAlgorithm(String str) {
            this.signatureAlgorithm = str;
            return this;
        }

        public InputBuilder parent(Node node) {
            this.parent = node;
            return this;
        }

        public InputBuilder messageBodyNode(Node node) {
            this.messageBodyNode = node;
            return this;
        }

        public InputBuilder message(Message message) {
            this.message = message;
            return this;
        }

        public InputBuilder keyInfo(KeyInfo keyInfo) {
            this.keyInfo = keyInfo;
            return this;
        }

        public InputBuilder contentDigestAlgorithm(String str) {
            this.contentDigestAlgorithm = str;
            return this;
        }

        public InputBuilder signatureId(String str) {
            this.signatureId = str;
            return this;
        }

        public InputBuilder contentReferenceUri(String str) {
            this.contentReferenceUri = str;
            return this;
        }

        public InputBuilder signatureType(SignatureType signatureType) {
            this.signatureType = signatureType;
            return this;
        }

        public InputBuilder prefixForXmlSignatureNamespace(String str) {
            this.prefixForXmlSignatureNamespace = str;
            return this;
        }

        public XmlSignatureProperties.Input build() {
            return new XmlSignatureProperties.Input() { // from class: org.apache.camel.component.xmlsecurity.processor.XmlSignerProcessor.InputBuilder.1
                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public XMLSignatureFactory getSignatureFactory() {
                    return InputBuilder.this.signatureFactory;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public String getSignatureAlgorithm() {
                    return InputBuilder.this.signatureAlgorithm;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public Node getParent() {
                    return InputBuilder.this.parent;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public Node getMessageBodyNode() {
                    return InputBuilder.this.messageBodyNode;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public Message getMessage() {
                    return InputBuilder.this.message;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public KeyInfo getKeyInfo() {
                    return InputBuilder.this.keyInfo;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public String getContentDigestAlgorithm() {
                    return InputBuilder.this.contentDigestAlgorithm;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public String getSignatureId() {
                    return InputBuilder.this.signatureId;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public String getContentReferenceUri() {
                    return InputBuilder.this.contentReferenceUri;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public SignatureType getSignatureType() {
                    return InputBuilder.this.signatureType;
                }

                @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties.Input
                public String getPrefixForXmlSignatureNamespace() {
                    return InputBuilder.this.prefixForXmlSignatureNamespace;
                }
            };
        }
    }

    public XmlSignerProcessor(CamelContext camelContext, XmlSignerConfiguration xmlSignerConfiguration) {
        super(camelContext);
        this.config = xmlSignerConfiguration;
    }

    @Override // org.apache.camel.component.xmlsecurity.processor.XmlSignatureProcessor
    public XmlSignerConfiguration getConfiguration() {
        return this.config;
    }

    @Override // org.apache.camel.Processor
    public void process(Exchange exchange) throws Exception {
        try {
            LOG.debug("XML signature generation started using algorithm {} and canonicalization method {}", getConfiguration().getSignatureAlgorithm(), getConfiguration().getCanonicalizationMethod().getAlgorithm());
            Message out = exchange.getOut();
            out.copyFrom(exchange.getIn());
            Document sign = sign(out);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            XmlSignatureHelper.transformNonTextNodeToOutputStream(sign, byteArrayOutputStream, omitXmlDeclaration(out).booleanValue(), getConfiguration().getOutputXmlEncoding());
            out.setBody(byteArrayOutputStream.toByteArray());
            setOutputEncodingToMessageHeader(out);
            clearMessageHeaders(out);
            LOG.debug("XML signature generation finished");
        } catch (Exception e) {
            exchange.setOut(null);
            throw e;
        }
    }

    protected Document sign(Message message) throws Exception {
        XMLSignatureFactory xMLSignatureFactory;
        try {
            try {
                xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
            } catch (NoSuchProviderException e) {
                xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            }
            Node messageBodyNode = getMessageBodyNode(message);
            if (getConfiguration().getKeyAccessor() == null) {
                throw new XmlSignatureNoKeyException("Key accessor is missing for XML signature generation. Specify a key accessor in the configuration.");
            }
            KeySelector keySelector = getConfiguration().getKeyAccessor().getKeySelector(message);
            if (keySelector == null) {
                throw new XmlSignatureNoKeyException("Key selector is missing for XML signature generation. Specify a key selector in the configuration.");
            }
            SignatureType determineSignatureType = determineSignatureType(message);
            Node node = null;
            for (String str : getContentReferenceUris(message, determineSignatureType, messageBodyNode)) {
                KeyInfo keyInfo = getConfiguration().getKeyAccessor().getKeyInfo(message, messageBodyNode, xMLSignatureFactory.getKeyInfoFactory());
                String signatureId = getConfiguration().getSignatureId();
                if (signatureId == null) {
                    signatureId = "_" + UUID.randomUUID().toString();
                } else if (signatureId.isEmpty()) {
                    signatureId = null;
                }
                Node parentOfSignature = getParentOfSignature(message, messageBodyNode, str, determineSignatureType);
                if (parentOfSignature == null) {
                    parentOfSignature = XmlSignatureHelper.newDocumentBuilder(Boolean.TRUE).newDocument();
                }
                node = parentOfSignature;
                XmlSignatureProperties.Input build = new InputBuilder().contentDigestAlgorithm(getDigestAlgorithmUri()).keyInfo(keyInfo).message(message).messageBodyNode(messageBodyNode).parent(parentOfSignature).signatureAlgorithm(getConfiguration().getSignatureAlgorithm()).signatureFactory(xMLSignatureFactory).signatureId(signatureId).contentReferenceUri(str).signatureType(determineSignatureType).prefixForXmlSignatureNamespace(getConfiguration().getPrefixForXmlSignatureNamespace()).build();
                XmlSignatureProperties.Output signatureProperties = getSignatureProperties(build);
                if (signatureProperties != null && signatureProperties.getSignatureId() != null && !signatureProperties.getSignatureId().isEmpty()) {
                    signatureId = signatureProperties.getSignatureId();
                }
                List<? extends XMLObject> objects = getObjects(build, signatureProperties);
                xMLSignatureFactory.newXMLSignature(createSignedInfo(xMLSignatureFactory, getReferences(build, signatureProperties, getKeyInfoId(keyInfo))), keyInfo, objects, signatureId, (String) null).sign(createAndConfigureSignContext(parentOfSignature, keySelector));
            }
            return XmlSignatureHelper.getDocument(node);
        } catch (XMLSignatureException e2) {
            if (e2.getCause() instanceof InvalidKeyException) {
                throw new XmlSignatureInvalidKeyException(e2.getMessage(), e2);
            }
            throw new XmlSignatureException((Throwable) e2);
        } catch (GeneralSecurityException e3) {
            throw new XmlSignatureException(e3);
        }
    }

    private SignatureType determineSignatureType(Message message) throws XmlSignatureException {
        SignatureType signatureType;
        if (getConfiguration().getParentLocalName() != null && getConfiguration().getParentXpath() != null) {
            throw new XmlSignatureException("The configuration of the XML signer component is wrong. The parent local name " + getConfiguration().getParentLocalName() + " and the parent XPath " + getConfiguration().getParentXpath().getXPath() + " are specified. You must not specify both parameters.");
        }
        boolean z = (getConfiguration().getParentLocalName() == null && getConfiguration().getParentXpath() == null) ? false : true;
        boolean z2 = !getXpathToIdAttributes(message).isEmpty();
        if (z && z2) {
            if (getConfiguration().getParentLocalName() != null) {
                throw new XmlSignatureException("The configuration of the XML signer component is wrong. The parent local name " + getConfiguration().getParentLocalName() + " for an enveloped signature and the XPATHs to ID attributes for a detached signature are specified. You must not specify both parameters.");
            }
            throw new XmlSignatureException("The configuration of the XML signer component is wrong. The parent XPath " + getConfiguration().getParentXpath().getXPath() + " for an enveloped signature and the XPATHs to ID attributes for a detached signature are specified. You must not specify both parameters.");
        }
        if (z) {
            signatureType = SignatureType.enveloped;
        } else if (!z2) {
            signatureType = SignatureType.enveloping;
        } else {
            if (getSchemaResourceUri(message) == null) {
                throw new XmlSignatureException("The configruation of the XML Signature component is wrong: No XML schema specified in the detached case");
            }
            signatureType = SignatureType.detached;
        }
        LOG.debug("Signature type: {}", signatureType);
        return signatureType;
    }

    protected List<XPathFilterParameterSpec> getXpathToIdAttributes(Message message) {
        List<XPathFilterParameterSpec> list = (List) message.getHeader(XmlSignatureConstants.HEADER_XPATHS_TO_ID_ATTRIBUTES);
        if (list == null) {
            list = getConfiguration().getXpathsToIdAttributes();
        }
        return list;
    }

    protected XmlSignatureProperties.Output getSignatureProperties(XmlSignatureProperties.Input input) throws Exception {
        XmlSignatureProperties properties = getConfiguration().getProperties();
        XmlSignatureProperties.Output output = null;
        if (properties != null) {
            output = properties.get(input);
        }
        return output;
    }

    private DOMSignContext createAndConfigureSignContext(Node node, KeySelector keySelector) {
        DOMSignContext dOMSignContext = new DOMSignContext(keySelector, node);
        if (getConfiguration().getPrefixForXmlSignatureNamespace() != null && !getConfiguration().getPrefixForXmlSignatureNamespace().isEmpty()) {
            dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", getConfiguration().getPrefixForXmlSignatureNamespace());
        }
        dOMSignContext.putNamespacePrefix("http://www.w3.org/2001/10/xml-exc-c14n#", "ec");
        setCryptoContextProperties(dOMSignContext);
        setUriDereferencerAndBaseUri(dOMSignContext);
        return dOMSignContext;
    }

    protected Boolean omitXmlDeclaration(Message message) {
        Boolean bool = (Boolean) message.getHeader(XmlSignatureConstants.HEADER_OMIT_XML_DECLARATION, Boolean.class);
        if (bool == null) {
            bool = getConfiguration().getOmitXmlDeclaration();
        }
        if (bool == null) {
            bool = Boolean.FALSE;
        }
        LOG.debug("Omit XML declaration: {}", bool);
        return bool;
    }

    protected SignedInfo createSignedInfo(XMLSignatureFactory xMLSignatureFactory, List<? extends Reference> list) throws Exception {
        return xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod(getConfiguration().getCanonicalizationMethod().getAlgorithm(), getConfiguration().getCanonicalizationMethod().getParameterSpec()), getSignatureMethod(getConfiguration().getSignatureAlgorithm(), xMLSignatureFactory), list);
    }

    private SignatureMethod getSignatureMethod(String str, XMLSignatureFactory xMLSignatureFactory) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        return xMLSignatureFactory.newSignatureMethod(str, (SignatureMethodParameterSpec) null);
    }

    protected Node getMessageBodyNode(Message message) throws Exception {
        Node documentElement;
        InputStream inputStream = (InputStream) message.getMandatoryBody(InputStream.class);
        Boolean isPlainText = isPlainText(message);
        if (isPlainText == null || !isPlainText.booleanValue()) {
            DefaultValidationErrorHandler defaultValidationErrorHandler = new DefaultValidationErrorHandler();
            Schema schemaForSigner = getSchemaForSigner(message, defaultValidationErrorHandler);
            Document parseInput = parseInput(inputStream, getConfiguration().getDisallowDoctypeDecl(), schemaForSigner, defaultValidationErrorHandler);
            defaultValidationErrorHandler.handleErrors(message.getExchange(), schemaForSigner, null);
            documentElement = parseInput.getDocumentElement();
            LOG.debug("Root element of document to be signed: {}", documentElement);
        } else {
            documentElement = getTextNode(message, inputStream);
        }
        return documentElement;
    }

    protected Schema getSchemaForSigner(Message message, ValidatorErrorHandler validatorErrorHandler) throws XmlSignatureException, SAXException, IOException {
        return getSchemaResourceUri(message) == null ? null : getSchema(message);
    }

    protected Boolean isPlainText(Message message) {
        Boolean bool = (Boolean) message.getHeader(XmlSignatureConstants.HEADER_MESSAGE_IS_PLAIN_TEXT, Boolean.class);
        if (bool == null) {
            bool = getConfiguration().getPlainText();
        }
        LOG.debug("Is plain text: {}", bool);
        return bool;
    }

    protected Element getParentOfSignature(Message message, Node node, String str, SignatureType signatureType) throws Exception {
        if (SignatureType.enveloping == signatureType) {
            return null;
        }
        if (node.getParentNode() == null || node.getParentNode().getNodeType() != 9) {
            throw new XmlSignatureFormatException("Incomming message has wrong format: It is not an XML document. Cannot create an enveloped or detached XML signature.");
        }
        Document document = (Document) node.getParentNode();
        return SignatureType.detached == signatureType ? getParentForDetachedCase(document, message, str) : getParentForEnvelopedCase(document, message);
    }

    protected Element getParentForEnvelopedCase(Document document, Message message) throws Exception {
        if (getConfiguration().getParentXpath() == null) {
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS(getConfiguration().getParentNamespace(), getConfiguration().getParentLocalName());
            if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
                throw new XmlSignatureFormatException(String.format("Incoming message has wrong format: The parent element with the local name %s and the namespace %s was not found in the message to build an enveloped XML signature.", getConfiguration().getParentLocalName(), getConfiguration().getParentNamespace()));
            }
            return (Element) elementsByTagNameNS.item(0);
        }
        XPathFilterParameterSpec parentXpath = getConfiguration().getParentXpath();
        try {
            NodeList nodeList = (NodeList) XmlSignatureHelper.getXPathExpression(parentXpath).evaluate(document.getDocumentElement(), XPathConstants.NODESET);
            if (nodeList == null || nodeList.getLength() == 0) {
                throw new XmlSignatureException("The parent XPath " + parentXpath.getXPath() + " returned no result. Check the configuration of the XML signer component.");
            }
            int length = nodeList.getLength();
            for (int i = 0; i < length; i++) {
                Node item = nodeList.item(i);
                if (item.getNodeType() == 1) {
                    return (Element) item;
                }
            }
            throw new XmlSignatureException("The parent XPath " + parentXpath.getXPath() + " returned no element. Check the configuration of the XML signer component.");
        } catch (XPathExpressionException e) {
            throw new XmlSignatureException("The parent XPath " + getConfiguration().getParentXpath().getXPath() + " is wrongly configured: The XPath " + parentXpath.getXPath() + " is invalid.", e);
        }
    }

    private Element getParentForDetachedCase(Document document, Message message, String str) throws XmlSignatureException {
        String str2 = str;
        if (str2.startsWith("#")) {
            str2 = str2.substring(1);
        }
        Element elementById = document.getElementById(str2);
        if (elementById == null) {
            throw new IllegalStateException("No element found for element ID " + str2);
        }
        LOG.debug("Sibling element of the detached XML Signature with reference URI {}: {}  {}", new Object[]{str, elementById.getLocalName(), elementById.getNamespaceURI()});
        Element parentElement = getParentElement(elementById);
        if (parentElement != null) {
            return parentElement;
        }
        throw new XmlSignatureException("Either the configuration of the XML Signature component is wrong or the incoming document has an invalid structure: The element " + elementById.getLocalName() + "{" + elementById.getNamespaceURI() + "} which is referenced by the reference URI " + str + " has no parent element. The element must have a parent element in the configured detached case.");
    }

    private Element getParentElement(Node node) {
        for (int i = 0; node != null && i < 10000; i++) {
            Node parentNode = node.getParentNode();
            if (parentNode != null && parentNode.getNodeType() == 1) {
                return (Element) parentNode;
            }
            node = parentNode;
        }
        return null;
    }

    protected List<? extends Reference> getReferences(XmlSignatureProperties.Input input, XmlSignatureProperties.Output output, String str) throws Exception {
        Reference createReference = createReference(input.getSignatureFactory(), input.getContentReferenceUri(), getContentReferenceType(input.getMessage()), input.getSignatureType(), output == null ? null : output.getContentReferenceId(), input.getMessage());
        Reference createKeyInfoReference = createKeyInfoReference(input.getSignatureFactory(), str, input.getContentDigestAlgorithm());
        int size = (output == null || output.getReferences() == null || output.getReferences().isEmpty()) ? 0 : output.getReferences().size();
        ArrayList arrayList = new ArrayList(createKeyInfoReference == null ? size + 1 : size + 2);
        arrayList.add(createReference);
        if (createKeyInfoReference != null) {
            arrayList.add(createKeyInfoReference);
        }
        if (output != null && output.getReferences() != null && !output.getReferences().isEmpty()) {
            arrayList.addAll(output.getReferences());
        }
        return arrayList;
    }

    protected List<? extends XMLObject> getObjects(XmlSignatureProperties.Input input, XmlSignatureProperties.Output output) {
        if (SignatureType.enveloped == input.getSignatureType() || SignatureType.detached == input.getSignatureType()) {
            return (output == null || output.getObjects() == null) ? Collections.emptyList() : output.getObjects();
        }
        String contentObjectId = getConfiguration().getContentObjectId();
        LOG.debug("Object Content Id {}", contentObjectId);
        XMLObject createXMLObject = createXMLObject(input.getSignatureFactory(), input.getMessageBodyNode(), contentObjectId);
        if (output == null || output.getObjects() == null || output.getObjects().isEmpty()) {
            return Collections.singletonList(createXMLObject);
        }
        ArrayList arrayList = new ArrayList(output.getObjects().size() + 1);
        arrayList.add(createXMLObject);
        arrayList.addAll(output.getObjects());
        return arrayList;
    }

    private Node getTextNode(Message message, InputStream inputStream) throws IOException, ParserConfigurationException, XmlSignatureException {
        LOG.debug("Message body to be signed is plain text");
        String messageEncoding = getMessageEncoding(message);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        IOHelper.copyAndCloseInput(inputStream, byteArrayOutputStream);
        try {
            return XmlSignatureHelper.newDocumentBuilder(true).newDocument().createTextNode(byteArrayOutputStream.toString(messageEncoding));
        } catch (UnsupportedEncodingException e) {
            throw new XmlSignatureException(String.format("The message encoding %s is not supported.", messageEncoding), e);
        }
    }

    protected String getMessageEncoding(Message message) {
        String str = (String) message.getHeader(XmlSignatureConstants.HEADER_PLAIN_TEXT_ENCODING, String.class);
        if (str == null) {
            str = getConfiguration().getPlainTextEncoding();
        }
        LOG.debug("Messge encoding: {}", str);
        return str;
    }

    protected Document parseInput(InputStream inputStream, Boolean bool, Schema schema, ErrorHandler errorHandler) throws ParserConfigurationException, IOException, XmlSignatureFormatException {
        try {
            try {
                DocumentBuilder newDocumentBuilder = XmlSignatureHelper.newDocumentBuilder(bool, schema);
                newDocumentBuilder.setErrorHandler(errorHandler);
                Document parse = newDocumentBuilder.parse(inputStream);
                IOHelper.close(inputStream, "input stream");
                return parse;
            } catch (SAXException e) {
                throw new XmlSignatureFormatException("XML signature generation not possible. Sent message is not an XML document. Check the sent message.", e);
            }
        } catch (Throwable th) {
            IOHelper.close(inputStream, "input stream");
            throw th;
        }
    }

    protected Reference createReference(XMLSignatureFactory xMLSignatureFactory, String str, String str2, SignatureType signatureType, String str3, Message message) throws InvalidAlgorithmParameterException, XmlSignatureException {
        try {
            return xMLSignatureFactory.newReference(str, xMLSignatureFactory.newDigestMethod(getDigestAlgorithmUri(), (DigestMethodParameterSpec) null), getTransforms(xMLSignatureFactory, signatureType, message), str2, str3);
        } catch (NoSuchAlgorithmException e) {
            throw new XmlSignatureException("Wrong algorithm specified in the configuration.", e);
        }
    }

    protected String getContentReferenceType(Message message) {
        String str = (String) message.getHeader(XmlSignatureConstants.HEADER_CONTENT_REFERENCE_TYPE, String.class);
        if (str == null) {
            str = getConfiguration().getContentReferenceType();
        }
        LOG.debug("Content reference type: {}", str);
        return str;
    }

    protected List<String> getContentReferenceUris(Message message, SignatureType signatureType, Node node) throws XmlSignatureException, XPathExpressionException {
        List<String> contentReferenceUrisForDetachedCase;
        if (SignatureType.enveloping == signatureType) {
            contentReferenceUrisForDetachedCase = Collections.singletonList("#" + getConfiguration().getContentObjectId());
        } else if (SignatureType.enveloped == signatureType) {
            String str = (String) message.getHeader(XmlSignatureConstants.HEADER_CONTENT_REFERENCE_URI, String.class);
            if (str == null) {
                str = getConfiguration().getContentReferenceUri();
            }
            if (str == null) {
                str = "";
            }
            contentReferenceUrisForDetachedCase = Collections.singletonList(str);
        } else {
            if (SignatureType.detached != signatureType) {
                throw new IllegalStateException("Signature type " + signatureType + " not supported");
            }
            contentReferenceUrisForDetachedCase = getContentReferenceUrisForDetachedCase(message, node);
        }
        LOG.debug("Content reference URI(s): {}", contentReferenceUrisForDetachedCase);
        return contentReferenceUrisForDetachedCase;
    }

    private List<String> getContentReferenceUrisForDetachedCase(Message message, Node node) throws XmlSignatureException, XPathExpressionException {
        List<XPathFilterParameterSpec> xpathToIdAttributes = getXpathToIdAttributes(message);
        if (xpathToIdAttributes.isEmpty()) {
            throw new IllegalStateException("List of XPATHs to ID attributes is empty in detached signature case");
        }
        ArrayList arrayList = new ArrayList(xpathToIdAttributes.size());
        for (XPathFilterParameterSpec xPathFilterParameterSpec : xpathToIdAttributes) {
            try {
                NodeList nodeList = (NodeList) XmlSignatureHelper.getXPathExpression(xPathFilterParameterSpec).evaluate(node, XPathConstants.NODESET);
                if (nodeList == null) {
                    LOG.warn("No ID attribute found for xpath expression {}. Therfore this xpath expression will be ignored.", xPathFilterParameterSpec.getXPath());
                } else {
                    int length = nodeList.getLength();
                    for (int i = 0; i < length; i++) {
                        Node item = nodeList.item(i);
                        if (item.getNodeType() != 2) {
                            throw new XmlSignatureException("Wrong configured xpath expression for ID attributes: The evaluation of the xpath expression " + xPathFilterParameterSpec.getXPath() + " returned a node which was not of type Attribute.");
                        }
                        String value = ((Attr) item).getValue();
                        Element elementById = node.getOwnerDocument().getElementById(value);
                        if (elementById == null) {
                            throw new XmlSignatureException("Wrong configured xpath expression for ID attributes: The evaluation of the xpath expression " + xPathFilterParameterSpec.getXPath() + " resulted in an attribute which is not of type ID. The attribute value is " + value + ".");
                        }
                        arrayList.add(new ComparableNode(elementById, "#" + value));
                        LOG.debug("ID attribute with value {} found for xpath {}", value, xPathFilterParameterSpec.getXPath());
                    }
                }
            } catch (XPathExpressionException e) {
                throw new XmlSignatureException("The configured xpath expression " + xPathFilterParameterSpec.getXPath() + " is invalid.", e);
            }
        }
        if (arrayList.isEmpty()) {
            throw new XmlSignatureException("No element to sign found in the detached case. No node found for the configured xpath expressions " + toString(xpathToIdAttributes) + ". Either the configuration of the XML signature component is wrong or the incoming message has not the correct structure.");
        }
        Collections.sort(arrayList);
        return ComparableNode.getReferenceUris(arrayList);
    }

    private String toString(List<XPathFilterParameterSpec> list) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        Iterator<XPathFilterParameterSpec> it = list.iterator();
        while (it.hasNext()) {
            i++;
            sb.append(it.next().getXPath());
            if (i < list.size()) {
                sb.append(", ");
            }
        }
        return sb.toString();
    }

    protected XMLObject createXMLObject(XMLSignatureFactory xMLSignatureFactory, Node node, String str) {
        return xMLSignatureFactory.newXMLObject(Collections.singletonList(new DOMStructure(node)), str, (String) null, (String) null);
    }

    private List<Transform> getTransforms(XMLSignatureFactory xMLSignatureFactory, SignatureType signatureType, Message message) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        String str = (String) message.getHeader(XmlSignatureConstants.HEADER_TRANSFORM_METHODS, String.class);
        if (str != null) {
            LOG.debug("Header {} with value '{}' found", XmlSignatureConstants.HEADER_TRANSFORM_METHODS, str);
            String[] split = str.split(",");
            ArrayList arrayList = new ArrayList(split.length);
            for (String str2 : split) {
                String trim = str2.trim();
                arrayList.add(xMLSignatureFactory.newTransform(trim, (TransformParameterSpec) null));
                LOG.debug("Transform method: {}", trim);
            }
            return arrayList;
        }
        List<AlgorithmMethod> transformMethods = getConfiguration().getTransformMethods();
        if (SignatureType.enveloped == signatureType) {
            if (transformMethods.isEmpty()) {
                transformMethods = new ArrayList(2);
                transformMethods.add(XmlSignatureHelper.getEnvelopedTransform());
                transformMethods.add(XmlSignatureHelper.getCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315"));
            } else if (!containsEnvelopedTransform(transformMethods)) {
                transformMethods = new ArrayList(transformMethods.size() + 1);
                transformMethods.add(XmlSignatureHelper.getEnvelopedTransform());
                transformMethods.addAll(getConfiguration().getTransformMethods());
            }
        }
        ArrayList arrayList2 = new ArrayList(transformMethods.size());
        for (AlgorithmMethod algorithmMethod : transformMethods) {
            arrayList2.add(xMLSignatureFactory.newTransform(algorithmMethod.getAlgorithm(), algorithmMethod.getParameterSpec()));
            LOG.debug("Transform method: {}", algorithmMethod.getAlgorithm());
        }
        return arrayList2;
    }

    private boolean containsEnvelopedTransform(List<AlgorithmMethod> list) {
        Iterator<AlgorithmMethod> it = list.iterator();
        while (it.hasNext()) {
            if ("http://www.w3.org/2000/09/xmldsig#enveloped-signature".equals(it.next().getAlgorithm())) {
                return true;
            }
        }
        return false;
    }

    protected String getDigestAlgorithmUri() throws XmlSignatureException {
        String signatureAlgorithm;
        String digestAlgorithm = getConfiguration().getDigestAlgorithm();
        if (digestAlgorithm == null && (signatureAlgorithm = getConfiguration().getSignatureAlgorithm()) != null) {
            if (signatureAlgorithm.contains(SHA1)) {
                digestAlgorithm = "http://www.w3.org/2000/09/xmldsig#sha1";
            } else if (signatureAlgorithm.contains(SHA224)) {
                digestAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#sha224";
            } else if (signatureAlgorithm.contains(SHA256)) {
                digestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256";
            } else if (signatureAlgorithm.contains(SHA384)) {
                digestAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#sha384";
            } else if (signatureAlgorithm.contains(SHA512)) {
                digestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha512";
            } else if (signatureAlgorithm.contains(RIPEMD160)) {
                return "http://www.w3.org/2001/04/xmlenc#ripemd160";
            }
        }
        if (digestAlgorithm == null) {
            throw new XmlSignatureException("Digest algorithm missing for XML signature generation. Specify the digest algorithm in the configuration.");
        }
        LOG.debug("Digest algorithm: {}", digestAlgorithm);
        return digestAlgorithm;
    }

    protected Reference createKeyInfoReference(XMLSignatureFactory xMLSignatureFactory, String str, String str2) throws Exception {
        if (str == null || getConfiguration().getAddKeyInfoReference() == null || !getConfiguration().getAddKeyInfoReference().booleanValue()) {
            return null;
        }
        LOG.debug("Creating reference to key info element with Id: {}", str);
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(xMLSignatureFactory.newTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (TransformParameterSpec) null));
        return xMLSignatureFactory.newReference("#" + str, xMLSignatureFactory.newDigestMethod(str2, (DigestMethodParameterSpec) null), arrayList, (String) null, (String) null);
    }

    private String getKeyInfoId(KeyInfo keyInfo) {
        if (keyInfo == null) {
            return null;
        }
        return keyInfo.getId();
    }

    protected void setOutputEncodingToMessageHeader(Message message) {
        if (getConfiguration().getOutputXmlEncoding() != null) {
            message.setHeader("CamelCharsetName", getConfiguration().getOutputXmlEncoding());
        }
    }
}
