package xsul.secconv.dsig;

import javax.xml.transform.TransformerException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
import org.apache.xpath.CachedXPathAPI;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import xsul.MLogger;
import xsul.XsulException;
import xsul.dsig.SOAPEnvelopeVerifier;
import xsul.dsig.SignatureInfo;
import xsul.dsig.SignatureVerificationFailure;
import xsul.dsig.globus.security.authentication.SOAPBodyIdResolver;
import xsul.dsig.globus.security.authentication.wssec.WSConstants;
import xsul.secconv.SCUtil;

/* loaded from: input_file:xsul/secconv/dsig/SessionKeySOAPEnvelopeVerifier.class */
public class SessionKeySOAPEnvelopeVerifier extends SOAPEnvelopeVerifier {
    private static final MLogger logger = MLogger.getLogger();
    private static SessionKeySOAPEnvelopeVerifier instance;
    private String contextId;

    public SessionKeySOAPEnvelopeVerifier() {
    }

    public SessionKeySOAPEnvelopeVerifier(String str) {
        this.contextId = str;
    }

    public void setContextId(String str) {
        this.contextId = str;
    }

    public String getContextId() {
        return this.contextId;
    }

    protected ResourceResolverSpi getResourceResolver() {
        return SOAPBodyIdResolver.getInstance();
    }

    @Override // xsul.dsig.SOAPEnvelopeVerifier
    public SignatureInfo verifySoapMessage(Document document) throws SignatureVerificationFailure, XsulException {
        try {
            XMLSignature xMLSignature = new XMLSignature(getSignatureElem(document), "http://extreme.indiana.edu/xmlsecurity");
            xMLSignature.getSignedInfo().addResourceResolver(getResourceResolver());
            logger.finest(new StringBuffer().append("cano=").append(xMLSignature.getSignedInfo().getCanonicalizationMethodURI()).toString());
            if (xMLSignature.checkSignatureValue(SCUtil.getSessionKey(this.contextId))) {
                return null;
            }
            throw new XsulException("failed signature check - signature can not be validated by secret ");
        } catch (TransformerException e) {
            throw new XsulException("Transformer exception", e);
        } catch (DOMException e2) {
            throw new XsulException("DOM exception", e2);
        } catch (XsulException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new XsulException("other exception", e4);
        }
    }

    private Element getSignatureElem(Document document) throws TransformerException, DOMException {
        CachedXPathAPI cachedXPathAPI = new CachedXPathAPI();
        Element createElement = document.createElement("nsctx");
        createElement.setAttribute("xmlns:ds", WSConstants.SIG_NS);
        Element element = (Element) cachedXPathAPI.selectSingleNode(document, "//ds:Signature", createElement);
        if (element == null) {
            throw new XsulException("could not find ds:Signature in envelope");
        }
        return element;
    }
}
