package org.apache.tsik.wss.actions;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.util.Collections;
import org.apache.tsik.domutil.DOMWriteCursor;
import org.apache.tsik.util.Namespaces;
import org.apache.tsik.wsp.Action;
import org.apache.tsik.wsp.ActionViolation;
import org.apache.tsik.wss.Id;
import org.apache.tsik.wss.elements.KeyInfo;
import org.apache.tsik.wss.elements.SecurityTokenReference;
import org.apache.tsik.wss.elements.Signature;
import org.apache.tsik.xmlsig.Signer;
import org.apache.tsik.xpath.XPath;

/* loaded from: input_file:org/apache/tsik/wss/actions/SignBody.class */
public class SignBody extends Action {
    PrivateKey key;
    XPath sigOutput;
    String tokenId;

    private boolean checkPreconditions() {
        this.key = getPrivateKey("key");
        this.sigOutput = getXPath("sigoutput");
        this.tokenId = getString("tokenid");
        if (this.key == null || this.sigOutput == null || this.tokenId == null) {
            return false;
        }
        return moveOutputToXPath(this.sigOutput);
    }

    public void execute() {
        if (!checkPreconditions()) {
            this.violations.add(new ActionViolation("Precond check failed"));
            return;
        }
        DOMWriteCursor cloneWriteCursor = this.output.cloneWriteCursor();
        cloneWriteCursor.moveToXPath(new XPath("/s:Envelope/s:Body", new String[]{"s", Namespaces.SOAPENV.getUri()}));
        String id = Id.getId(cloneWriteCursor);
        if (id == null) {
            id = Id.generateId();
            Id.insertInto(cloneWriteCursor, id);
        }
        try {
            Signer signer = new Signer(this.output.getDocument(), this.key);
            signer.useExclusiveCanonicalizer(Collections.EMPTY_LIST);
            signer.addReference(XPath.fromID(id));
            signer.signInPlace(this.sigOutput);
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(this.tokenId);
            this.output.moveToXPath(this.sigOutput);
            this.output.moveToChild(Signature.uri, Signature.elementName);
            this.output = this.output.addUnder(KeyInfo.uri, KeyInfo.prefix, KeyInfo.elementName);
            securityTokenReference.toXml(this.output);
        } catch (InvalidKeyException e) {
            this.violations.add(new ActionViolation(e));
        } catch (NoSuchAlgorithmException e2) {
            this.violations.add(new ActionViolation(e2));
        } catch (SignatureException e3) {
            this.violations.add(new ActionViolation(e3));
        }
    }

    public boolean needsOutputDocument() {
        return true;
    }
}
