/*

 * reserved comment block

 * DO NOT REMOVE OR ALTER!

 */

/**

 * Licensed to the Apache Software Foundation (ASF) under one

 * or more contributor license agreements. See the NOTICE file

 * distributed with this work for additional information

 * regarding copyright ownership. The ASF licenses this file

 * to you under the Apache License, Version 2.0 (the

 * "License"); you may not use this file except in compliance

 * with the License. You may obtain a copy of the License at

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing,

 * software distributed under the License is distributed on an

 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

 * KIND, either express or implied. See the License for the

 * specific language governing permissions and limitations

 * under the License.

 */

package com.sun.org.apache.xml.internal.security.signature;

import java.io.IOException;

import java.io.OutputStream;

import java.security.Key;

import java.security.PublicKey;

import java.security.cert.X509Certificate;

import javax.crypto.SecretKey;

import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;

import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;

import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;

import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;

import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;

import com.sun.org.apache.xml.internal.security.keys.KeyInfo;

import com.sun.org.apache.xml.internal.security.keys.content.X509Data;

import com.sun.org.apache.xml.internal.security.transforms.Transforms;

import com.sun.org.apache.xml.internal.security.utils.Constants;

import com.sun.org.apache.xml.internal.security.utils.I18n;

import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;

import com.sun.org.apache.xml.internal.security.utils.SignerOutputStream;

import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream;

import com.sun.org.apache.xml.internal.security.utils.XMLUtils;

import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver;

import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;

import org.w3c.dom.Attr;

import org.w3c.dom.Document;

import org.w3c.dom.Element;

import org.w3c.dom.Node;

import org.w3c.dom.Text;

/**

 * Handles {@code <ds:Signature>} elements.

 * This is the main class that deals with creating and verifying signatures.

 *

 * <p>There are 2 types of constructors for this class. The ones that take a

 * document, baseURI and 1 or more Java Objects. This is mostly used for

 * signing purposes.

 * The other constructor is the one that takes a DOM Element and a baseURI.

 * This is used mostly with for verifying, when you have a SignatureElement.

 *

 * There are a few different types of methods:

 * <ul><li>The addDocument* methods are used to add References with optional

 * transforms during signing. </li>

 * <li>addKeyInfo* methods are to add Certificates and Keys to the

 * KeyInfo tags during signing. </li>

 * <li>appendObject allows a user to add any XML Structure as an

 * ObjectContainer during signing.</li>

 * <li>sign and checkSignatureValue methods are used to sign and validate the

 * signature. </li></ul>

 */

public final class XMLSignature extends SignatureElementProxy {

    /** MAC - Required HMAC-SHA1 */

    public static final String ALGO_ID_MAC_HMAC_SHA1 =

        Constants.SignatureSpecNS + "hmac-sha1";

    /** Signature - Required DSAwithSHA1 (DSS) */

    public static final String ALGO_ID_SIGNATURE_DSA =

        Constants.SignatureSpecNS + "dsa-sha1";

    /** Signature - Optional DSAwithSHA256 */

    public static final String ALGO_ID_SIGNATURE_DSA_SHA256 =

        Constants.SignatureSpec11NS + "dsa-sha256";

    /** Signature - Recommended RSAwithSHA1 */

    public static final String ALGO_ID_SIGNATURE_RSA =

        Constants.SignatureSpecNS + "rsa-sha1";

    /** Signature - Recommended RSAwithSHA1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA1 =

        Constants.SignatureSpecNS + "rsa-sha1";

    /** Signature - NOT Recommended RSAwithMD5 */

    public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =

        Constants.MoreAlgorithmsSpecNS + "rsa-md5";

    /** Signature - Optional RSAwithRIPEMD160 */

    public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 =

        Constants.MoreAlgorithmsSpecNS + "rsa-ripemd160";

    /** Signature - Optional RSAwithSHA224 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA224 =

        Constants.MoreAlgorithmsSpecNS + "rsa-sha224";

    /** Signature - Optional RSAwithSHA256 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA256 =

        Constants.MoreAlgorithmsSpecNS + "rsa-sha256";

    /** Signature - Optional RSAwithSHA384 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA384 =

        Constants.MoreAlgorithmsSpecNS + "rsa-sha384";

    /** Signature - Optional RSAwithSHA512 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA512 =

        Constants.MoreAlgorithmsSpecNS + "rsa-sha512";

    /** Signature - Optional RSAwithSHA1andMGF1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA1_MGF1 =

        Constants.XML_DSIG_NS_MORE_07_05 + "sha1-rsa-MGF1";

    /** Signature - Optional RSAwithSHA224andMGF1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA224_MGF1 =

        Constants.XML_DSIG_NS_MORE_07_05 + "sha224-rsa-MGF1";

    /** Signature - Optional RSAwithSHA256andMGF1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA256_MGF1 =

        Constants.XML_DSIG_NS_MORE_07_05 + "sha256-rsa-MGF1";

    /** Signature - Optional RSAwithSHA384andMGF1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA384_MGF1 =

        Constants.XML_DSIG_NS_MORE_07_05 + "sha384-rsa-MGF1";

    /** Signature - Optional RSAwithSHA512andMGF1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA512_MGF1 =

        Constants.XML_DSIG_NS_MORE_07_05 + "sha512-rsa-MGF1";

    /** Signature - Optional RSAwithSHA3_224andMGF1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1 =

        Constants.XML_DSIG_NS_MORE_07_05 + "sha3-224-rsa-MGF1";

    /** Signature - Optional RSAwithSHA3_256andMGF1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1 =

        Constants.XML_DSIG_NS_MORE_07_05 + "sha3-256-rsa-MGF1";

    /** Signature - Optional RSAwithSHA3_384andMGF1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1 =

        Constants.XML_DSIG_NS_MORE_07_05 + "sha3-384-rsa-MGF1";

    /** Signature - Optional RSAwithSHA3_512andMGF1 */

    public static final String ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1 =

        Constants.XML_DSIG_NS_MORE_07_05 + "sha3-512-rsa-MGF1";

    /** HMAC - NOT Recommended HMAC-MD5 */

    public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 =

        Constants.MoreAlgorithmsSpecNS + "hmac-md5";

    /** HMAC - Optional HMAC-RIPEMD160 */

    public static final String ALGO_ID_MAC_HMAC_RIPEMD160 =

        Constants.MoreAlgorithmsSpecNS + "hmac-ripemd160";

    /** HMAC - Optional HMAC-SHA2224 */

    public static final String ALGO_ID_MAC_HMAC_SHA224 =

        Constants.MoreAlgorithmsSpecNS + "hmac-sha224";

    /** HMAC - Optional HMAC-SHA256 */

    public static final String ALGO_ID_MAC_HMAC_SHA256 =

        Constants.MoreAlgorithmsSpecNS + "hmac-sha256";

    /** HMAC - Optional HMAC-SHA284 */

    public static final String ALGO_ID_MAC_HMAC_SHA384 =

        Constants.MoreAlgorithmsSpecNS + "hmac-sha384";

    /** HMAC - Optional HMAC-SHA512 */

    public static final String ALGO_ID_MAC_HMAC_SHA512 =

        Constants.MoreAlgorithmsSpecNS + "hmac-sha512";

    /**Signature - Optional ECDSAwithSHA1 */

    public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 =

        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";

    /**Signature - Optional ECDSAwithSHA224 */

    public static final String ALGO_ID_SIGNATURE_ECDSA_SHA224 =

        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224";

    /**Signature - Optional ECDSAwithSHA256 */

    public static final String ALGO_ID_SIGNATURE_ECDSA_SHA256 =

        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";

    /**Signature - Optional ECDSAwithSHA384 */

    public static final String ALGO_ID_SIGNATURE_ECDSA_SHA384 =

        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";

    /**Signature - Optional ECDSAwithSHA512 */

    public static final String ALGO_ID_SIGNATURE_ECDSA_SHA512 =

        "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";

    /**Signature - Optional ECDSAwithRIPEMD160 */

    public static final String ALGO_ID_SIGNATURE_ECDSA_RIPEMD160 =

        "http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160";

    private static final com.sun.org.slf4j.internal.Logger LOG =

        com.sun.org.slf4j.internal.LoggerFactory.getLogger(XMLSignature.class);

    /** ds:Signature.ds:SignedInfo element */

    private SignedInfo signedInfo;

    /** ds:Signature.ds:KeyInfo */

    private KeyInfo keyInfo;

    /**

     * Checking the digests in References in a Signature are mandatory, but for

     * References inside a Manifest it is application specific. This boolean is

     * to indicate that the References inside Manifests should be validated.

     */

    private boolean followManifestsDuringValidation = false;

    private Element signatureValueElement;

    private static final int MODE_SIGN = 0;

    private static final int MODE_VERIFY = 1;

    private int state = MODE_SIGN;

    /**

     * This creates a new {@code ds:Signature} Element and adds an empty

     * {@code ds:SignedInfo}.

     * The {@code ds:SignedInfo} is initialized with the specified Signature

     * algorithm and Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS which is REQUIRED

     * by the spec. This method's main use is for creating a new signature.

     *

     * @param doc Document in which the signature will be appended after creation.

     * @param baseURI URI to be used as context for all relative URIs.

     * @param signatureMethodURI signature algorithm to use.

     * @throws XMLSecurityException

     */

    public XMLSignature(Document doc, String baseURI, String signatureMethodURI)

        throws XMLSecurityException {

        this(doc, baseURI, signatureMethodURI, 0, Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);

    }

    /**

     * Constructor XMLSignature

     *

     * @param doc

     * @param baseURI

     * @param signatureMethodURI the Signature method to be used.

     * @param hmacOutputLength

     * @throws XMLSecurityException

     */

    public XMLSignature(Document doc, String baseURI, String signatureMethodURI,

                        int hmacOutputLength) throws XMLSecurityException {

        this(

            doc, baseURI, signatureMethodURI, hmacOutputLength,

            Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS

        );

    }

    /**

     * Constructor XMLSignature

     *

     * @param doc

     * @param baseURI

     * @param signatureMethodURI the Signature method to be used.

     * @param canonicalizationMethodURI the canonicalization algorithm to be

     * used to c14nize the SignedInfo element.

     * @throws XMLSecurityException

     */

    public XMLSignature(

        Document doc,

        String baseURI,

        String signatureMethodURI,

        String canonicalizationMethodURI

    ) throws XMLSecurityException {

        this(doc, baseURI, signatureMethodURI, 0, canonicalizationMethodURI);

    }

    /**

     * Constructor XMLSignature

     *

     * @param doc

     * @param baseURI

     * @param signatureMethodURI

     * @param hmacOutputLength

     * @param canonicalizationMethodURI

     * @throws XMLSecurityException

     */

    public XMLSignature(

        Document doc,

        String baseURI,

        String signatureMethodURI,

        int hmacOutputLength,

        String canonicalizationMethodURI

    ) throws XMLSecurityException {

        super(doc);

        String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);

        if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {

            getElement().setAttributeNS(

                Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS

            );

        } else {

            getElement().setAttributeNS(

                Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS

            );

        }

        addReturnToSelf();

        this.baseURI = baseURI;

        this.signedInfo =

            new SignedInfo(

                getDocument(), signatureMethodURI, hmacOutputLength, canonicalizationMethodURI

            );

        appendSelf(this.signedInfo);

        addReturnToSelf();

        // create an empty SignatureValue; this is filled by setSignatureValueElement

        signatureValueElement =

            XMLUtils.createElementInSignatureSpace(getDocument(), Constants._TAG_SIGNATUREVALUE);

        appendSelf(signatureValueElement);

        addReturnToSelf();

    }

    /**

     *  Creates a XMLSignature in a Document

     * @param doc

     * @param baseURI

     * @param SignatureMethodElem

     * @param CanonicalizationMethodElem

     * @throws XMLSecurityException

     */

    public XMLSignature(

        Document doc,

        String baseURI,

        Element SignatureMethodElem,

        Element CanonicalizationMethodElem

    ) throws XMLSecurityException {

        super(doc);

        String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);

        if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {

            getElement().setAttributeNS(

                Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS

            );

        } else {

            getElement().setAttributeNS(

                Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS

            );

        }

        addReturnToSelf();

        this.baseURI = baseURI;

        this.signedInfo =

            new SignedInfo(getDocument(), SignatureMethodElem, CanonicalizationMethodElem);

        appendSelf(this.signedInfo);

        addReturnToSelf();

        // create an empty SignatureValue; this is filled by setSignatureValueElement

        signatureValueElement =

            XMLUtils.createElementInSignatureSpace(getDocument(), Constants._TAG_SIGNATUREVALUE);

        appendSelf(signatureValueElement);

        addReturnToSelf();

    }

    /**

     * This will parse the element and construct the Java Objects.

     * That will allow a user to validate the signature.

     *

     * @param element ds:Signature element that contains the whole signature

     * @param baseURI URI to be prepended to all relative URIs

     * @throws XMLSecurityException

     * @throws XMLSignatureException if the signature is badly formatted

     */

    public XMLSignature(Element element, String baseURI)

        throws XMLSignatureException, XMLSecurityException {

        this(element, baseURI, true);

    }

    /**

     * This will parse the element and construct the Java Objects.

     * That will allow a user to validate the signature.

     *

     * @param element ds:Signature element that contains the whole signature

     * @param baseURI URI to be prepended to all relative URIs

     * @param secureValidation whether secure secureValidation is enabled or not

     * @throws XMLSecurityException

     * @throws XMLSignatureException if the signature is badly formatted

     */

    public XMLSignature(Element element, String baseURI, boolean secureValidation)

        throws XMLSignatureException, XMLSecurityException {

        super(element, baseURI);

        // check out SignedInfo child

        Element signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());

        // check to see if it is there

        if (signedInfoElem == null) {

            Object exArgs[] = { Constants._TAG_SIGNEDINFO, Constants._TAG_SIGNATURE };

            throw new XMLSignatureException("xml.WrongContent", exArgs);

        }

        // create a SignedInfo object from that element

        this.signedInfo = new SignedInfo(signedInfoElem, baseURI, secureValidation);

        // get signedInfoElem again in case it has changed

        signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());

        // check out SignatureValue child

        this.signatureValueElement =

            XMLUtils.getNextElement(signedInfoElem.getNextSibling());

        // check to see if it exists

        if (signatureValueElement == null) {

            Object exArgs[] = { Constants._TAG_SIGNATUREVALUE, Constants._TAG_SIGNATURE };

            throw new XMLSignatureException("xml.WrongContent", exArgs);

        }

        Attr signatureValueAttr = signatureValueElement.getAttributeNodeNS(null, "Id");

        if (signatureValueAttr != null) {

            signatureValueElement.setIdAttributeNode(signatureValueAttr, true);

        }

        // <element ref="ds:KeyInfo" minOccurs="0"/>

        Element keyInfoElem =

            XMLUtils.getNextElement(signatureValueElement.getNextSibling());

        // If it exists use it, but it's not mandatory

        if (keyInfoElem != null

            && Constants.SignatureSpecNS.equals(keyInfoElem.getNamespaceURI())

            && Constants._TAG_KEYINFO.equals(keyInfoElem.getLocalName())) {

            this.keyInfo = new KeyInfo(keyInfoElem, baseURI);

            this.keyInfo.setSecureValidation(secureValidation);

        }

        // <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>

        Element objectElem =

            XMLUtils.getNextElement(signatureValueElement.getNextSibling());

        while (objectElem != null) {

            Attr objectAttr = objectElem.getAttributeNodeNS(null, "Id");

            if (objectAttr != null) {

                objectElem.setIdAttributeNode(objectAttr, true);

            }

            Node firstChild = objectElem.getFirstChild();

            // Register Ids of the Object child elements

            while (firstChild != null) {

                if (firstChild.getNodeType() == Node.ELEMENT_NODE) {

                    Element childElem = (Element)firstChild;

                    String tag = childElem.getLocalName();

                    if ("Manifest".equals(tag)) {

                        new Manifest(childElem, baseURI);

                    } else if ("SignatureProperties".equals(tag)) {

                        new SignatureProperties(childElem, baseURI);

                    }

                }

                firstChild = firstChild.getNextSibling();

            }

            objectElem = XMLUtils.getNextElement(objectElem.getNextSibling());

        }

        this.state = MODE_VERIFY;

    }

    /**

     * Sets the {@code Id} attribute

     *

     * @param id Id value for the id attribute on the Signature Element

     */

    public void setId(String id) {

        if (id != null) {

            setLocalIdAttribute(Constants._ATT_ID, id);

        }

    }

    /**

     * Returns the {@code Id} attribute

     *

     * @return the {@code Id} attribute

     */

    public String getId() {

        return getLocalAttribute(Constants._ATT_ID);

    }

    /**

     * Returns the completely parsed {@code SignedInfo} object.

     *

     * @return the completely parsed {@code SignedInfo} object.