/*

 * reserved comment block

 * DO NOT REMOVE OR ALTER!

 */

/**

 * Licensed to the Apache Software Foundation (ASF) under one

 * or more contributor license agreements. See the NOTICE file

 * distributed with this work for additional information

 * regarding copyright ownership. The ASF licenses this file

 * to you under the Apache License, Version 2.0 (the

 * "License"); you may not use this file except in compliance

 * with the License. You may obtain a copy of the License at

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing,

 * software distributed under the License is distributed on an

 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

 * KIND, either express or implied. See the License for the

 * specific language governing permissions and limitations

 * under the License.

 */

package com.sun.org.apache.xml.internal.security.signature;

import java.io.ByteArrayInputStream;

import java.io.IOException;

import java.io.InputStream;

import java.io.OutputStream;

import javax.crypto.SecretKey;

import javax.crypto.spec.SecretKeySpec;

import javax.xml.parsers.ParserConfigurationException;

import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;

import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;

import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;

import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;

import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;

import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;

import com.sun.org.apache.xml.internal.security.utils.Constants;

import com.sun.org.apache.xml.internal.security.utils.XMLUtils;

import org.w3c.dom.Document;

import org.w3c.dom.Element;

import org.w3c.dom.Node;

import org.xml.sax.SAXException;

/**

 * Handles {@code <ds:SignedInfo>} elements

 * This {@code SignedInfo} element includes the canonicalization algorithm,

 * a signature algorithm, and one or more references.

 *

 */

public class SignedInfo extends Manifest {

    /** Field signatureAlgorithm */

    private SignatureAlgorithm signatureAlgorithm;

    /** Field c14nizedBytes           */

    private byte[] c14nizedBytes;

    private Element c14nMethod;

    private Element signatureMethod;

    /**

     * Overwrites {@link Manifest#addDocument} because it creates another

     * Element.

     *

     * @param doc the {@link Document} in which {@code XMLsignature} will

     *    be placed

     * @throws XMLSecurityException

     */

    public SignedInfo(Document doc) throws XMLSecurityException {

        this(doc, XMLSignature.ALGO_ID_SIGNATURE_DSA,

             Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);

    }

    /**

     * Constructs {@link SignedInfo} using given Canonicalization algorithm and

     * Signature algorithm.

     *

     * @param doc {@code SignedInfo} is placed in this document

     * @param signatureMethodURI URI representation of the Digest and

     *    Signature algorithm

     * @param canonicalizationMethodURI URI representation of the

     *    Canonicalization method

     * @throws XMLSecurityException

     */

    public SignedInfo(

        Document doc, String signatureMethodURI, String canonicalizationMethodURI

    ) throws XMLSecurityException {

        this(doc, signatureMethodURI, 0, canonicalizationMethodURI);

    }

    /**

     * Constructor SignedInfo

     *

     * @param doc {@code SignedInfo} is placed in this document

     * @param signatureMethodURI URI representation of the Digest and

     *    Signature algorithm

     * @param hMACOutputLength

     * @param canonicalizationMethodURI URI representation of the

     *    Canonicalization method

     * @throws XMLSecurityException

     */

    public SignedInfo(

        Document doc, String signatureMethodURI,

        int hMACOutputLength, String canonicalizationMethodURI

    ) throws XMLSecurityException {

        super(doc);

        c14nMethod =

            XMLUtils.createElementInSignatureSpace(getDocument(), Constants._TAG_CANONICALIZATIONMETHOD);

        c14nMethod.setAttributeNS(null, Constants._ATT_ALGORITHM, canonicalizationMethodURI);

        appendSelf(c14nMethod);

        addReturnToSelf();

        if (hMACOutputLength > 0) {

            this.signatureAlgorithm =

                new SignatureAlgorithm(getDocument(), signatureMethodURI, hMACOutputLength);

        } else {

            this.signatureAlgorithm = new SignatureAlgorithm(getDocument(), signatureMethodURI);

        }

        signatureMethod = this.signatureAlgorithm.getElement();

        appendSelf(signatureMethod);

        addReturnToSelf();

    }

    /**

     * @param doc

     * @param signatureMethodElem

     * @param canonicalizationMethodElem

     * @throws XMLSecurityException

     */

    public SignedInfo(

        Document doc, Element signatureMethodElem, Element canonicalizationMethodElem

    ) throws XMLSecurityException {

        super(doc);

        // Check this?

        this.c14nMethod = canonicalizationMethodElem;

        appendSelf(c14nMethod);

        addReturnToSelf();

        this.signatureAlgorithm =

            new SignatureAlgorithm(signatureMethodElem, null);

        signatureMethod = this.signatureAlgorithm.getElement();

        appendSelf(signatureMethod);

        addReturnToSelf();

    }

    /**

     * Build a {@link SignedInfo} from an {@link Element}

     *

     * @param element {@code SignedInfo}

     * @param baseURI the URI of the resource where the XML instance was stored

     * @throws XMLSecurityException

     * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">

     * Question</A>

     * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">

     * Answer</A>

     */

    public SignedInfo(Element element, String baseURI) throws XMLSecurityException {

        this(element, baseURI, true);

    }

    /**

     * Build a {@link SignedInfo} from an {@link Element}

     *

     * @param element {@code SignedInfo}

     * @param baseURI the URI of the resource where the XML instance was stored

     * @param secureValidation whether secure validation is enabled or not

     * @throws XMLSecurityException

     * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">

     * Question</A>

     * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">

     * Answer</A>

     */

    public SignedInfo(

        Element element, String baseURI, boolean secureValidation

    ) throws XMLSecurityException {

        // Parse the Reference children and Id attribute in the Manifest

        super(reparseSignedInfoElem(element, secureValidation), baseURI, secureValidation);

        c14nMethod = XMLUtils.getNextElement(element.getFirstChild());

        signatureMethod = XMLUtils.getNextElement(c14nMethod.getNextSibling());

        this.signatureAlgorithm =

            new SignatureAlgorithm(signatureMethod, this.getBaseURI(), secureValidation);

    }

    private static Element reparseSignedInfoElem(Element element, boolean secureValidation)

        throws XMLSecurityException {

        /*

         * If a custom canonicalizationMethod is used, canonicalize

         * ds:SignedInfo, reparse it into a new document

         * and replace the original not-canonicalized ds:SignedInfo by

         * the re-parsed canonicalized one.

         */

        Element c14nMethod = XMLUtils.getNextElement(element.getFirstChild());

        String c14nMethodURI =

            c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);

        if (!(c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS) ||

            c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS) ||

            c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) ||

            c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS) ||

            c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS) ||

            c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS))) {

            // the c14n is not a secure one and can rewrite the URIs or like

            // so reparse the SignedInfo to be sure

            try {

                Canonicalizer c14nizer =

                    Canonicalizer.getInstance(c14nMethodURI);

                c14nizer.setSecureValidation(secureValidation);

                byte[] c14nizedBytes = c14nizer.canonicalizeSubtree(element);

                try (InputStream is = new ByteArrayInputStream(c14nizedBytes)) {

                    Node imported = element.getOwnerDocument().importNode(

                            newdoc.getDocumentElement(), true);

                    element.getParentNode().replaceChild(imported, element);

                    return (Element) imported;

                }

            } catch (ParserConfigurationException ex) {

                throw new XMLSecurityException(ex);

            } catch (IOException ex) {

                throw new XMLSecurityException(ex);

            } catch (SAXException ex) {

                throw new XMLSecurityException(ex);

            }

        }

        return element;

    }

    /**

     * Tests core validation process

     *

     * @return true if verification was successful

     * @throws MissingResourceFailureException

     * @throws XMLSecurityException

     */

    public boolean verify()

        throws MissingResourceFailureException, XMLSecurityException {

        return super.verifyReferences(false);

    }

    /**

     * Tests core validation process

     *

     * @param followManifests defines whether the verification process has to verify referenced {@code ds:Manifest}s, too

     * @return true if verification was successful

     * @throws MissingResourceFailureException

     * @throws XMLSecurityException

     */

    public boolean verify(boolean followManifests)

        throws MissingResourceFailureException, XMLSecurityException {

        return super.verifyReferences(followManifests);

    }

    /**

     * Returns getCanonicalizedOctetStream

     *

     * @return the canonicalization result octet stream of {@code SignedInfo} element

     * @throws CanonicalizationException

     * @throws InvalidCanonicalizerException

     * @throws XMLSecurityException

     */

    public byte[] getCanonicalizedOctetStream()

        throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException {

        if (this.c14nizedBytes == null) {

            Canonicalizer c14nizer =

                Canonicalizer.getInstance(this.getCanonicalizationMethodURI());

            c14nizer.setSecureValidation(isSecureValidation());

            String inclusiveNamespaces = this.getInclusiveNamespaces();

            if (inclusiveNamespaces == null) {

                this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement());

            } else {

                this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement(), inclusiveNamespaces);

            }

        }

        // make defensive copy

        return this.c14nizedBytes.clone();

    }

    /**

     * Output the C14n stream to the given OutputStream.

     * @param os

     * @throws CanonicalizationException

     * @throws InvalidCanonicalizerException

     * @throws XMLSecurityException

     */

    public void signInOctetStream(OutputStream os)

        throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException {

        if (this.c14nizedBytes == null) {

            Canonicalizer c14nizer =

                Canonicalizer.getInstance(this.getCanonicalizationMethodURI());

            c14nizer.setSecureValidation(isSecureValidation());

            c14nizer.setWriter(os);

            String inclusiveNamespaces = this.getInclusiveNamespaces();

            if (inclusiveNamespaces == null) {

                c14nizer.canonicalizeSubtree(getElement());

            } else {

                c14nizer.canonicalizeSubtree(getElement(), inclusiveNamespaces);

            }

        } else {

            try {

                os.write(this.c14nizedBytes);

            } catch (IOException e) {

                throw new RuntimeException(e);

            }

        }

    }

    /**

     * Returns the Canonicalization method URI

     *

     * @return the Canonicalization method URI

     */

    public String getCanonicalizationMethodURI() {

        return c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);

    }

    /**

     * Returns the Signature method URI

     *

     * @return the Signature method URI

     */

    public String getSignatureMethodURI() {

        Element signatureElement = this.getSignatureMethodElement();

        if (signatureElement != null) {

            return signatureElement.getAttributeNS(null, Constants._ATT_ALGORITHM);

        }

        return null;

    }

    /**

     * Method getSignatureMethodElement

     * @return returns the SignatureMethod Element

     *

     */

    public Element getSignatureMethodElement() {

        return signatureMethod;

    }

    /**

     * Creates a SecretKey for the appropriate Mac algorithm based on a

     * byte[] array password.

     *

     * @param secretKeyBytes

     * @return the secret key for the SignedInfo element.

     */

    public SecretKey createSecretKey(byte[] secretKeyBytes) {

        return new SecretKeySpec(secretKeyBytes, this.signatureAlgorithm.getJCEAlgorithmString());

    }

    public SignatureAlgorithm getSignatureAlgorithm() {

        return signatureAlgorithm;

    }

    /**

     * Method getBaseLocalName

     * {@inheritDoc}

     *

     */

    public String getBaseLocalName() {

        return Constants._TAG_SIGNEDINFO;

    }

    public String getInclusiveNamespaces() {

        String c14nMethodURI = getCanonicalizationMethodURI();

        if (!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") ||

            c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) {

            return null;

        }

        Element inclusiveElement = XMLUtils.getNextElement(c14nMethod.getFirstChild());

        if (inclusiveElement != null) {

            try {

                String inclusiveNamespaces =

                    new InclusiveNamespaces(

                        inclusiveElement,

                        InclusiveNamespaces.ExclusiveCanonicalizationNamespace

                    ).getInclusiveNamespaces();

                return inclusiveNamespaces;

            } catch (XMLSecurityException e) {

                return null;

            }

        }

        return null;

    }

}