package org.apache.cxf.ws.security.wss4j;

import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.Provider;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor;
import org.apache.cxf.interceptor.AttachmentOutInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.LoggingOutInterceptor;
import org.apache.cxf.interceptor.StaxOutInterceptor;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.setup.ConfigurationConverter;
import org.apache.wss4j.stax.setup.OutboundWSSec;
import org.apache.wss4j.stax.setup.WSSec;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutboundSecurityContext;
import org.apache.xml.security.stax.impl.OutboundSecurityContextImpl;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.class */
public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor {
    public static final String OUTPUT_STREAM_HOLDER = WSS4JStaxOutInterceptor.class.getName() + ".outputstream";
    private static final Logger LOG = LogUtils.getL7dLogger(WSS4JStaxOutInterceptor.class);
    private WSS4JStaxOutInterceptorInternal ending;
    private boolean mtomEnabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor$WSS4JStaxOutInterceptorInternal.class */
    public final class WSS4JStaxOutInterceptorInternal extends AbstractPhaseInterceptor<Message> {
        WSS4JStaxOutInterceptorInternal() {
            super(Phase.PRE_STREAM_ENDING);
            getBefore().add(AttachmentOutInterceptor.AttachmentOutEndingInterceptor.class.getName());
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleMessage(Message message) throws Fault {
            Object obj = message.getExchange().get((Class<Object>) Provider.class);
            boolean z = obj != null && ThreadLocalSecurityProvider.isInstalled();
            if (z) {
                try {
                    ThreadLocalSecurityProvider.setProvider((Provider) obj);
                } catch (Throwable th) {
                    if (z) {
                        ThreadLocalSecurityProvider.unsetProvider();
                    }
                    throw th;
                }
            }
            handleMessageInternal(message);
            if (z) {
                ThreadLocalSecurityProvider.unsetProvider();
            }
        }

        private void handleMessageInternal(Message message) throws Fault {
            try {
                XMLStreamWriter xMLStreamWriter = (XMLStreamWriter) message.getContent(XMLStreamWriter.class);
                if (xMLStreamWriter != null) {
                    xMLStreamWriter.writeEndDocument();
                    xMLStreamWriter.flush();
                    xMLStreamWriter.close();
                }
                OutputStream outputStream = (OutputStream) message.get(WSS4JStaxOutInterceptor.OUTPUT_STREAM_HOLDER);
                if (outputStream != null) {
                    message.setContent(OutputStream.class, outputStream);
                }
                message.removeContent(XMLStreamWriter.class);
            } catch (XMLStreamException e) {
                throw new Fault((Throwable) e);
            }
        }
    }

    public WSS4JStaxOutInterceptor(WSSSecurityProperties wSSSecurityProperties) {
        super(wSSSecurityProperties);
        setPhase(Phase.PRE_STREAM);
        getBefore().add(StaxOutInterceptor.class.getName());
        this.ending = createEndingInterceptor();
    }

    public WSS4JStaxOutInterceptor(Map<String, Object> map) {
        super(map);
        setPhase(Phase.PRE_STREAM);
        getBefore().add(StaxOutInterceptor.class.getName());
        getAfter().add(LoggingOutInterceptor.class.getName());
        this.ending = createEndingInterceptor();
    }

    public WSS4JStaxOutInterceptor() {
        setPhase(Phase.PRE_STREAM);
        getBefore().add(StaxOutInterceptor.class.getName());
        getAfter().add(LoggingOutInterceptor.class.getName());
        this.ending = createEndingInterceptor();
    }

    public boolean isAllowMTOM() {
        return this.mtomEnabled;
    }

    public void setAllowMTOM(boolean z) {
        this.mtomEnabled = z;
    }

    @Override // org.apache.cxf.ws.security.wss4j.AbstractWSS4JStaxInterceptor
    public Object getProperty(Object obj, String str) {
        return super.getProperty(obj, str);
    }

    protected void handleSecureMTOM(SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) {
        if (this.mtomEnabled) {
            return;
        }
        if (soapMessage.get(Message.MTOM_ENABLED) == Boolean.TRUE) {
            LOG.warning("MTOM will be disabled as the WSS4JOutInterceptor.mtomEnabled property is set to false");
        }
        soapMessage.put(Message.MTOM_ENABLED, (Object) Boolean.FALSE);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        Object obj = (OutputStream) soapMessage.getContent(OutputStream.class);
        String encoding = getEncoding(soapMessage);
        try {
            WSSSecurityProperties createSecurityProperties = createSecurityProperties();
            translateProperties(soapMessage, createSecurityProperties);
            configureCallbackHandler(soapMessage, createSecurityProperties);
            OutboundSecurityContextImpl outboundSecurityContextImpl = new OutboundSecurityContextImpl();
            configureProperties(soapMessage, outboundSecurityContextImpl, createSecurityProperties);
            if (createSecurityProperties.getActions() == null || createSecurityProperties.getActions().size() == 0) {
                return;
            }
            handleSecureMTOM(soapMessage, createSecurityProperties);
            if (createSecurityProperties.getAttachmentCallbackHandler() == null) {
                createSecurityProperties.setAttachmentCallbackHandler(new AttachmentCallbackHandler(soapMessage));
            }
            SecurityEventListener configureSecurityEventListener = configureSecurityEventListener(soapMessage, createSecurityProperties);
            OutboundWSSec outboundWSSec = WSSec.getOutboundWSSec(createSecurityProperties);
            outboundSecurityContextImpl.putList(SecurityEvent.class, (List) soapMessage.getExchange().get(SecurityEvent.class.getName() + ".in"));
            outboundSecurityContextImpl.addSecurityEventListener(configureSecurityEventListener);
            XMLStreamWriter processOutMessage = outboundWSSec.processOutMessage(obj, encoding, outboundSecurityContextImpl);
            soapMessage.setContent(XMLStreamWriter.class, processOutMessage);
            soapMessage.put(AbstractOutDatabindingInterceptor.DISABLE_OUTPUTSTREAM_OPTIMIZATION, Boolean.TRUE);
            try {
                processOutMessage.writeStartDocument(encoding, "1.0");
                soapMessage.removeContent(OutputStream.class);
                soapMessage.put(OUTPUT_STREAM_HOLDER, obj);
                soapMessage.getInterceptorChain().add(this.ending);
            } catch (XMLStreamException e) {
                throw new Fault((Throwable) e);
            }
        } catch (WSSPolicyException e2) {
            throw new Fault(e2);
        } catch (WSSecurityException e3) {
            throw new Fault(e3);
        }
    }

    protected SecurityEventListener configureSecurityEventListener(final SoapMessage soapMessage, WSSSecurityProperties wSSSecurityProperties) throws WSSPolicyException {
        final LinkedList linkedList = new LinkedList();
        soapMessage.getExchange().put(SecurityEvent.class.getName() + ".out", linkedList);
        soapMessage.put(SecurityEvent.class.getName() + ".out", (Object) linkedList);
        return new SecurityEventListener() { // from class: org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor.1
            @Override // org.apache.xml.security.stax.securityEvent.SecurityEventListener
            public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
                if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SAML_TOKEN) {
                    WSS4JUtils.parseAndStoreStreamingSecurityToken(((TokenSecurityEvent) securityEvent).getSecurityToken(), soapMessage);
                } else if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignatureValue) {
                    linkedList.add(securityEvent);
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureProperties(SoapMessage soapMessage, OutboundSecurityContext outboundSecurityContext, WSSSecurityProperties wSSSecurityProperties) throws WSSecurityException {
        String str = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, soapMessage);
        if (str != null) {
            wSSSecurityProperties.setTokenUser(str);
        }
        String str2 = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_USERNAME, soapMessage);
        if (str2 != null) {
            wSSSecurityProperties.setSignatureUser(str2);
        }
        String str3 = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, soapMessage);
        if (str3 != null) {
            wSSSecurityProperties.setEncryptionUser(str3);
        }
        Map<String, Object> properties = getProperties();
        if (properties == null || properties.isEmpty()) {
            Crypto signatureCrypto = wSSSecurityProperties.getSignatureCrypto();
            if (signatureCrypto != null && str2 == null && signatureCrypto.getDefaultX509Identifier() != null) {
                wSSSecurityProperties.setSignatureUser(signatureCrypto.getDefaultX509Identifier());
            }
            Crypto encryptionCrypto = wSSSecurityProperties.getEncryptionCrypto();
            if (encryptionCrypto != null && str3 == null && encryptionCrypto.getDefaultX509Identifier() != null) {
                wSSSecurityProperties.setEncryptionUser(encryptionCrypto.getDefaultX509Identifier());
            }
        } else {
            Crypto loadCrypto = loadCrypto(soapMessage, ConfigurationConstants.SIG_PROP_FILE, ConfigurationConstants.SIG_PROP_REF_ID, wSSSecurityProperties);
            if (loadCrypto != null) {
                properties.put(ConfigurationConstants.SIG_PROP_REF_ID, "RefId-" + loadCrypto.hashCode());
                properties.put("RefId-" + loadCrypto.hashCode(), loadCrypto);
                if (str2 == null && loadCrypto.getDefaultX509Identifier() != null) {
                    wSSSecurityProperties.setSignatureUser(loadCrypto.getDefaultX509Identifier());
                }
            }
            Crypto loadCrypto2 = loadCrypto(soapMessage, ConfigurationConstants.ENC_PROP_FILE, ConfigurationConstants.ENC_PROP_REF_ID, wSSSecurityProperties);
            if (loadCrypto2 != null) {
                properties.put(ConfigurationConstants.ENC_PROP_REF_ID, "RefId-" + loadCrypto2.hashCode());
                properties.put("RefId-" + loadCrypto2.hashCode(), loadCrypto2);
                if (str3 == null && loadCrypto2.getDefaultX509Identifier() != null) {
                    wSSSecurityProperties.setEncryptionUser(loadCrypto2.getDefaultX509Identifier());
                }
            }
            ConfigurationConverter.parseCrypto(properties, wSSSecurityProperties);
        }
        if (wSSSecurityProperties.getSignatureUser() == null && str != null) {
            wSSSecurityProperties.setSignatureUser(str);
        }
        if (wSSSecurityProperties.getEncryptionUser() != null || str == null) {
            return;
        }
        wSSSecurityProperties.setEncryptionUser(str);
    }

    public final WSS4JStaxOutInterceptorInternal createEndingInterceptor() {
        return new WSS4JStaxOutInterceptorInternal();
    }

    private String getEncoding(Message message) {
        Exchange exchange = message.getExchange();
        String str = (String) message.get(Message.ENCODING);
        if (str == null && exchange.getInMessage() != null) {
            str = (String) exchange.getInMessage().get(Message.ENCODING);
            message.put(Message.ENCODING, str);
        }
        if (str == null) {
            str = StandardCharsets.UTF_8.name();
            message.put(Message.ENCODING, str);
        }
        return str;
    }
}
