package org.apache.xml.security.stax.ext;

import java.io.OutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import javax.crypto.KeyGenerator;
import javax.xml.stream.XMLStreamWriter;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.impl.DocumentContextImpl;
import org.apache.xml.security.stax.impl.OutboundSecurityContextImpl;
import org.apache.xml.security.stax.impl.OutputProcessorChainImpl;
import org.apache.xml.security.stax.impl.XMLSecurityStreamWriter;
import org.apache.xml.security.stax.impl.processor.output.FinalOutputProcessor;
import org.apache.xml.security.stax.impl.processor.output.XMLEncryptOutputProcessor;
import org.apache.xml.security.stax.impl.processor.output.XMLSignatureOutputProcessor;
import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:WEB-INF/lib/xmlsec-2.2.5.jar:org/apache/xml/security/stax/ext/OutboundXMLSec.class */
public class OutboundXMLSec {
    private final XMLSecurityProperties securityProperties;

    public OutboundXMLSec(XMLSecurityProperties xMLSecurityProperties) {
        this.securityProperties = xMLSecurityProperties;
    }

    public XMLStreamWriter processOutMessage(OutputStream outputStream, String str) throws XMLSecurityException {
        return processOutMessage((Object) outputStream, str, (SecurityEventListener) null);
    }

    public XMLStreamWriter processOutMessage(XMLStreamWriter xMLStreamWriter, String str) throws XMLSecurityException {
        return processOutMessage((Object) xMLStreamWriter, str, (SecurityEventListener) null);
    }

    public XMLStreamWriter processOutMessage(OutputStream outputStream, String str, SecurityEventListener securityEventListener) throws XMLSecurityException {
        return processOutMessage((Object) outputStream, str, securityEventListener);
    }

    public XMLStreamWriter processOutMessage(XMLStreamWriter xMLStreamWriter, String str, SecurityEventListener securityEventListener) throws XMLSecurityException {
        return processOutMessage((Object) xMLStreamWriter, str, securityEventListener);
    }

    private XMLStreamWriter processOutMessage(Object obj, String str, SecurityEventListener securityEventListener) throws XMLSecurityException {
        OutboundSecurityContextImpl outboundSecurityContextImpl = new OutboundSecurityContextImpl();
        if (securityEventListener != null) {
            outboundSecurityContextImpl.addSecurityEventListener(securityEventListener);
        }
        DocumentContextImpl documentContextImpl = new DocumentContextImpl();
        documentContextImpl.setEncoding(str);
        OutputProcessorChainImpl outputProcessorChainImpl = new OutputProcessorChainImpl(outboundSecurityContextImpl, documentContextImpl);
        SecurePart securePart = null;
        SecurePart securePart2 = null;
        for (XMLSecurityConstants.Action action : this.securityProperties.getActions()) {
            if (XMLSecurityConstants.SIGNATURE.equals(action)) {
                initializeOutputProcessor(outputProcessorChainImpl, new XMLSignatureOutputProcessor(), action);
                configureSignatureKeys(outboundSecurityContextImpl);
                for (SecurePart securePart3 : this.securityProperties.getSignatureSecureParts()) {
                    if (securePart3.getIdToSecure() == null && securePart3.getName() != null) {
                        outputProcessorChainImpl.getSecurityContext().putAsMap("signatureParts", securePart3.getName(), securePart3);
                    } else if (securePart3.getIdToSecure() != null) {
                        outputProcessorChainImpl.getSecurityContext().putAsMap("signatureParts", securePart3.getIdToSecure(), securePart3);
                    } else if (securePart3.getExternalReference() != null) {
                        outputProcessorChainImpl.getSecurityContext().putAsMap("signatureParts", securePart3.getExternalReference(), securePart3);
                    } else if (securePart3.isSecureEntireRequest()) {
                        securePart = securePart3;
                    }
                }
            } else if (XMLSecurityConstants.ENCRYPTION.equals(action)) {
                initializeOutputProcessor(outputProcessorChainImpl, new XMLEncryptOutputProcessor(), action);
                configureEncryptionKeys(outboundSecurityContextImpl);
                for (SecurePart securePart4 : this.securityProperties.getEncryptionSecureParts()) {
                    if (securePart4.getIdToSecure() == null && securePart4.getName() != null) {
                        outputProcessorChainImpl.getSecurityContext().putAsMap("encryptionParts", securePart4.getName(), securePart4);
                    } else if (securePart4.getIdToSecure() != null) {
                        outputProcessorChainImpl.getSecurityContext().putAsMap("encryptionParts", securePart4.getIdToSecure(), securePart4);
                    } else if (securePart4.isSecureEntireRequest()) {
                        securePart2 = securePart4;
                    }
                }
            }
        }
        if (obj instanceof OutputStream) {
            initializeOutputProcessor(outputProcessorChainImpl, new FinalOutputProcessor((OutputStream) obj, str), null);
        } else {
            if (!(obj instanceof XMLStreamWriter)) {
                throw new IllegalArgumentException(obj + " is not supported as output");
            }
            initializeOutputProcessor(outputProcessorChainImpl, new FinalOutputProcessor((XMLStreamWriter) obj), null);
        }
        XMLSecurityStreamWriter xMLSecurityStreamWriter = new XMLSecurityStreamWriter(outputProcessorChainImpl);
        xMLSecurityStreamWriter.setSignEntireRequestPart(securePart);
        xMLSecurityStreamWriter.setEncryptEntireRequestPart(securePart2);
        return xMLSecurityStreamWriter;
    }

    private void initializeOutputProcessor(OutputProcessorChainImpl outputProcessorChainImpl, OutputProcessor outputProcessor, XMLSecurityConstants.Action action) throws XMLSecurityException {
        outputProcessor.setXMLSecurityProperties(this.securityProperties);
        outputProcessor.setAction(action);
        outputProcessor.init(outputProcessorChainImpl);
    }

    private void configureSignatureKeys(OutboundSecurityContextImpl outboundSecurityContextImpl) throws XMLSecurityException {
        Key signatureKey = this.securityProperties.getSignatureKey();
        X509Certificate[] signatureCerts = this.securityProperties.getSignatureCerts();
        if ((signatureKey instanceof PrivateKey) && ((signatureCerts == null || signatureCerts.length == 0) && this.securityProperties.getSignatureVerificationKey() == null)) {
            throw new XMLSecurityException("stax.signature.publicKeyOrCertificateMissing");
        }
        final String generateID = IDGenerator.generateID("SIG");
        final GenericOutboundSecurityToken genericOutboundSecurityToken = new GenericOutboundSecurityToken(generateID, SecurityTokenConstants.DefaultToken, signatureKey, signatureCerts);
        if (this.securityProperties.getSignatureVerificationKey() instanceof PublicKey) {
            genericOutboundSecurityToken.setPublicKey((PublicKey) this.securityProperties.getSignatureVerificationKey());
        }
        outboundSecurityContextImpl.registerSecurityTokenProvider(generateID, new SecurityTokenProvider<OutboundSecurityToken>() { // from class: org.apache.xml.security.stax.ext.OutboundXMLSec.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
                return genericOutboundSecurityToken;
            }

            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public String getId() {
                return generateID;
            }
        });
        outboundSecurityContextImpl.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, generateID);
    }

    private void configureEncryptionKeys(OutboundSecurityContextImpl outboundSecurityContextImpl) throws XMLSecurityException {
        Key encryptionTransportKey = this.securityProperties.getEncryptionTransportKey();
        X509Certificate encryptionUseThisCertificate = this.securityProperties.getEncryptionUseThisCertificate();
        X509Certificate[] x509CertificateArr = null;
        if (encryptionUseThisCertificate != null) {
            x509CertificateArr = new X509Certificate[]{encryptionUseThisCertificate};
        }
        GenericOutboundSecurityToken genericOutboundSecurityToken = new GenericOutboundSecurityToken(IDGenerator.generateID(null), SecurityTokenConstants.DefaultToken, encryptionTransportKey, x509CertificateArr);
        Key encryptionKey = this.securityProperties.getEncryptionKey();
        if (encryptionKey == null) {
            if (encryptionUseThisCertificate == null && encryptionTransportKey == null) {
                throw new XMLSecurityException("stax.encryption.encryptionKeyMissing");
            }
            String jCEKeyAlgorithmFromURI = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(this.securityProperties.getEncryptionSymAlgorithm());
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(jCEKeyAlgorithmFromURI);
                if (jCEKeyAlgorithmFromURI.contains(JCAConstants.KEY_ALGO_AES)) {
                    keyGenerator.init(JCEAlgorithmMapper.getKeyLengthFromURI(this.securityProperties.getEncryptionSymAlgorithm()));
                }
                encryptionKey = keyGenerator.generateKey();
            } catch (NoSuchAlgorithmException e) {
                throw new XMLSecurityException(e);
            }
        }
        final String generateID = IDGenerator.generateID(null);
        final GenericOutboundSecurityToken genericOutboundSecurityToken2 = new GenericOutboundSecurityToken(generateID, SecurityTokenConstants.DefaultToken, encryptionKey);
        genericOutboundSecurityToken2.setKeyWrappingToken(genericOutboundSecurityToken);
        outboundSecurityContextImpl.registerSecurityTokenProvider(generateID, new SecurityTokenProvider<OutboundSecurityToken>() { // from class: org.apache.xml.security.stax.ext.OutboundXMLSec.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
                return genericOutboundSecurityToken2;
            }

            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public String getId() {
                return generateID;
            }
        });
        outboundSecurityContextImpl.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, generateID);
    }
}
