package org.apache.wss4j.stax.impl.processor.output;

import java.io.OutputStream;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.Attribute;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.ext.WSSUtils;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.TransformerAlgorithmMapper;
import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.EncryptionPartDef;
import org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.class */
public class EncryptOutputProcessor extends AbstractEncryptOutputProcessor {
    private static final transient Logger logger = LoggerFactory.getLogger(EncryptOutputProcessor.class);

    /* loaded from: input_file:org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor$InternalEncryptionOutputProcessor.class */
    class InternalEncryptionOutputProcessor extends AbstractEncryptOutputProcessor.AbstractInternalEncryptionOutputProcessor {
        private boolean doEncryptedHeader;
        private final String sha1Identifier;
        private final SecurityTokenConstants.TokenType tokenType;

        InternalEncryptionOutputProcessor(EncryptionPartDef encryptionPartDef, XMLSecStartElement xMLSecStartElement, String str, String str2, SecurityTokenConstants.TokenType tokenType) throws XMLSecurityException, XMLStreamException {
            super(EncryptOutputProcessor.this, encryptionPartDef, xMLSecStartElement, str);
            this.doEncryptedHeader = false;
            addBeforeProcessor(EncryptEndingOutputProcessor.class.getName());
            addBeforeProcessor(InternalEncryptionOutputProcessor.class.getName());
            addAfterProcessor(EncryptOutputProcessor.class.getName());
            this.sha1Identifier = str2;
            this.tokenType = tokenType;
        }

        protected OutputStream applyTransforms(OutputStream outputStream) throws XMLSecurityException {
            String encryptionCompressionAlgorithm = ((WSSSecurityProperties) getSecurityProperties()).getEncryptionCompressionAlgorithm();
            if (encryptionCompressionAlgorithm != null) {
                try {
                    outputStream = (OutputStream) TransformerAlgorithmMapper.getTransformerClass(encryptionCompressionAlgorithm, XMLSecurityConstants.DIRECTION.OUT).getConstructor(OutputStream.class).newInstance(outputStream);
                } catch (IllegalAccessException e) {
                    throw new XMLSecurityException(e);
                } catch (InstantiationException e2) {
                    throw new XMLSecurityException(e2);
                } catch (NoSuchMethodException e3) {
                    throw new XMLSecurityException(e3);
                } catch (InvocationTargetException e4) {
                    throw new XMLSecurityException(e4);
                }
            }
            return outputStream;
        }

        protected void processEventInternal(XMLSecStartElement xMLSecStartElement, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
            List elementPath = xMLSecStartElement.getElementPath();
            if (elementPath.size() == 3 && WSSUtils.isInSOAPHeader((List<QName>) elementPath)) {
                this.doEncryptedHeader = true;
                ArrayList arrayList = new ArrayList(1);
                Iterator attributes = getXmlSecStartElement().getAttributes();
                while (attributes.hasNext()) {
                    Attribute attribute = (Attribute) attributes.next();
                    if (!attribute.isNamespace() && (WSSConstants.NS_SOAP11.equals(attribute.getName().getNamespaceURI()) || WSSConstants.NS_SOAP12.equals(attribute.getName().getNamespaceURI()))) {
                        arrayList.add(createAttribute(attribute.getName(), attribute.getValue()));
                    }
                }
                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse11_EncryptedHeader, true, arrayList);
            }
            super.processEventInternal(xMLSecStartElement, outputProcessorChain);
        }

        protected void createKeyInfoStructure(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, null);
            SecurityTokenConstants.KeyIdentifier encryptionKeyIdentifier = ((WSSSecurityProperties) getSecurityProperties()).getEncryptionKeyIdentifier();
            if (WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(encryptionKeyIdentifier)) {
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, false, arrayList);
                if (this.sha1Identifier != null) {
                    WSSUtils.createEncryptedKeySha1IdentifierStructure((AbstractOutputProcessor) this, outputProcessorChain, this.sha1Identifier);
                } else {
                    WSSUtils.createEncryptedKeySha1IdentifierStructure((AbstractOutputProcessor) this, outputProcessorChain, getEncryptionPartDef().getSymmetricKey());
                }
            } else if (WSSecurityTokenConstants.KeyIdentifier_KerberosSha1Identifier.equals(encryptionKeyIdentifier)) {
                ArrayList arrayList2 = new ArrayList(1);
                arrayList2.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_Kerberos5_AP_REQ));
                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, false, arrayList2);
                WSSUtils.createKerberosSha1IdentifierStructure(this, outputProcessorChain, this.sha1Identifier);
            } else {
                boolean z = false;
                if (WSSecurityTokenConstants.KerberosToken.equals(this.tokenType)) {
                    ArrayList arrayList3 = new ArrayList(2);
                    arrayList3.add(createAttribute(WSSConstants.ATT_wsu_Id, IDGenerator.generateID((String) null)));
                    arrayList3.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_GSS_Kerberos5_AP_REQ));
                    createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, false, arrayList3);
                } else if (WSSecurityTokenConstants.Saml10Token.equals(this.tokenType) || WSSecurityTokenConstants.Saml11Token.equals(this.tokenType)) {
                    ArrayList arrayList4 = new ArrayList(2);
                    arrayList4.add(createAttribute(WSSConstants.ATT_wsu_Id, IDGenerator.generateID((String) null)));
                    arrayList4.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE));
                    createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, false, arrayList4);
                    z = true;
                } else if (WSSecurityTokenConstants.Saml20Token.equals(this.tokenType)) {
                    ArrayList arrayList5 = new ArrayList(2);
                    arrayList5.add(createAttribute(WSSConstants.ATT_wsu_Id, IDGenerator.generateID((String) null)));
                    arrayList5.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE));
                    createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, false, arrayList5);
                    z = true;
                } else if (WSSecurityTokenConstants.EncryptedKeyToken.equals(this.tokenType)) {
                    ArrayList arrayList6 = new ArrayList(2);
                    arrayList6.add(createAttribute(WSSConstants.ATT_wsu_Id, IDGenerator.generateID((String) null)));
                    arrayList6.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
                    createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, false, arrayList6);
                } else {
                    createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
                }
                if (z) {
                    WSSUtils.createSAMLKeyIdentifierStructure(this, outputProcessorChain, this.tokenType, getEncryptionPartDef().getKeyId());
                } else {
                    ArrayList arrayList7 = new ArrayList(1);
                    arrayList7.add(createAttribute(WSSConstants.ATT_NULL_URI, "#" + getEncryptionPartDef().getKeyId()));
                    if (WSSecurityTokenConstants.KerberosToken.equals(this.tokenType)) {
                        arrayList7.add(createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_GSS_Kerberos5_AP_REQ));
                    } else if (WSSecurityTokenConstants.DerivedKeyToken.equals(this.tokenType)) {
                        if (((WSSSecurityProperties) getSecurityProperties()).isUse200512Namespace()) {
                            arrayList7.add(createAttribute(WSSConstants.ATT_NULL_ValueType, "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk"));
                        } else {
                            arrayList7.add(createAttribute(WSSConstants.ATT_NULL_ValueType, "http://schemas.xmlsoap.org/ws/2005/02/sc/dk"));
                        }
                    } else if (WSSecurityTokenConstants.SpnegoContextToken.equals(this.tokenType) || WSSecurityTokenConstants.SecurityContextToken.equals(this.tokenType) || WSSecurityTokenConstants.SecureConversationToken.equals(this.tokenType)) {
                        if (((WSSSecurityProperties) getSecurityProperties()).isUse200512Namespace()) {
                            arrayList7.add(createAttribute(WSSConstants.ATT_NULL_ValueType, "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct"));
                        } else {
                            arrayList7.add(createAttribute(WSSConstants.ATT_NULL_ValueType, "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct"));
                        }
                    } else if (WSSecurityTokenConstants.EncryptedKeyToken.equals(this.tokenType)) {
                        arrayList7.add(createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
                    }
                    createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, false, arrayList7);
                    createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
                }
            }
            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
        }

        protected void doFinalInternal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
            super.doFinalInternal(outputProcessorChain);
            if (this.doEncryptedHeader) {
                createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse11_EncryptedHeader);
            }
        }
    }

    public void init(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
        super.init(outputProcessorChain);
        EncryptEndingOutputProcessor encryptEndingOutputProcessor = new EncryptEndingOutputProcessor();
        encryptEndingOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
        encryptEndingOutputProcessor.setAction(getAction());
        encryptEndingOutputProcessor.init(outputProcessorChain);
    }

    public void processEvent(XMLSecEvent xMLSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
        SecurePart securePartMatches;
        if (xMLSecEvent.getEventType() == 1) {
            XMLSecStartElement asStartElement = xMLSecEvent.asStartElement();
            if (getActiveInternalEncryptionOutputProcessor() == null && (securePartMatches = securePartMatches(asStartElement, outputProcessorChain, "encryptionParts")) != null) {
                logger.debug("Matched encryptionPart for encryption");
                SecurityTokenProvider securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider((String) outputProcessorChain.getSecurityContext().get("PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION"));
                OutboundSecurityToken outboundSecurityToken = (OutboundSecurityToken) securityTokenProvider.getSecurityToken();
                EncryptionPartDef encryptionPartDef = new EncryptionPartDef();
                encryptionPartDef.setSecurePart(securePartMatches);
                encryptionPartDef.setModifier(securePartMatches.getModifier());
                encryptionPartDef.setEncRefId(IDGenerator.generateID((String) null));
                encryptionPartDef.setKeyId(securityTokenProvider.getId());
                encryptionPartDef.setSymmetricKey(outboundSecurityToken.getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm()));
                outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
                InternalEncryptionOutputProcessor internalEncryptionOutputProcessor = new InternalEncryptionOutputProcessor(encryptionPartDef, asStartElement, outputProcessorChain.getDocumentContext().getEncoding(), outboundSecurityToken.getSha1Identifier(), outboundSecurityToken.getTokenType());
                internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
                internalEncryptionOutputProcessor.setAction(getAction());
                internalEncryptionOutputProcessor.init(outputProcessorChain);
                setActiveInternalEncryptionOutputProcessor(internalEncryptionOutputProcessor);
                if (WSSConstants.TAG_soap_Body_LocalName.equals(asStartElement.getName().getLocalPart()) && WSSUtils.isInSOAPBody((XMLSecEvent) asStartElement)) {
                    doFinalInternal(outputProcessorChain);
                    outputProcessorChain.removeProcessor(this);
                }
            }
        }
        outputProcessorChain.processEvent(xMLSecEvent);
    }
}
