package org.apache.wss4j.stax.impl.processor.output;

import java.util.ArrayList;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import org.apache.commons.codec.binary.Base64;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.ext.WSSUtils;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;

/* loaded from: input_file:org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.class */
public class BinarySecurityTokenOutputProcessor extends AbstractOutputProcessor {

    /* loaded from: input_file:org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor$FinalBinarySecurityTokenOutputProcessor.class */
    class FinalBinarySecurityTokenOutputProcessor extends AbstractOutputProcessor {
        private final OutboundSecurityToken securityToken;

        FinalBinarySecurityTokenOutputProcessor(OutboundSecurityToken outboundSecurityToken) throws XMLSecurityException {
            addAfterProcessor(BinarySecurityTokenOutputProcessor.class.getName());
            this.securityToken = outboundSecurityToken;
        }

        public void processEvent(XMLSecEvent xMLSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
            outputProcessorChain.processEvent(xMLSecEvent);
            if (WSSUtils.isSecurityHeaderElement(xMLSecEvent, ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
                QName qName = WSSConstants.TAG_wsse_BinarySecurityToken;
                WSSUtils.updateSecurityHeaderOrder(outputProcessorChain, qName, getAction(), false);
                OutputProcessorChain createSubChain = outputProcessorChain.createSubChain(this);
                if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction()) || WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(getAction()) || WSSConstants.KERBEROS_TOKEN.equals(getAction())) {
                    ArrayList arrayList = new ArrayList(3);
                    arrayList.add(createAttribute(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
                    arrayList.add(createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_GSS_Kerberos5_AP_REQ));
                    arrayList.add(createAttribute(WSSConstants.ATT_wsu_Id, this.securityToken.getId()));
                    createStartElementAndOutputAsEvent(createSubChain, qName, false, arrayList);
                    createCharactersAndOutputAsEvent(createSubChain, new Base64(76, new byte[]{10}).encodeToString(this.securityToken.getTicket()));
                    createEndElementAndOutputAsEvent(createSubChain, qName);
                    if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction())) {
                        WSSUtils.updateSecurityHeaderOrder(outputProcessorChain, WSSConstants.TAG_xenc_ReferenceList, getAction(), false);
                        WSSUtils.createReferenceListStructureForEncryption(this, createSubChain);
                    }
                } else {
                    WSSUtils.createBinarySecurityTokenStructure(this, createSubChain, this.securityToken.getId(), this.securityToken.getX509Certificates(), getSecurityProperties().isUseSingleCert());
                }
                outputProcessorChain.removeProcessor(this);
            }
        }
    }

    public BinarySecurityTokenOutputProcessor() throws XMLSecurityException {
        addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
    }

    public void processEvent(XMLSecEvent xMLSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
        SecurityTokenProvider securityTokenProvider;
        try {
            GenericOutboundSecurityToken genericOutboundSecurityToken = null;
            XMLSecurityConstants.Action action = getAction();
            String str = null;
            if (WSSConstants.SIGNATURE.equals(action) || WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
                str = (String) outputProcessorChain.getSecurityContext().get("PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE");
            } else if (WSSConstants.ENCRYPT.equals(action)) {
                str = (String) outputProcessorChain.getSecurityContext().get("PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY");
            } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction()) || WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(getAction()) || WSSConstants.KERBEROS_TOKEN.equals(getAction())) {
                str = (String) outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS);
            }
            if (str != null && (securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(str)) != null) {
                genericOutboundSecurityToken = (GenericOutboundSecurityToken) securityTokenProvider.getSecurityToken();
            }
            boolean z = false;
            SecurityTokenConstants.KeyIdentifier keyIdentifier = null;
            if (WSSConstants.SIGNATURE.equals(action) || WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
                z = ((WSSSecurityProperties) getSecurityProperties()).isIncludeSignatureToken();
                keyIdentifier = getSecurityProperties().getSignatureKeyIdentifier();
            } else if (WSSConstants.ENCRYPT.equals(action)) {
                z = ((WSSSecurityProperties) getSecurityProperties()).isIncludeEncryptionToken();
                keyIdentifier = getSecurityProperties().getEncryptionKeyIdentifier();
            }
            if (genericOutboundSecurityToken != null) {
                if (WSSConstants.SIGNATURE.equals(action) && ((z || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(keyIdentifier)) && (genericOutboundSecurityToken.getTokenType() == null || WSSecurityTokenConstants.X509V3Token.equals(genericOutboundSecurityToken.getTokenType())))) {
                    FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor = new FinalBinarySecurityTokenOutputProcessor(genericOutboundSecurityToken);
                    finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
                    finalBinarySecurityTokenOutputProcessor.setAction(getAction());
                    finalBinarySecurityTokenOutputProcessor.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
                    finalBinarySecurityTokenOutputProcessor.init(outputProcessorChain);
                    genericOutboundSecurityToken.setProcessor(finalBinarySecurityTokenOutputProcessor);
                } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) && z && (genericOutboundSecurityToken.getTokenType() == null || WSSecurityTokenConstants.X509V3Token.equals(genericOutboundSecurityToken.getTokenType()))) {
                    FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor2 = new FinalBinarySecurityTokenOutputProcessor(genericOutboundSecurityToken);
                    finalBinarySecurityTokenOutputProcessor2.setXMLSecurityProperties(getSecurityProperties());
                    finalBinarySecurityTokenOutputProcessor2.setAction(getAction());
                    finalBinarySecurityTokenOutputProcessor2.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
                    finalBinarySecurityTokenOutputProcessor2.init(outputProcessorChain);
                    genericOutboundSecurityToken.setProcessor(finalBinarySecurityTokenOutputProcessor2);
                } else if (WSSConstants.ENCRYPT.equals(action) && ((z || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(keyIdentifier)) && (genericOutboundSecurityToken.getTokenType() == null || WSSecurityTokenConstants.X509V3Token.equals(genericOutboundSecurityToken.getTokenType())))) {
                    FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor3 = new FinalBinarySecurityTokenOutputProcessor(genericOutboundSecurityToken);
                    finalBinarySecurityTokenOutputProcessor3.setXMLSecurityProperties(getSecurityProperties());
                    finalBinarySecurityTokenOutputProcessor3.setAction(getAction());
                    finalBinarySecurityTokenOutputProcessor3.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
                    finalBinarySecurityTokenOutputProcessor3.init(outputProcessorChain);
                    genericOutboundSecurityToken.setProcessor(finalBinarySecurityTokenOutputProcessor3);
                } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(getAction()) || WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(getAction()) || WSSConstants.KERBEROS_TOKEN.equals(getAction())) {
                    FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor4 = new FinalBinarySecurityTokenOutputProcessor(genericOutboundSecurityToken);
                    finalBinarySecurityTokenOutputProcessor4.setXMLSecurityProperties(getSecurityProperties());
                    finalBinarySecurityTokenOutputProcessor4.setAction(getAction());
                    finalBinarySecurityTokenOutputProcessor4.addBeforeProcessor(WSSSignatureOutputProcessor.class.getName());
                    finalBinarySecurityTokenOutputProcessor4.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
                    finalBinarySecurityTokenOutputProcessor4.init(outputProcessorChain);
                    genericOutboundSecurityToken.setProcessor(finalBinarySecurityTokenOutputProcessor4);
                }
            }
            outputProcessorChain.processEvent(xMLSecEvent);
        } finally {
            outputProcessorChain.removeProcessor(this);
        }
    }
}
