package org.apache.cxf.rs.security.xml;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.helpers.XMLUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.class */
public class XmlSigOutInterceptor extends AbstractXmlSecOutInterceptor {
    private QName envelopeQName = DEFAULT_ENV_QNAME;
    private String sigStyle = ENVELOPED_SIG;
    private String defaultSigAlgo = SPConstants.RSA_SHA1;
    private String digestAlgo = SPConstants.SHA1;
    public static final String DEFAULT_ENV_PREFIX = "env";
    public static final QName DEFAULT_ENV_QNAME = new QName("http://org.apache.cxf/rs/env", "Envelope", DEFAULT_ENV_PREFIX);
    private static final Logger LOG = LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
    public static final String ENVELOPED_SIG = "enveloped";
    public static final String ENVELOPING_SIG = "enveloping";
    public static final String DETACHED_SIG = "detached";
    private static final Set<String> SUPPORTED_STYLES = new HashSet(Arrays.asList(ENVELOPED_SIG, ENVELOPING_SIG, DETACHED_SIG));

    public void setStyle(String str) {
        if (!SUPPORTED_STYLES.contains(str)) {
            throw new IllegalArgumentException("Unsupported XML Signature style");
        }
        this.sigStyle = str;
    }

    public void setSignatureAlgorithm(String str) {
        this.defaultSigAlgo = str;
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlgo = str;
    }

    @Override // org.apache.cxf.rs.security.xml.AbstractXmlSecOutInterceptor
    protected Document processDocument(Message message, Document document) throws Exception {
        return createSignature(message, document);
    }

    private Document createSignature(Message message, Document document) throws Exception {
        String str = SecurityConstants.SIGNATURE_USERNAME;
        CryptoLoader cryptoLoader = new CryptoLoader();
        Crypto crypto = cryptoLoader.getCrypto(message, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES);
        if (crypto == null) {
            crypto = cryptoLoader.getCrypto(message, SecurityConstants.ENCRYPT_CRYPTO, SecurityConstants.ENCRYPT_PROPERTIES);
            str = SecurityConstants.ENCRYPT_USERNAME;
        }
        String userName = SecurityUtils.getUserName(message, crypto, str);
        if (StringUtils.isEmpty(userName)) {
            return null;
        }
        String password = SecurityUtils.getPassword(message, userName, 3, getClass());
        X509Certificate[] certificates = SecurityUtils.getCertificates(crypto, userName);
        String str2 = this.defaultSigAlgo;
        if (certificates[0].getPublicKey().getAlgorithm().equalsIgnoreCase("DSA")) {
            str2 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        }
        try {
            PrivateKey privateKey = crypto.getPrivateKey(userName, password);
            String uuid = UUID.randomUUID().toString();
            String str3 = "#" + uuid;
            XMLSignature prepareEnvelopingSignature = ENVELOPING_SIG.equals(this.sigStyle) ? prepareEnvelopingSignature(document, uuid, str3, str2) : DETACHED_SIG.equals(this.sigStyle) ? prepareDetachedSignature(document, uuid, str3, str2) : prepareEnvelopedSignature(document, uuid, str3, str2);
            prepareEnvelopingSignature.addKeyInfo(certificates[0]);
            prepareEnvelopingSignature.addKeyInfo(certificates[0].getPublicKey());
            prepareEnvelopingSignature.sign(privateKey);
            return prepareEnvelopingSignature.getElement().getOwnerDocument();
        } catch (Exception e) {
            String str4 = "Private key can not be loaded, user:" + userName;
            LOG.severe(str4);
            throw new WSSecurityException(str4, e);
        }
    }

    private XMLSignature prepareEnvelopingSignature(Document document, String str, String str2, String str3) throws Exception {
        Element documentElement = document.getDocumentElement();
        Document createDocument = DOMUtils.createDocument();
        document.removeChild(documentElement);
        createDocument.adoptNode(documentElement);
        Element createElementNS = createDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Object");
        createElementNS.appendChild(documentElement);
        documentElement.setAttributeNS(null, "ID", str);
        documentElement.setIdAttributeNS(null, "ID", true);
        XMLSignature xMLSignature = new XMLSignature(createDocument, "", str3);
        createDocument.appendChild(xMLSignature.getElement());
        xMLSignature.getElement().appendChild(createElementNS);
        Transforms transforms = new Transforms(createDocument);
        transforms.addTransform(SPConstants.EX_C14N);
        xMLSignature.addDocument(str2, transforms, this.digestAlgo);
        return xMLSignature;
    }

    private XMLSignature prepareDetachedSignature(Document document, String str, String str2, String str3) throws Exception {
        Element documentElement = document.getDocumentElement();
        Document createDocument = DOMUtils.createDocument();
        document.removeChild(documentElement);
        createDocument.adoptNode(documentElement);
        documentElement.setAttributeNS(null, "ID", str);
        documentElement.setIdAttributeNS(null, "ID", true);
        Element createElementNS = createDocument.createElementNS(this.envelopeQName.getNamespaceURI(), this.envelopeQName.getPrefix() + ":" + this.envelopeQName.getLocalPart());
        createElementNS.appendChild(documentElement);
        createDocument.appendChild(createElementNS);
        XMLSignature xMLSignature = new XMLSignature(createDocument, "", str3);
        createElementNS.appendChild(xMLSignature.getElement());
        Transforms transforms = new Transforms(createDocument);
        transforms.addTransform(SPConstants.EX_C14N);
        xMLSignature.addDocument(str2, transforms, this.digestAlgo);
        return xMLSignature;
    }

    private XMLSignature prepareEnvelopedSignature(Document document, String str, String str2, String str3) throws Exception {
        document.getDocumentElement().setAttributeNS(null, "ID", str);
        document.getDocumentElement().setIdAttributeNS(null, "ID", true);
        XMLSignature xMLSignature = new XMLSignature(document, "", str3);
        document.getDocumentElement().appendChild(xMLSignature.getElement());
        Transforms transforms = new Transforms(document);
        transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
        transforms.addTransform(SPConstants.EX_C14N);
        xMLSignature.addDocument(str2, transforms, this.digestAlgo);
        return xMLSignature;
    }

    public void setEnvelopeName(String str) {
        setEnvelopeQName(XMLUtils.convertStringToQName(str, DEFAULT_ENV_PREFIX));
    }

    public void setEnvelopeQName(QName qName) {
        if (qName.getPrefix().length() == 0) {
            qName = new QName(qName.getNamespaceURI(), qName.getLocalPart(), DEFAULT_ENV_PREFIX);
        }
        this.envelopeQName = qName;
    }
}
