package org.apache.cxf.rs.security.jose.jaxrs.multipart;

import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import org.apache.cxf.jaxrs.ext.multipart.MultipartInputFilter;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.common.KeyManagementUtils;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsInputStream;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jws.JwsVerificationSignature;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jaxrs/multipart/JwsMultipartSignatureInFilter.class */
public class JwsMultipartSignatureInFilter implements MultipartInputFilter {
    private JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
    private JwsSignatureVerifier verifier;
    private boolean bufferPayload;
    private Message message;
    private boolean useJwsJsonSignatureFormat;

    public JwsMultipartSignatureInFilter(Message message, JwsSignatureVerifier jwsSignatureVerifier, boolean z, boolean z2) {
        this.message = message;
        this.verifier = jwsSignatureVerifier;
        this.bufferPayload = z;
        this.useJwsJsonSignatureFormat = z2;
    }

    public void filter(List<Attachment> list) {
        String str;
        String str2;
        InputStream inputStream;
        if (list.size() < 2) {
            throw ExceptionUtils.toBadRequestException((Throwable) null, (Response) null);
        }
        try {
            String readStringFromStream = IOUtils.readStringFromStream(list.remove(list.size() - 1).getDataHandler().getInputStream());
            if (this.useJwsJsonSignatureFormat) {
                Map fromJson = this.reader.fromJson(readStringFromStream);
                if (fromJson.size() != 2 || !fromJson.containsKey("protected") || !fromJson.containsKey("signature")) {
                    throw ExceptionUtils.toBadRequestException((Throwable) null, (Response) null);
                }
                str = (String) fromJson.get("protected");
                str2 = (String) fromJson.get("signature");
            } else {
                String[] compactParts = JoseUtils.getCompactParts(readStringFromStream);
                if (compactParts.length != 3 || compactParts[1].length() > 0) {
                    throw ExceptionUtils.toBadRequestException((Throwable) null, (Response) null);
                }
                str = compactParts[0];
                str2 = compactParts[2];
            }
            JwsHeaders jwsHeaders = new JwsHeaders(new JsonMapObjectReaderWriter().fromJson(JoseUtils.decodeToString(str)));
            JoseUtils.traceHeaders(jwsHeaders);
            if (Boolean.FALSE != jwsHeaders.getPayloadEncodingStatus()) {
                throw ExceptionUtils.toBadRequestException((Throwable) null, (Response) null);
            }
            JwsVerificationSignature createJwsVerificationSignature = (this.verifier == null ? JwsUtils.loadSignatureVerifier(this.message, KeyManagementUtils.loadStoreProperties(this.message, true, "rs.security.signature.in.properties", "rs.security.signature.properties"), jwsHeaders, false) : this.verifier).createJwsVerificationSignature(jwsHeaders);
            if (createJwsVerificationSignature == null) {
                throw ExceptionUtils.toBadRequestException((Throwable) null, (Response) null);
            }
            byte[] decode = JoseUtils.decode(str2);
            byte[] bytesASCII = StringUtils.toBytesASCII(str + ".");
            createJwsVerificationSignature.update(bytesASCII, 0, bytesASCII.length);
            int size = list.size();
            int i = 0;
            while (i < size) {
                Attachment remove = list.remove(i);
                try {
                    InputStream jwsInputStream = new JwsInputStream(remove.getDataHandler().getDataSource().getInputStream(), createJwsVerificationSignature, decode, i == size - 1);
                    if (this.bufferPayload) {
                        CachedOutputStream cachedOutputStream = new CachedOutputStream();
                        try {
                            IOUtils.copy(jwsInputStream, cachedOutputStream);
                            inputStream = cachedOutputStream.getInputStream();
                        } catch (Exception e) {
                            throw ExceptionUtils.toBadRequestException(e, (Response) null);
                        }
                    } else {
                        inputStream = jwsInputStream;
                    }
                    list.add(i, new Attachment(inputStream, remove.getHeaders()));
                    i++;
                } catch (IOException e2) {
                    throw ExceptionUtils.toBadRequestException(e2, (Response) null);
                }
            }
        } catch (IOException e3) {
            throw ExceptionUtils.toBadRequestException((Throwable) null, (Response) null);
        }
    }
}
