package com.mulesoft.modules.wss.api.outgoing;

import com.mulesoft.modules.wss.api.constants.SignatureAlgorithmConstants;
import com.mulesoft.modules.wss.api.constants.SignatureC14nAlgorithmConstants;
import com.mulesoft.modules.wss.api.constants.SignatureDigestAlgorithmConstants;
import com.mulesoft.modules.wss.api.constants.SignatureKeyIdentifierConstants;
import com.mulesoft.modules.wss.api.store.KeyStoreConfiguration;
import com.mulesoft.modules.wss.internal.error.WssApplyException;
import com.mulesoft.modules.wss.internal.error.WssSecurityException;
import java.util.List;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.mule.runtime.api.meta.ExpressionSupport;
import org.mule.runtime.extension.api.annotation.Alias;
import org.mule.runtime.extension.api.annotation.Expression;
import org.mule.runtime.extension.api.annotation.param.Optional;
import org.mule.runtime.extension.api.annotation.param.Parameter;
import org.mule.runtime.extension.api.annotation.param.display.DisplayName;
import org.mule.runtime.extension.api.annotation.param.display.Summary;
import org.w3c.dom.Document;

/* loaded from: input_file:com/mulesoft/modules/wss/api/outgoing/SignatureConfig.class */
public class SignatureConfig extends BaseOutgoingConfig implements OutgoingWss {

    @Optional(defaultValue = "ISSUER_SERIAL")
    @Parameter
    @Summary("The key identifier type to use for signature.")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private SignatureKeyIdentifierConstants keyIdentifier;

    @Optional
    @Parameter
    @Summary("The signature algorithm to use. The default is set by the data in the certificate.")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private SignatureAlgorithmConstants algorithm;

    @Optional(defaultValue = "SHA1")
    @Parameter
    @Summary("The signature digest algorithm to use.")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private SignatureDigestAlgorithmConstants digestAlgorithm;

    @Optional(defaultValue = "ExclusiveXMLCanonicalization_1_0")
    @Parameter
    @Summary("Defines which signature c14n (canonicalization) algorithm to use.")
    @DisplayName("Signature c14n algorithm")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private SignatureC14nAlgorithmConstants c14nAlgorithm;

    @Parameter
    @DisplayName("KeyStore Configuration")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias("keystore-config")
    private KeyStoreConfiguration keyStoreConfiguration;

    @Override // com.mulesoft.modules.wss.api.outgoing.OutgoingWss
    public void apply(String str, Document document, WSSecHeader wSSecHeader) throws WssApplyException {
        try {
            WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
            wSSecSignature.setUserInfo(this.keyStoreConfiguration.getAlias(), this.keyStoreConfiguration.getKeyPassword());
            if (this.keyIdentifier != null) {
                wSSecSignature.setKeyIdentifierType(this.keyIdentifier.getNumVal());
            }
            if (this.algorithm != null) {
                wSSecSignature.setSignatureAlgorithm(this.algorithm.toString());
            }
            if (this.c14nAlgorithm != null) {
                wSSecSignature.setSigCanonicalization(this.c14nAlgorithm.toString());
            }
            if (this.digestAlgorithm != null) {
                wSSecSignature.setDigestAlgo(this.digestAlgorithm.toString());
            }
            List<WSEncryptionPart> createWSParts = createWSParts();
            if (!createWSParts.isEmpty()) {
                wSSecSignature.getParts().addAll(createWSParts);
            }
            wSSecSignature.build(getCrypto(this.keyStoreConfiguration));
        } catch (Exception e) {
            throw new WssSecurityException("Could not sign Envelope: " + e.getMessage(), e);
        }
    }
}
