package com.mulesoft.modules.wss.internal.handler;

import com.mulesoft.modules.wss.api.constants.SignatureAlgorithmConstants;
import com.mulesoft.modules.wss.api.constants.SignatureC14nAlgorithmConstants;
import com.mulesoft.modules.wss.api.constants.SignatureDigestAlgorithmConstants;
import com.mulesoft.modules.wss.api.constants.SignatureKeyIdentifierConstants;
import com.mulesoft.modules.wss.api.outbound.BaseOutboundConfig;
import com.mulesoft.modules.wss.api.outbound.EncryptionConfig;
import com.mulesoft.modules.wss.api.outbound.MessagePart;
import com.mulesoft.modules.wss.api.outbound.SignatureConfig;
import com.mulesoft.modules.wss.api.outbound.TimestampConfig;
import com.mulesoft.modules.wss.api.store.KeyStoreConfiguration;
import com.mulesoft.modules.wss.internal.error.WssApplyException;
import com.mulesoft.modules.wss.internal.error.WssException;
import com.mulesoft.modules.wss.internal.error.WssSecurityException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.mule.runtime.api.store.ObjectStoreException;
import org.mule.runtime.api.store.ObjectStoreManager;

/* loaded from: input_file:com/mulesoft/modules/wss/internal/handler/OutboundConfigHandler.class */
public class OutboundConfigHandler {
    private WSSecHeader securityHeader;

    public OutboundConfigHandler(WSSecHeader wSSecHeader) {
        this.securityHeader = wSSecHeader;
    }

    public void handle(EncryptionConfig encryptionConfig, ObjectStoreManager objectStoreManager, String str) {
        try {
            WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(this.securityHeader);
            KeyStoreConfiguration keyStoreConfiguration = encryptionConfig.getKeyStoreConfiguration();
            if (keyStoreConfiguration == null) {
                X509Certificate signingRequestCertificate = getSigningRequestCertificate(str, objectStoreManager);
                if (signingRequestCertificate != null) {
                    wSSecEncrypt.setUseThisCert(signingRequestCertificate);
                }
            } else {
                wSSecEncrypt.setUserInfo(keyStoreConfiguration.getAlias(), keyStoreConfiguration.getKeyPassword());
            }
            if (encryptionConfig.getEncryptionKeyIdentifier() != null) {
                wSSecEncrypt.setKeyIdentifierType(encryptionConfig.getEncryptionKeyIdentifier().getNumVal());
            }
            wSSecEncrypt.setSymmetricEncAlgorithm(encryptionConfig.getEncryptionSymAlgorithm().toString());
            wSSecEncrypt.setKeyEncAlgo(encryptionConfig.getEncryptionKeyTransportAlgorithm().toString());
            wSSecEncrypt.setDigestAlgorithm(encryptionConfig.getEncryptionDigestAlgorithm().toString());
            List<WSEncryptionPart> createWSParts = createWSParts(encryptionConfig);
            if (!createWSParts.isEmpty()) {
                wSSecEncrypt.getParts().addAll(createWSParts);
            }
            wSSecEncrypt.build(keyStoreConfiguration != null ? getCrypto(keyStoreConfiguration) : null, KeyUtils.getKeyGenerator(wSSecEncrypt.getSymmetricEncAlgorithm()).generateKey());
        } catch (Exception e) {
            throw new WssApplyException(e);
        }
    }

    public void handle(SignatureConfig signatureConfig) {
        try {
            WSSecSignature wSSecSignature = new WSSecSignature(this.securityHeader);
            KeyStoreConfiguration keyStoreConfiguration = signatureConfig.getKeyStoreConfiguration();
            wSSecSignature.setUserInfo(keyStoreConfiguration.getAlias(), keyStoreConfiguration.getKeyPassword());
            SignatureKeyIdentifierConstants keyIdentifier = signatureConfig.getKeyIdentifier();
            if (keyIdentifier != null) {
                wSSecSignature.setKeyIdentifierType(keyIdentifier.getNumVal());
            }
            SignatureAlgorithmConstants algorithm = signatureConfig.getAlgorithm();
            if (algorithm != null) {
                wSSecSignature.setSignatureAlgorithm(algorithm.toString());
            }
            SignatureC14nAlgorithmConstants c14nAlgorithm = signatureConfig.getC14nAlgorithm();
            if (c14nAlgorithm != null) {
                wSSecSignature.setSigCanonicalization(c14nAlgorithm.toString());
            }
            SignatureDigestAlgorithmConstants digestAlgorithm = signatureConfig.getDigestAlgorithm();
            if (digestAlgorithm != null) {
                wSSecSignature.setDigestAlgo(digestAlgorithm.toString());
            }
            List<WSEncryptionPart> createWSParts = createWSParts(signatureConfig);
            if (!createWSParts.isEmpty()) {
                wSSecSignature.getParts().addAll(createWSParts);
            }
            wSSecSignature.build(getCrypto(keyStoreConfiguration));
        } catch (Exception e) {
            throw new WssSecurityException("Could not sign Envelope: " + e.getMessage(), e);
        }
    }

    private X509Certificate getSigningRequestCertificate(String str, ObjectStoreManager objectStoreManager) {
        try {
            return (X509Certificate) objectStoreManager.getDefaultPartition().retrieve(str);
        } catch (ObjectStoreException e) {
            return null;
        }
    }

    private List<WSEncryptionPart> createWSParts(BaseOutboundConfig baseOutboundConfig) {
        List<MessagePart> wssParts = baseOutboundConfig.getWssParts();
        return wssParts == null ? new ArrayList() : (List) wssParts.stream().map(messagePart -> {
            return new WSEncryptionPart(messagePart.getLocalname(), messagePart.getNamespace(), messagePart.getEncode().toString());
        }).collect(Collectors.toList());
    }

    private Crypto getCrypto(KeyStoreConfiguration keyStoreConfiguration) {
        try {
            return new Merlin(StoreConfigHandler.getWssProperties(keyStoreConfiguration), getClass().getClassLoader(), (PasswordEncryptor) null);
        } catch (Exception e) {
            throw new WssException("Could not create crypto for keystore: " + keyStoreConfiguration.getPath(), e);
        }
    }

    public void handle(TimestampConfig timestampConfig) {
        WSSecTimestamp wSSecTimestamp = new WSSecTimestamp(this.securityHeader);
        wSSecTimestamp.setTimeToLive((int) TimeUnit.SECONDS.convert(timestampConfig.getTimeToLive().longValue(), timestampConfig.getTimeUnit()));
        wSSecTimestamp.setPrecisionInMilliSeconds(wSSecTimestamp.isPrecisionInMilliSeconds());
        wSSecTimestamp.build();
    }
}
