package org.apache.wss4j.stax.impl.processor.output;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Deque;
import java.util.List;
import javax.xml.stream.XMLStreamException;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.SecurityHeaderOrder;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.SignaturePartDef;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
import org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-464.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-stax-2.1.7.jar:org/apache/wss4j/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.class */
public class WSSSignatureEndingOutputProcessor extends AbstractSignatureEndingOutputProcessor {
    private AbstractSignatureEndingOutputProcessor.SignedInfoProcessor signedInfoProcessor;

    public WSSSignatureEndingOutputProcessor(WSSSignatureOutputProcessor wSSSignatureOutputProcessor) throws XMLSecurityException {
        super(wSSSignatureOutputProcessor);
        this.signedInfoProcessor = null;
        addAfterProcessor(WSSSignatureOutputProcessor.class.getName());
        addAfterProcessor(UsernameTokenOutputProcessor.class.getName());
    }

    @Override // org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor
    protected AbstractSignatureEndingOutputProcessor.SignedInfoProcessor newSignedInfoProcessor(SignatureAlgorithm signatureAlgorithm, XMLSecStartElement xMLSecStartElement, OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
        while (!WSSConstants.TAG_WSSE_SECURITY.equals(xMLSecStartElement.getName())) {
            xMLSecStartElement = xMLSecStartElement.getParentXMLSecStartElement();
        }
        this.signedInfoProcessor = new AbstractSignatureEndingOutputProcessor.SignedInfoProcessor(signatureAlgorithm, xMLSecStartElement);
        this.signedInfoProcessor.setXMLSecurityProperties(getSecurityProperties());
        this.signedInfoProcessor.setAction(getAction());
        this.signedInfoProcessor.addAfterProcessor(WSSSignatureEndingOutputProcessor.class.getName());
        this.signedInfoProcessor.init(outputProcessorChain);
        return this.signedInfoProcessor;
    }

    @Override // org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor, org.apache.xml.security.stax.ext.AbstractBufferingOutputProcessor
    public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
        super.processHeaderEvent(outputProcessorChain);
        SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
        signatureValueSecurityEvent.setSignatureValue(this.signedInfoProcessor.getSignatureValue());
        outputProcessorChain.getSecurityContext().registerSecurityEvent(signatureValueSecurityEvent);
    }

    @Override // org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor
    protected void createKeyInfoStructureForSignature(OutputProcessorChain outputProcessorChain, OutboundSecurityToken outboundSecurityToken, boolean z) throws XMLStreamException, XMLSecurityException {
        String str;
        if (outboundSecurityToken.getCustomTokenReference() != null) {
            outputDOMElement(outboundSecurityToken.getCustomTokenReference(), outputProcessorChain);
            return;
        }
        SecurityTokenConstants.KeyIdentifier signatureKeyIdentifier = getSecurityProperties().getSignatureKeyIdentifier();
        X509Certificate[] x509Certificates = outboundSecurityToken.getX509Certificates();
        if (WSSecurityTokenConstants.KeyIdentifier_KeyValue.equals(signatureKeyIdentifier)) {
            WSSUtils.createKeyValueTokenStructure(this, outputProcessorChain, x509Certificates);
            return;
        }
        boolean z2 = false;
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(createAttribute(WSSConstants.ATT_WSU_ID, IDGenerator.generateID(null)));
        if (WSSecurityTokenConstants.SAML_10_TOKEN.equals(outboundSecurityToken.getTokenType()) || WSSecurityTokenConstants.SAML_11_TOKEN.equals(outboundSecurityToken.getTokenType())) {
            arrayList.add(createAttribute(WSSConstants.ATT_WSSE11_TOKEN_TYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"));
            z2 = true;
        } else if (WSSecurityTokenConstants.SAML_20_TOKEN.equals(outboundSecurityToken.getTokenType())) {
            arrayList.add(createAttribute(WSSConstants.ATT_WSSE11_TOKEN_TYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"));
            z2 = true;
        } else if (WSSecurityTokenConstants.KERBEROS_TOKEN.equals(outboundSecurityToken.getTokenType())) {
            arrayList.add(createAttribute(WSSConstants.ATT_WSSE11_TOKEN_TYPE, "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ"));
        } else if (WSSecurityTokenConstants.EncryptedKeyToken.equals(outboundSecurityToken.getTokenType()) || WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER.equals(signatureKeyIdentifier) || WSSecurityTokenConstants.KeyIdentifier_EncryptedKey.equals(signatureKeyIdentifier)) {
            arrayList.add(createAttribute(WSSConstants.ATT_WSSE11_TOKEN_TYPE, "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"));
        } else if (WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE.equals(signatureKeyIdentifier) && !z) {
            arrayList.add(createAttribute(WSSConstants.ATT_WSSE11_TOKEN_TYPE, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"));
        }
        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_WSSE_SECURITY_TOKEN_REFERENCE, false, (List<XMLSecAttribute>) arrayList);
        String id = outboundSecurityToken.getId();
        if (z2) {
            WSSUtils.createSAMLKeyIdentifierStructure(this, outputProcessorChain, outboundSecurityToken.getTokenType(), id);
        } else if (WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER.equals(signatureKeyIdentifier)) {
            String sha1Identifier = outboundSecurityToken.getSha1Identifier();
            if (sha1Identifier != null) {
                WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain, sha1Identifier);
            } else {
                WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain, outboundSecurityToken.getSecretKey(getSecurityProperties().getSignatureAlgorithm()));
            }
        } else if (WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER.equals(signatureKeyIdentifier)) {
            WSSUtils.createKerberosSha1IdentifierStructure(this, outputProcessorChain, outboundSecurityToken.getSha1Identifier());
        } else if (WSSecurityTokenConstants.EncryptedKeyToken.equals(outboundSecurityToken.getTokenType()) || WSSecurityTokenConstants.KeyIdentifier_EncryptedKey.equals(signatureKeyIdentifier)) {
            WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, outboundSecurityToken.getId(), "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey", true);
        } else if (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(signatureKeyIdentifier)) {
            WSSUtils.createX509IssuerSerialStructure(this, outputProcessorChain, x509Certificates);
        } else if (WSSecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier.equals(signatureKeyIdentifier)) {
            WSSUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
        } else if (WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(signatureKeyIdentifier)) {
            WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
        } else if (WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER.equals(signatureKeyIdentifier)) {
            WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
        } else if (WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE.equals(signatureKeyIdentifier)) {
            boolean z3 = true;
            if (WSSecurityTokenConstants.SAML_20_TOKEN.equals(outboundSecurityToken.getTokenType())) {
                str = null;
            } else if (WSSecurityTokenConstants.KERBEROS_TOKEN.equals(outboundSecurityToken.getTokenType())) {
                str = "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ";
            } else if (WSSecurityTokenConstants.DerivedKeyToken.equals(outboundSecurityToken.getTokenType())) {
                str = ((WSSSecurityProperties) getSecurityProperties()).isUse200512Namespace() ? "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" : "http://schemas.xmlsoap.org/ws/2005/02/sc/dk";
            } else if (WSSecurityTokenConstants.SPNEGO_CONTEXT_TOKEN.equals(outboundSecurityToken.getTokenType()) || WSSecurityTokenConstants.SECURITY_CONTEXT_TOKEN.equals(outboundSecurityToken.getTokenType()) || WSSecurityTokenConstants.SECURE_CONVERSATION_TOKEN.equals(outboundSecurityToken.getTokenType())) {
                str = ((WSSSecurityProperties) getSecurityProperties()).isUse200512Namespace() ? "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct" : "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
                z3 = ((WSSSecurityProperties) getSecurityProperties()).isIncludeSignatureToken();
            } else {
                str = z ? "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" : "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1";
            }
            WSSUtils.createBSTReferenceStructure(this, outputProcessorChain, id, str, z3);
        } else if (WSSecurityTokenConstants.KEYIDENTIFIER_EMBEDDED_KEY_IDENTIFIER_REF.equals(signatureKeyIdentifier)) {
            WSSUtils.createEmbeddedKeyIdentifierStructure(this, outputProcessorChain, outboundSecurityToken.getTokenType(), id);
        } else {
            if (!WSSecurityTokenConstants.KEYIDENTIFIER_USERNAME_TOKEN_REFERENCE.equals(signatureKeyIdentifier)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "unsupportedSecurityToken", new Object[]{signatureKeyIdentifier});
            }
            WSSUtils.createUsernameTokenReferenceStructure(this, outputProcessorChain, id);
        }
        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_WSSE_SECURITY_TOKEN_REFERENCE);
    }

    @Override // org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor
    protected void createTransformsStructureForSignature(OutputProcessorChain outputProcessorChain, SignaturePartDef signaturePartDef) throws XMLStreamException, XMLSecurityException {
        String[] transforms = signaturePartDef.getTransforms();
        if (transforms == null || transforms.length <= 0) {
            return;
        }
        createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_dsig_Transforms, false, (List<XMLSecAttribute>) null);
        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform".equals(transforms[0])) {
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(createAttribute(WSSConstants.ATT_NULL_Algorithm, transforms[0]));
            createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_dsig_Transform, false, (List<XMLSecAttribute>) arrayList);
            if (transforms.length >= 2) {
                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_WSSE_TRANSFORMATION_PARAMETERS, false, (List<XMLSecAttribute>) null);
                ArrayList arrayList2 = new ArrayList(1);
                arrayList2.add(createAttribute(WSSConstants.ATT_NULL_Algorithm, transforms[1]));
                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_dsig_CanonicalizationMethod, false, (List<XMLSecAttribute>) arrayList2);
                createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_dsig_CanonicalizationMethod);
                createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_WSSE_TRANSFORMATION_PARAMETERS);
            }
            createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_dsig_Transform);
        } else {
            for (String str : transforms) {
                ArrayList arrayList3 = new ArrayList(1);
                arrayList3.add(createAttribute(WSSConstants.ATT_NULL_Algorithm, str));
                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_dsig_Transform, false, (List<XMLSecAttribute>) arrayList3);
                if (getSecurityProperties().isAddExcC14NInclusivePrefixes() && !"http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform".equals(str) && !"http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform".equals(str)) {
                    ArrayList arrayList4 = new ArrayList(1);
                    arrayList4.add(createAttribute(XMLSecurityConstants.ATT_NULL_PrefixList, signaturePartDef.getInclusiveNamespacesPrefixes()));
                    createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces, true, (List<XMLSecAttribute>) arrayList4);
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
                }
                createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_dsig_Transform);
            }
        }
        createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_dsig_Transforms);
    }

    @Override // org.apache.xml.security.stax.ext.AbstractBufferingOutputProcessor
    public void flushBufferAndCallbackAfterHeader(OutputProcessorChain outputProcessorChain, Deque<XMLSecEvent> deque) throws XMLStreamException, XMLSecurityException {
        String actor = ((WSSSecurityProperties) getSecurityProperties()).getActor();
        while (true) {
            if (!deque.isEmpty()) {
                XMLSecEvent pop = deque.pop();
                switch (pop.getEventType()) {
                    case 1:
                        if (!WSSUtils.isSecurityHeaderElement(pop, actor)) {
                            break;
                        } else {
                            OutputProcessorUtils.updateSecurityHeaderOrder(outputProcessorChain, WSSConstants.TAG_dsig_Signature, getAction(), true);
                            List asList = outputProcessorChain.getSecurityContext().getAsList(SecurityHeaderOrder.class);
                            ArrayList arrayList = null;
                            if (asList != null) {
                                arrayList = new ArrayList(asList);
                                asList.clear();
                            }
                            outputProcessorChain.reset();
                            outputProcessorChain.processEvent(pop);
                            if (asList != null) {
                                asList.addAll(arrayList);
                                break;
                            }
                        }
                        break;
                }
                outputProcessorChain.reset();
                outputProcessorChain.processEvent(pop);
            }
        }
        super.flushBufferAndCallbackAfterHeader(outputProcessorChain, deque);
    }
}
