package eu.unicore.security.wsutil.client;

import eu.emi.security.authn.x509.X509Credential;
import eu.unicore.security.wsutil.DSigDecider;
import eu.unicore.security.wsutil.WSSecHeader;
import eu.unicore.util.Log;
import java.io.ByteArrayOutputStream;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import javax.xml.stream.XMLStreamException;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.log4j.Logger;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:eu/unicore/security/wsutil/client/DSigOutHandler.class */
public class DSigOutHandler extends AbstractSoapInterceptor {
    private static final String WSS_NS_STRING = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    private Crypto merlin;
    private DSigDecider decider;
    private X509Credential credential;
    private ToBeSignedDecider partsDecider;
    private boolean disabled;
    static final Logger logger = Log.getLogger("unicore.security.dsig", DSigOutHandler.class);
    public static final QName WS_SECURITY = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", WSSecHeader.WSSE_LN);
    private static final Set<QName> qnameSet = new HashSet();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:eu/unicore/security/wsutil/client/DSigOutHandler$MyWSSecSignature.class */
    public static class MyWSSecSignature extends WSSecSignature {
        public MyWSSecSignature(Document document, Provider provider) {
            super(document, provider);
        }

        public MyWSSecSignature(Document document) {
            super(document);
        }

        public MyWSSecSignature(org.apache.wss4j.dom.message.WSSecHeader wSSecHeader) {
            super(wSSecHeader);
        }

        public List<String> getInclusivePrefixes(Element element, boolean z) {
            if (element.getLocalName().equals(WSSecHeader.WSSE_LN)) {
                if (element.getNamespaceURI() == null) {
                    return super.getInclusivePrefixes(element, z);
                }
                if (element.getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) {
                    NodeList elementsByTagName = element.getElementsByTagName("SignedInfo");
                    return elementsByTagName.getLength() == 0 ? Collections.emptyList() : super.getInclusivePrefixes((Element) elementsByTagName.item(0), z);
                }
            }
            return super.getInclusivePrefixes(element, z);
        }
    }

    public DSigOutHandler(X509Credential x509Credential, DSigDecider dSigDecider) {
        this(x509Credential, dSigDecider, null);
    }

    public DSigOutHandler(X509Credential x509Credential, DSigDecider dSigDecider, ToBeSignedDecider toBeSignedDecider) {
        super("pre-protocol-ending");
        this.disabled = false;
        getBefore().add(SAAJOutInterceptor.SAAJOutEndingInterceptor.class.getName());
        reinit(x509Credential, dSigDecider, toBeSignedDecider);
    }

    protected void reinit(X509Credential x509Credential, DSigDecider dSigDecider, ToBeSignedDecider toBeSignedDecider) {
        this.decider = dSigDecider;
        this.partsDecider = toBeSignedDecider;
        this.credential = x509Credential;
        try {
            this.merlin = new WSS4JCryptoImpl(x509Credential);
        } catch (Exception e) {
            logger.fatal("Could not set up digital signature out handler.", e);
        }
    }

    public void handleMessage(SoapMessage soapMessage) {
        if (this.disabled) {
            return;
        }
        if (this.decider == null || this.decider.isMessageDSigCandidate(soapMessage)) {
            long currentTimeMillis = System.currentTimeMillis();
            try {
                SOAPMessage sOAPMessage = (SOAPMessage) soapMessage.getContent(SOAPMessage.class);
                if (sOAPMessage == null) {
                    logger.fatal("No DOM representation of message found!");
                    return;
                }
                SOAPPart sOAPPart = sOAPMessage.getSOAPPart();
                if (logger.isTraceEnabled()) {
                    try {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        StaxUtils.writeTo(sOAPPart.getDocumentElement(), byteArrayOutputStream);
                        logger.trace("Message before signing:\n" + byteArrayOutputStream.toString());
                    } catch (XMLStreamException e) {
                        logger.fatal("Can not dump document to log it", e);
                    }
                }
                List<WSEncryptionPart> elementsToBeSigned = getElementsToBeSigned(sOAPPart);
                org.apache.wss4j.dom.message.WSSecHeader wSSecHeader = new org.apache.wss4j.dom.message.WSSecHeader(sOAPPart);
                try {
                    wSSecHeader.insertSecurityHeader();
                    MyWSSecSignature myWSSecSignature = new MyWSSecSignature(wSSecHeader);
                    myWSSecSignature.setUserInfo(this.credential.getKeyAlias(), new String(this.credential.getKeyPassword()));
                    myWSSecSignature.prepare(this.merlin);
                    myWSSecSignature.computeSignature(myWSSecSignature.addReferencesToSign(elementsToBeSigned));
                    if (logger.isDebugEnabled()) {
                        logger.debug("Signed outgoing message, processing time: " + (System.currentTimeMillis() - currentTimeMillis));
                        if (logger.isTraceEnabled()) {
                            try {
                                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                                StaxUtils.writeTo(sOAPPart.getDocumentElement(), byteArrayOutputStream2);
                                logger.trace("Signed message:\n" + byteArrayOutputStream2.toString());
                            } catch (XMLStreamException e2) {
                                logger.fatal("Can not dump signed message to log it", e2);
                            }
                        }
                    }
                } catch (WSSecurityException e3) {
                    logger.fatal("Problem while signing SOAP message: ", e3);
                }
            } catch (Exception e4) {
                logger.fatal("IO exception while building DOM of SOAP envelope before signing: ", e4);
            }
        }
    }

    public Set<QName> getUnderstoodHeaders() {
        return qnameSet;
    }

    private List<WSEncryptionPart> getElementsToBeSigned(Document document) {
        if (this.partsDecider != null) {
            return this.partsDecider.getElementsToBeSigned(document);
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new WSEncryptionPart("Body", WSSecHeader.SOAP11_URI, ""));
        return arrayList;
    }

    static {
        qnameSet.add(WS_SECURITY);
    }
}
