package be.ehealth.technicalconnector.handler.wss4j;

import be.ehealth.technicalconnector.config.ConfigFactory;
import be.ehealth.technicalconnector.config.ConfigValidator;
import be.ehealth.technicalconnector.config.domain.Duration;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler;
import be.ehealth.technicalconnector.handler.SchemaValidatorHandler;
import be.ehealth.technicalconnector.handler.utils.WSSecurityCrypto;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.service.sts.security.SAMLToken;
import be.ehealth.technicalconnector.service.sts.security.impl.SAMLHolderOfKeyToken;
import be.ehealth.technicalconnector.ws.feature.AbstractSigningFeature;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.SOAPConstants;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Element;

/* loaded from: input_file:be/ehealth/technicalconnector/handler/wss4j/WSSecHeaderGeneratorWss4jImpl.class */
public class WSSecHeaderGeneratorWss4jImpl implements AbstractWsSecurityHandler.WSSecHeaderGeneratorStep0, AbstractWsSecurityHandler.WSSecHeaderGeneratorStep1, AbstractWsSecurityHandler.WSSecHeaderGeneratorStep2, AbstractWsSecurityHandler.WSSecHeaderGeneratorStep3, AbstractWsSecurityHandler.WSSecHeaderGeneratorStep4 {
    public static final String DEFAULT_DIGEST_METHOD_ALGORITHM = "default.digest.method.algorithm";
    public static final String DEFAULT_SIGNATURE_METHOD_ALGORITHM = "default.signature.method.algorithm";
    private SOAPPart soapPart;
    private WSSecHeader wsSecHeader;
    private WSSecSignature sign;
    private WSSecTimestamp wsSecTimeStamp;
    private String assertionId;
    private Credential cred;
    private SOAPMessageContext ctx;
    private ConfigValidator config = ConfigFactory.getConfigValidator();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: be.ehealth.technicalconnector.handler.wss4j.WSSecHeaderGeneratorWss4jImpl$1, reason: invalid class name */
    /* loaded from: input_file:be/ehealth/technicalconnector/handler/wss4j/WSSecHeaderGeneratorWss4jImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts = new int[AbstractWsSecurityHandler.SignedParts.values().length];

        static {
            try {
                $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[AbstractWsSecurityHandler.SignedParts.TIMESTAMP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[AbstractWsSecurityHandler.SignedParts.BODY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[AbstractWsSecurityHandler.SignedParts.SAML_ASSERTION.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[AbstractWsSecurityHandler.SignedParts.BST.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep0
    public AbstractWsSecurityHandler.WSSecHeaderGeneratorStep1 on(SOAPMessage sOAPMessage) throws TechnicalConnectorException {
        try {
            Validate.notNull(sOAPMessage);
            this.soapPart = sOAPMessage.getSOAPPart();
            this.wsSecHeader = new WSSecHeader();
            this.wsSecHeader.insertSecurityHeader(this.soapPart);
            WSSConfig newInstance = WSSConfig.getNewInstance();
            newInstance.setAddInclusivePrefixes(false);
            this.sign = new WSSecSignature(newInstance);
            return this;
        } catch (WSSecurityException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.HANDLER_ERROR, "unable to insert security header.", e);
        }
    }

    @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep0
    public AbstractWsSecurityHandler.WSSecHeaderGeneratorStep1 on(SOAPMessageContext sOAPMessageContext) throws TechnicalConnectorException {
        Validate.notNull(sOAPMessageContext);
        this.ctx = sOAPMessageContext;
        return on(sOAPMessageContext.getMessage());
    }

    @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep1
    public AbstractWsSecurityHandler.WSSecHeaderGeneratorStep2 withTimeStamp(long j, TimeUnit timeUnit) {
        withTimeStamp(new Duration(j, timeUnit));
        return this;
    }

    @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep1
    public AbstractWsSecurityHandler.WSSecHeaderGeneratorStep2 withTimeStamp(Duration duration) {
        this.wsSecTimeStamp = new WSSecTimestamp();
        this.wsSecTimeStamp.setTimeToLive((int) duration.convert(TimeUnit.SECONDS));
        this.wsSecTimeStamp.build(this.soapPart, this.wsSecHeader);
        return this;
    }

    @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep2
    public AbstractWsSecurityHandler.WSSecHeaderGeneratorStep3 withBinarySecurityToken(Credential credential) throws TechnicalConnectorException {
        this.cred = credential;
        return this;
    }

    @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep3
    public AbstractWsSecurityHandler.WSSecHeaderGeneratorStep3 withSAMLToken(SAMLToken sAMLToken) throws TechnicalConnectorException {
        this.cred = sAMLToken;
        Element assertion = sAMLToken.getAssertion();
        this.wsSecHeader.getSecurityHeader().appendChild((Element) this.soapPart.importNode(assertion, true));
        this.assertionId = assertion.getAttribute("AssertionID");
        return this;
    }

    @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep4
    public void sign(AbstractWsSecurityHandler.SignedParts... signedPartsArr) throws TechnicalConnectorException {
        try {
            if ((this.cred instanceof SAMLHolderOfKeyToken) && StringUtils.isNotEmpty(this.assertionId)) {
                this.sign.setKeyIdentifierType(12);
                this.sign.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                this.sign.setCustomTokenId(this.assertionId);
            } else {
                this.sign.setKeyIdentifierType(1);
            }
            determineSignatureAlgorithm();
            determineDigestAlgo();
            this.sign.prepare(this.soapPart, new WSSecurityCrypto(this.cred.getPrivateKey(), this.cred.getCertificate()), this.wsSecHeader);
            if (!(this.cred instanceof SAMLHolderOfKeyToken) || !StringUtils.isNotEmpty(this.assertionId)) {
                this.sign.appendBSTElementToHeader(this.wsSecHeader);
            }
            List addReferencesToSign = this.sign.addReferencesToSign(generateReferencesToSign(signedPartsArr), this.wsSecHeader);
            if (!addReferencesToSign.isEmpty()) {
                this.sign.computeSignature(addReferencesToSign, false, (Element) null);
            }
        } catch (WSSecurityException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.HANDLER_ERROR, "unable to insert security header.", e);
        }
    }

    private void determineDigestAlgo() {
        if (this.ctx == null || !StringUtils.isNotBlank((String) this.ctx.get(AbstractSigningFeature.DIGEST_METHOD_ALGORITHM))) {
            this.sign.setDigestAlgo(this.config.getProperty(DEFAULT_DIGEST_METHOD_ALGORITHM, "http://www.w3.org/2000/09/xmldsig#sha1"));
        } else {
            this.sign.setDigestAlgo((String) this.ctx.get(AbstractSigningFeature.DIGEST_METHOD_ALGORITHM));
        }
    }

    private void determineSignatureAlgorithm() {
        if (this.ctx == null || !StringUtils.isNotBlank((String) this.ctx.get(AbstractSigningFeature.SIGNATURE_METHOD_ALGORITHM))) {
            this.sign.setSignatureAlgorithm(this.config.getProperty(DEFAULT_SIGNATURE_METHOD_ALGORITHM, "http://www.w3.org/2000/09/xmldsig#rsa-sha1"));
        } else {
            this.sign.setSignatureAlgorithm((String) this.ctx.get(AbstractSigningFeature.SIGNATURE_METHOD_ALGORITHM));
        }
    }

    protected List<WSEncryptionPart> generateReferencesToSign(AbstractWsSecurityHandler.SignedParts[] signedPartsArr) {
        ArrayList arrayList = new ArrayList();
        for (AbstractWsSecurityHandler.SignedParts signedParts : signedPartsArr) {
            switch (AnonymousClass1.$SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[signedParts.ordinal()]) {
                case SchemaValidatorHandler.VERIFY_INBOUND /* 1 */:
                    Validate.notNull(this.wsSecTimeStamp);
                    arrayList.add(new WSEncryptionPart(this.wsSecTimeStamp.getId()));
                    break;
                case SchemaValidatorHandler.VERIFY_OUTBOUND /* 2 */:
                    SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(this.soapPart.getDocumentElement());
                    arrayList.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
                    break;
                case SchemaValidatorHandler.VERIFY_BOTH /* 3 */:
                    Validate.notNull(this.assertionId);
                    arrayList.add(new WSEncryptionPart(this.assertionId));
                    break;
                case 4:
                    arrayList.add(new WSEncryptionPart(this.sign.getBSTTokenId()));
                    break;
            }
        }
        return arrayList;
    }
}
