package be.ehealth.technicalconnector.handler;

import be.ehealth.technicalconnector.config.domain.Duration;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.handler.utils.WSSecurityCrypto;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.service.sts.security.SAMLToken;
import java.io.IOException;
import java.util.Vector;
import java.util.concurrent.TimeUnit;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import javax.xml.ws.ProtocolException;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.slf4j.Logger;
import org.w3c.dom.Element;

/* loaded from: input_file:be/ehealth/technicalconnector/handler/AbstractWsSecurityHandler.class */
public abstract class AbstractWsSecurityHandler extends AbstractSOAPHandler {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler$1, reason: invalid class name */
    /* loaded from: input_file:be/ehealth/technicalconnector/handler/AbstractWsSecurityHandler$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts = new int[SignedParts.values().length];

        static {
            try {
                $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[SignedParts.TIMESTAMP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[SignedParts.BODY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[SignedParts.SAML_ASSERTION.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[SignedParts.BST.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* loaded from: input_file:be/ehealth/technicalconnector/handler/AbstractWsSecurityHandler$SignedParts.class */
    protected enum SignedParts {
        BODY,
        TIMESTAMP,
        BST,
        SAML_ASSERTION
    }

    /* loaded from: input_file:be/ehealth/technicalconnector/handler/AbstractWsSecurityHandler$WSSecHeaderGeneratorImpl.class */
    private class WSSecHeaderGeneratorImpl implements WSSecHeaderGeneratorStep0, WSSecHeaderGeneratorStep1, WSSecHeaderGeneratorStep2, WSSecHeaderGeneratorStep3, WSSecHeaderGeneratorStep4 {
        private SOAPPart soapPart;
        private WSSecHeader wsSecHeader;
        private WSSecSignature sign;
        private WSSecTimestamp wsSecTimeStamp;
        private String assertionId;
        private Credential cred;

        private WSSecHeaderGeneratorImpl() {
        }

        @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep0
        public WSSecHeaderGeneratorStep1 on(SOAPMessage sOAPMessage) throws WSSecurityException {
            Validate.notNull(sOAPMessage);
            this.soapPart = sOAPMessage.getSOAPPart();
            this.wsSecHeader = new WSSecHeader();
            this.wsSecHeader.insertSecurityHeader(this.soapPart);
            WSSConfig wSSConfig = new WSSConfig();
            wSSConfig.setWsiBSPCompliant(false);
            this.sign = new WSSecSignature(wSSConfig);
            return this;
        }

        @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep1
        public WSSecHeaderGeneratorStep2 withTimeStamp(long j, TimeUnit timeUnit) {
            withTimeStamp(new Duration(j, timeUnit));
            return this;
        }

        @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep1
        public WSSecHeaderGeneratorStep2 withTimeStamp(Duration duration) {
            this.wsSecTimeStamp = new WSSecTimestamp();
            this.wsSecTimeStamp.setTimeToLive((int) duration.convert(TimeUnit.SECONDS));
            this.wsSecTimeStamp.build(this.soapPart, this.wsSecHeader);
            return this;
        }

        @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep2
        public WSSecHeaderGeneratorStep3 withBinarySecurityToken(Credential credential) throws TechnicalConnectorException, WSSecurityException {
            this.cred = credential;
            return this;
        }

        @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep3
        public WSSecHeaderGeneratorStep3 withSAMLToken(SAMLToken sAMLToken) throws WSSecurityException, TechnicalConnectorException {
            this.cred = sAMLToken;
            Element assertion = sAMLToken.getAssertion();
            this.wsSecHeader.getSecurityHeader().appendChild((Element) this.soapPart.importNode(assertion, true));
            this.assertionId = assertion.getAttribute("AssertionID");
            return this;
        }

        @Override // be.ehealth.technicalconnector.handler.AbstractWsSecurityHandler.WSSecHeaderGeneratorStep4
        public void sign(SignedParts... signedPartsArr) throws WSSecurityException, TechnicalConnectorException {
            if (StringUtils.isNotEmpty(this.assertionId)) {
                this.sign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
                this.sign.setKeyIdentifierType(12);
                this.sign.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                this.sign.setCustomTokenId(this.assertionId);
            } else {
                this.sign.setKeyIdentifierType(1);
            }
            this.sign.prepare(this.soapPart, new WSSecurityCrypto(this.cred.getPrivateKey(), this.cred.getCertificate()), this.wsSecHeader);
            if (StringUtils.isEmpty(this.assertionId)) {
                this.sign.appendBSTElementToHeader(this.wsSecHeader);
            }
            this.sign.computeSignature(this.sign.addReferencesToSign(generateReferencesToSign(signedPartsArr), this.wsSecHeader), false, (Element) null);
        }

        protected Vector<WSEncryptionPart> generateReferencesToSign(SignedParts[] signedPartsArr) {
            Vector<WSEncryptionPart> vector = new Vector<>();
            for (SignedParts signedParts : signedPartsArr) {
                switch (AnonymousClass1.$SwitchMap$be$ehealth$technicalconnector$handler$AbstractWsSecurityHandler$SignedParts[signedParts.ordinal()]) {
                    case SchemaValidatorHandler.VERIFY_INBOUND /* 1 */:
                        Validate.notNull(this.wsSecTimeStamp);
                        vector.add(new WSEncryptionPart(this.wsSecTimeStamp.getId()));
                        break;
                    case SchemaValidatorHandler.VERIFY_OUTBOUND /* 2 */:
                        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(this.soapPart.getDocumentElement());
                        vector.add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
                        break;
                    case SchemaValidatorHandler.VERIFY_BOTH /* 3 */:
                        Validate.notNull(this.assertionId);
                        vector.add(new WSEncryptionPart(this.assertionId));
                        break;
                    case 4:
                        vector.add(new WSEncryptionPart(this.sign.getBSTTokenId()));
                        break;
                }
            }
            return vector;
        }

        /* synthetic */ WSSecHeaderGeneratorImpl(AbstractWsSecurityHandler abstractWsSecurityHandler, AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* loaded from: input_file:be/ehealth/technicalconnector/handler/AbstractWsSecurityHandler$WSSecHeaderGeneratorStep0.class */
    public interface WSSecHeaderGeneratorStep0 extends WSSecHeaderGeneratorStep2 {
        WSSecHeaderGeneratorStep1 on(SOAPMessage sOAPMessage) throws WSSecurityException;
    }

    /* loaded from: input_file:be/ehealth/technicalconnector/handler/AbstractWsSecurityHandler$WSSecHeaderGeneratorStep1.class */
    public interface WSSecHeaderGeneratorStep1 extends WSSecHeaderGeneratorStep2 {
        WSSecHeaderGeneratorStep2 withTimeStamp(long j, TimeUnit timeUnit);

        WSSecHeaderGeneratorStep2 withTimeStamp(Duration duration);
    }

    /* loaded from: input_file:be/ehealth/technicalconnector/handler/AbstractWsSecurityHandler$WSSecHeaderGeneratorStep2.class */
    public interface WSSecHeaderGeneratorStep2 extends WSSecHeaderGeneratorStep3 {
        WSSecHeaderGeneratorStep3 withBinarySecurityToken(Credential credential) throws TechnicalConnectorException, WSSecurityException;
    }

    /* loaded from: input_file:be/ehealth/technicalconnector/handler/AbstractWsSecurityHandler$WSSecHeaderGeneratorStep3.class */
    public interface WSSecHeaderGeneratorStep3 extends WSSecHeaderGeneratorStep4 {
        WSSecHeaderGeneratorStep3 withSAMLToken(SAMLToken sAMLToken) throws WSSecurityException, TechnicalConnectorException;
    }

    /* loaded from: input_file:be/ehealth/technicalconnector/handler/AbstractWsSecurityHandler$WSSecHeaderGeneratorStep4.class */
    public interface WSSecHeaderGeneratorStep4 {
        void sign(SignedParts... signedPartsArr) throws WSSecurityException, TechnicalConnectorException;
    }

    public WSSecHeaderGeneratorStep0 buildSignature() throws WSSecurityException {
        return new WSSecHeaderGeneratorImpl(this, null);
    }

    @Override // be.ehealth.technicalconnector.handler.AbstractSOAPHandler
    public boolean handleOutbound(SOAPMessageContext sOAPMessageContext) {
        try {
            getLogger().debug("adding WS-Security header");
            addWSSecurity(sOAPMessageContext);
            sOAPMessageContext.getMessage().saveChanges();
            return true;
        } catch (Exception e) {
            throw new ProtocolException(e);
        }
    }

    protected abstract void addWSSecurity(SOAPMessageContext sOAPMessageContext) throws IOException, WSSecurityException, TechnicalConnectorException;

    protected abstract Logger getLogger();
}
