package com.helger.phase4.messaging.crypto;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.collection.CollectionHelper;
import com.helger.commons.collection.impl.ICommonsList;
import com.helger.phase4.attachment.WSS4JAttachment;
import com.helger.phase4.attachment.WSS4JAttachmentCallbackHandler;
import com.helger.phase4.config.AS4Configuration;
import com.helger.phase4.crypto.AS4SigningParams;
import com.helger.phase4.crypto.ECryptoMode;
import com.helger.phase4.crypto.IAS4CryptoFactory;
import com.helger.phase4.messaging.domain.MessageHelperMethods;
import com.helger.phase4.soap.ESoapVersion;
import com.helger.phase4.util.AS4ResourceHelper;
import com.helger.phase4.wss.WSSConfigManager;
import com.helger.phase4.wss.WSSSynchronizer;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.WillNotClose;
import javax.annotation.concurrent.Immutable;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;

@Immutable
/* loaded from: input_file:com/helger/phase4/messaging/crypto/AS4Signer.class */
public final class AS4Signer {
    static final String ENCRYPTION_MODE_CONTENT = "Content";
    private static final Logger LOGGER = LoggerFactory.getLogger(AS4Signer.class);

    private AS4Signer() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nonnull
    public static Document _createSignedMessage(@Nonnull IAS4CryptoFactory iAS4CryptoFactory, @Nonnull Document document, @Nonnull ESoapVersion eSoapVersion, @Nonnull @Nonempty String str, @Nullable ICommonsList<WSS4JAttachment> iCommonsList, @Nonnull @WillNotClose AS4ResourceHelper aS4ResourceHelper, boolean z, @Nonnull AS4SigningParams aS4SigningParams) throws WSSecurityException {
        ValueEnforcer.notNull(iAS4CryptoFactory, "CryptoFactorySign");
        ValueEnforcer.notNull(document, "PreSigningMessage");
        ValueEnforcer.notNull(eSoapVersion, "SoapVersion");
        ValueEnforcer.notEmpty(str, "MessagingID");
        ValueEnforcer.notNull(aS4ResourceHelper, "ResHelper");
        ValueEnforcer.notNull(aS4SigningParams, "SigningParams");
        LOGGER.info("Now signing AS4 message [" + eSoapVersion + "]. KeyIdentifierType=" + aS4SigningParams.getKeyIdentifierType().name() + "; KeyAlias=" + iAS4CryptoFactory.getKeyAlias() + "; SignAlgo=" + aS4SigningParams.getAlgorithmSign().getAlgorithmURI() + "; DigestAlgo=" + aS4SigningParams.getAlgorithmSignDigest().getAlgorithmURI() + "; C14NAlgo=" + aS4SigningParams.getAlgorithmC14N().getAlgorithmURI());
        WSSecHeader wSSecHeader = new WSSecHeader(document);
        wSSecHeader.insertSecurityHeader();
        WSSecSignature createWSSecSignature = aS4SigningParams.hasWSSecSignatureCustomizer() ? aS4SigningParams.getWSSecSignatureCustomizer().createWSSecSignature(wSSecHeader) : new WSSecSignature(wSSecHeader);
        if (createWSSecSignature == null) {
            throw new IllegalStateException("Failed to create WSSecSignature for " + wSSecHeader);
        }
        createWSSecSignature.setKeyIdentifierType(aS4SigningParams.getKeyIdentifierType().getTypeID());
        createWSSecSignature.setUserInfo(iAS4CryptoFactory.getKeyAlias(), iAS4CryptoFactory.getKeyPasswordPerAlias(iAS4CryptoFactory.getKeyAlias()));
        createWSSecSignature.setSignatureAlgorithm(aS4SigningParams.getAlgorithmSign().getAlgorithmURI());
        createWSSecSignature.setDigestAlgo(aS4SigningParams.getAlgorithmSignDigest().getAlgorithmURI());
        createWSSecSignature.setSigCanonicalization(aS4SigningParams.getAlgorithmC14N().getAlgorithmURI());
        createWSSecSignature.setSignatureProvider(aS4SigningParams.getSecurityProviderSign());
        createWSSecSignature.setUseSingleCertificate(aS4SigningParams.isUseSingleCertificate());
        createWSSecSignature.getParts().add(new WSEncryptionPart(str, ENCRYPTION_MODE_CONTENT));
        createWSSecSignature.getParts().add(new WSEncryptionPart("Body", eSoapVersion.getNamespaceURI(), ENCRYPTION_MODE_CONTENT));
        if (CollectionHelper.isNotEmpty(iCommonsList)) {
            createWSSecSignature.getParts().add(new WSEncryptionPart(MessageHelperMethods.PREFIX_CID + "Attachments", ENCRYPTION_MODE_CONTENT));
            createWSSecSignature.setAttachmentCallbackHandler(new WSS4JAttachmentCallbackHandler(iCommonsList, aS4ResourceHelper));
        }
        Attr attributeNodeNS = wSSecHeader.getSecurityHeaderElement().getAttributeNodeNS(eSoapVersion.getNamespaceURI(), "mustUnderstand");
        if (attributeNodeNS != null) {
            attributeNodeNS.setValue(eSoapVersion.getMustUnderstandValue(z));
        }
        if (aS4SigningParams.hasWSSecSignatureCustomizer()) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Before running WSSecSignatureCustomizer.customize");
            }
            aS4SigningParams.getWSSecSignatureCustomizer().customize(createWSSecSignature);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("After running WSSecSignatureCustomizer.customize");
            }
        }
        return createWSSecSignature.build(iAS4CryptoFactory.getCrypto(ECryptoMode.ENCRYPT_SIGN));
    }

    @Nonnull
    public static Document createSignedMessage(@Nonnull IAS4CryptoFactory iAS4CryptoFactory, @Nonnull Document document, @Nonnull ESoapVersion eSoapVersion, @Nonnull @Nonempty String str, @Nullable ICommonsList<WSS4JAttachment> iCommonsList, @Nonnull @WillNotClose AS4ResourceHelper aS4ResourceHelper, boolean z, @Nonnull AS4SigningParams aS4SigningParams) throws WSSecurityException {
        Document _createSignedMessage;
        ValueEnforcer.notNull(iAS4CryptoFactory, "CryptoFactorySign");
        ValueEnforcer.notNull(document, "PreSigningMessage");
        ValueEnforcer.notNull(eSoapVersion, "SoapVersion");
        ValueEnforcer.notEmpty(str, "MessagingID");
        ValueEnforcer.notNull(aS4ResourceHelper, "ResHelper");
        ValueEnforcer.notNull(aS4SigningParams, "SigningParams");
        LOGGER.info("phase4 --- sign:start");
        if (AS4Configuration.isWSS4JSynchronizedSecurity()) {
            _createSignedMessage = (Document) WSSSynchronizer.call(() -> {
                return _createSignedMessage(iAS4CryptoFactory, document, eSoapVersion, str, iCommonsList, aS4ResourceHelper, z, aS4SigningParams);
            });
        } else {
            WSSConfigManager.getInstance();
            _createSignedMessage = _createSignedMessage(iAS4CryptoFactory, document, eSoapVersion, str, iCommonsList, aS4ResourceHelper, z, aS4SigningParams);
        }
        LOGGER.info("phase4 --- sign:end");
        return _createSignedMessage;
    }
}
