package org.apache.xml.security.stax.impl.processor.output;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.io.IOException;
import java.io.OutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Set;
import javax.xml.stream.XMLStreamException;
import org.apache.commons.codec.binary.Base64;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractBufferingOutputProcessor;
import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
import org.apache.xml.security.stax.ext.Transformer;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.SignaturePartDef;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithmFactory;
import org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_Excl;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.impl.util.SignerOutputStream;
import org.apache.xml.security.stax.impl.util.UnsynchronizedBufferedOutputStream;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;

/* loaded from: input_file:BOOT-INF/lib/xmlsec-2.0.7.jar:org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.class */
public abstract class AbstractSignatureEndingOutputProcessor extends AbstractBufferingOutputProcessor {
    private List<SignaturePartDef> signaturePartDefList;

    /* loaded from: input_file:BOOT-INF/lib/xmlsec-2.0.7.jar:org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor$SignedInfoProcessor.class */
    protected static class SignedInfoProcessor extends AbstractOutputProcessor {
        private SignerOutputStream signerOutputStream;
        private OutputStream bufferedSignerOutputStream;
        private Transformer transformer;
        private byte[] signatureValue = null;
        private String inclusiveNamespacePrefixes = null;
        private SignatureAlgorithm signatureAlgorithm;
        private XMLSecStartElement xmlSecStartElement;

        public SignedInfoProcessor(SignatureAlgorithm signatureAlgorithm, XMLSecStartElement xMLSecStartElement) throws XMLSecurityException {
            this.signatureAlgorithm = signatureAlgorithm;
            this.xmlSecStartElement = xMLSecStartElement;
        }

        @Override // org.apache.xml.security.stax.ext.AbstractOutputProcessor, org.apache.xml.security.stax.ext.OutputProcessor
        public void init(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
            this.signerOutputStream = new SignerOutputStream(this.signatureAlgorithm);
            this.bufferedSignerOutputStream = new UnsynchronizedBufferedOutputStream(this.signerOutputStream);
            String signatureCanonicalizationAlgorithm = getSecurityProperties().getSignatureCanonicalizationAlgorithm();
            HashMap hashMap = null;
            if (getSecurityProperties().isAddExcC14NInclusivePrefixes() && "http://www.w3.org/2001/10/xml-exc-c14n#".equals(signatureCanonicalizationAlgorithm)) {
                Set<String> excC14NInclusiveNamespacePrefixes = XMLSecurityUtils.getExcC14NInclusiveNamespacePrefixes(this.xmlSecStartElement, false);
                StringBuilder sb = new StringBuilder();
                for (String str : excC14NInclusiveNamespacePrefixes) {
                    if (sb.length() != 0) {
                        sb.append(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                    }
                    sb.append(str);
                }
                this.inclusiveNamespacePrefixes = sb.toString();
                hashMap = new HashMap(2);
                hashMap.put(Canonicalizer20010315_Excl.INCLUSIVE_NAMESPACES_PREFIX_LIST, new ArrayList(excC14NInclusiveNamespacePrefixes));
            }
            this.transformer = XMLSecurityUtils.getTransformer(null, this.bufferedSignerOutputStream, hashMap, signatureCanonicalizationAlgorithm, XMLSecurityConstants.DIRECTION.OUT);
            super.init(outputProcessorChain);
        }

        public byte[] getSignatureValue() throws XMLSecurityException {
            if (this.signatureValue != null) {
                return this.signatureValue;
            }
            try {
                this.transformer.doFinal();
                this.bufferedSignerOutputStream.close();
                this.signatureValue = this.signerOutputStream.sign();
                return this.signatureValue;
            } catch (IOException e) {
                throw new XMLSecurityException(e);
            } catch (XMLStreamException e2) {
                throw new XMLSecurityException(e2);
            }
        }

        public String getInclusiveNamespacePrefixes() {
            return this.inclusiveNamespacePrefixes;
        }

        @Override // org.apache.xml.security.stax.ext.AbstractOutputProcessor
        public void processEvent(XMLSecEvent xMLSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
            this.transformer.transform(xMLSecEvent);
            outputProcessorChain.processEvent(xMLSecEvent);
        }
    }

    public AbstractSignatureEndingOutputProcessor(AbstractSignatureOutputProcessor abstractSignatureOutputProcessor) throws XMLSecurityException {
        this.signaturePartDefList = abstractSignatureOutputProcessor.getSignaturePartDefList();
    }

    @Override // org.apache.xml.security.stax.ext.AbstractBufferingOutputProcessor
    public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
        OutputProcessorChain createSubChain = outputProcessorChain.createSubChain(this);
        List<XMLSecAttribute> arrayList = new ArrayList<>(1);
        arrayList.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
        XMLSecStartElement createStartElementAndOutputAsEvent = createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_Signature, true, arrayList);
        try {
            SignatureAlgorithm signatureAlgorithm = SignatureAlgorithmFactory.getInstance().getSignatureAlgorithm(getSecurityProperties().getSignatureAlgorithm());
            String str = (String) outputProcessorChain.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
            if (str == null) {
                throw new XMLSecurityException("stax.keyNotFound");
            }
            SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(str);
            if (securityTokenProvider == null) {
                throw new XMLSecurityException("stax.keyNotFound");
            }
            OutboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
            if (securityToken == null) {
                throw new XMLSecurityException("stax.keyNotFound");
            }
            String signatureAlgorithm2 = getSecurityProperties().getSignatureAlgorithm();
            Key secretKey = securityToken.getSecretKey(signatureAlgorithm2);
            if ("http://www.w3.org/2000/09/xmldsig#hmac-sha1".equals(signatureAlgorithm2)) {
                secretKey = XMLSecurityUtils.prepareSecretKey(signatureAlgorithm2, secretKey.getEncoded());
            }
            signatureAlgorithm.engineInitSign(secretKey);
            SignedInfoProcessor newSignedInfoProcessor = newSignedInfoProcessor(signatureAlgorithm, createStartElementAndOutputAsEvent, createSubChain);
            createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_SignedInfo, false, (List<XMLSecAttribute>) null);
            List<XMLSecAttribute> arrayList2 = new ArrayList<>(1);
            String signatureCanonicalizationAlgorithm = getSecurityProperties().getSignatureCanonicalizationAlgorithm();
            arrayList2.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signatureCanonicalizationAlgorithm));
            createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_CanonicalizationMethod, false, arrayList2);
            if (getSecurityProperties().isAddExcC14NInclusivePrefixes() && "http://www.w3.org/2001/10/xml-exc-c14n#".equals(signatureCanonicalizationAlgorithm)) {
                List<XMLSecAttribute> arrayList3 = new ArrayList<>(1);
                arrayList3.add(createAttribute(XMLSecurityConstants.ATT_NULL_PrefixList, newSignedInfoProcessor.getInclusiveNamespacePrefixes()));
                createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces, true, arrayList3);
                createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
            }
            createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_CanonicalizationMethod);
            List<XMLSecAttribute> arrayList4 = new ArrayList<>(1);
            arrayList4.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, getSecurityProperties().getSignatureAlgorithm()));
            createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_SignatureMethod, false, arrayList4);
            createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_SignatureMethod);
            for (SignaturePartDef signaturePartDef : this.signaturePartDefList) {
                String sigRefId = signaturePartDef.isExternalResource() ? signaturePartDef.getSigRefId() : signaturePartDef.isGenerateXPointer() ? "#xpointer(id('" + signaturePartDef.getSigRefId() + "'))" : "#" + signaturePartDef.getSigRefId();
                List<XMLSecAttribute> arrayList5 = new ArrayList<>(1);
                arrayList5.add(createAttribute(XMLSecurityConstants.ATT_NULL_URI, sigRefId));
                createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_Reference, false, arrayList5);
                createTransformsStructureForSignature(createSubChain, signaturePartDef);
                List<XMLSecAttribute> arrayList6 = new ArrayList<>(1);
                arrayList6.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, signaturePartDef.getDigestAlgo()));
                createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_DigestMethod, false, arrayList6);
                createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_DigestMethod);
                createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_DigestValue, false, (List<XMLSecAttribute>) null);
                createCharactersAndOutputAsEvent(createSubChain, signaturePartDef.getDigestValue());
                createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_DigestValue);
                createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_Reference);
            }
            createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_SignedInfo);
            createSubChain.removeProcessor(newSignedInfoProcessor);
            createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_SignatureValue, false, (List<XMLSecAttribute>) null);
            createCharactersAndOutputAsEvent(createSubChain, new Base64(76, new byte[]{10}).encodeToString(newSignedInfoProcessor.getSignatureValue()));
            createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_SignatureValue);
            List<XMLSecAttribute> arrayList7 = new ArrayList<>(1);
            arrayList7.add(createAttribute(XMLSecurityConstants.ATT_NULL_Id, IDGenerator.generateID(null)));
            if (!SecurityTokenConstants.KeyIdentifier_NoKeyInfo.equals(getSecurityProperties().getSignatureKeyIdentifier())) {
                createStartElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_KeyInfo, false, arrayList7);
                createKeyInfoStructureForSignature(createSubChain, securityToken, getSecurityProperties().isUseSingleCert());
                createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
            }
            createEndElementAndOutputAsEvent(createSubChain, XMLSecurityConstants.TAG_dsig_Signature);
        } catch (NoSuchAlgorithmException e) {
            throw new XMLSecurityException(e);
        } catch (NoSuchProviderException e2) {
            throw new XMLSecurityException(e2);
        }
    }

    protected abstract SignedInfoProcessor newSignedInfoProcessor(SignatureAlgorithm signatureAlgorithm, XMLSecStartElement xMLSecStartElement, OutputProcessorChain outputProcessorChain) throws XMLSecurityException;

    protected abstract void createTransformsStructureForSignature(OutputProcessorChain outputProcessorChain, SignaturePartDef signaturePartDef) throws XMLStreamException, XMLSecurityException;

    protected abstract void createKeyInfoStructureForSignature(OutputProcessorChain outputProcessorChain, OutboundSecurityToken outboundSecurityToken, boolean z) throws XMLStreamException, XMLSecurityException;
}
