package io.camunda.connectors.soap.client;

import io.camunda.connectors.soap.SoapConnectorInput;
import io.camunda.connectors.soap.xml.XmlUtilities;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.dom.DOMSource;
import org.apache.commons.lang3.StringUtils;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.Merlin;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.oxm.Marshaller;
import org.springframework.oxm.Unmarshaller;
import org.springframework.oxm.XmlMappingException;
import org.springframework.ws.WebServiceMessageFactory;
import org.springframework.ws.client.core.support.WebServiceGatewaySupport;
import org.springframework.ws.client.support.interceptor.ClientInterceptor;
import org.springframework.ws.soap.SoapVersion;
import org.springframework.ws.soap.client.core.SoapActionCallback;
import org.springframework.ws.soap.saaj.SaajSoapMessageFactory;
import org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor;
import org.springframework.ws.soap.security.wss4j2.support.CryptoFactoryBean;
import org.springframework.ws.transport.WebServiceMessageSender;
import org.springframework.ws.transport.http.ClientHttpRequestMessageSender;

/* loaded from: input_file:io/camunda/connectors/soap/client/SpringSoapClient.class */
public class SpringSoapClient implements SoapClient {
    private static final String SINGLE_CERTIFICATE_ALIAS = "user";
    private static final String SINGLE_CERTIFICATE_PASSWORD = "pw";

    /* loaded from: input_file:io/camunda/connectors/soap/client/SpringSoapClient$StringBodyMarshaller.class */
    public static final class StringBodyMarshaller implements Marshaller, Unmarshaller {
        private final Map<String, String> namespaces;

        public StringBodyMarshaller(Map<String, String> map) {
            this.namespaces = map;
        }

        public boolean supports(Class<?> cls) {
            return String.class.isAssignableFrom(cls);
        }

        public Object unmarshal(Source source) throws IOException, XmlMappingException {
            return XmlUtilities.xmlDocumentToString(((DOMSource) source).getNode().getOwnerDocument(), false, true);
        }

        public void marshal(Object obj, Result result) throws IOException, XmlMappingException {
            DOMResult dOMResult = (DOMResult) result;
            registerNamespaces(dOMResult);
            XmlUtilities.appendXmlStringToNode((String) obj, this.namespaces, dOMResult.getNode());
        }

        private void registerNamespaces(DOMResult dOMResult) {
            dOMResult.getNode().getOwnerDocument().getDocumentElement().setAttribute("xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            dOMResult.getNode().getOwnerDocument().getDocumentElement().setAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            Optional.ofNullable(this.namespaces).ifPresent(map -> {
                map.forEach((str, str2) -> {
                    dOMResult.getNode().getOwnerDocument().getDocumentElement().setAttribute("xmlns:" + str, str2);
                });
            });
        }
    }

    /* loaded from: input_file:io/camunda/connectors/soap/client/SpringSoapClient$WebServiceClient.class */
    public static class WebServiceClient extends WebServiceGatewaySupport {
        public String sendSoapRequestFromFactory(String str, SoapConnectorInput.Version version) {
            return version instanceof SoapConnectorInput.Version._1_1 ? getWebServiceTemplate().marshalSendAndReceive(str, new SoapActionCallback(((SoapConnectorInput.Version._1_1) version).soapAction())).toString() : getWebServiceTemplate().marshalSendAndReceive(str).toString();
        }
    }

    @Override // io.camunda.connectors.soap.client.SoapClient
    public String sendSoapRequest(String str, SoapConnectorInput.Version version, String str2, String str3, SoapConnectorInput.Authentication authentication, Integer num, Map<String, String> map) throws Exception {
        WebServiceMessageSender buildMessageSender = buildMessageSender(buildRequestFactory(num));
        WebServiceMessageFactory buildMessageFactory = buildMessageFactory(version);
        Marshaller buildMarshaller = buildMarshaller(map);
        Unmarshaller buildUnmarshaller = buildUnmarshaller(map);
        ClientInterceptor[] buildInterceptors = buildInterceptors(str2, authentication, map);
        WebServiceClient webServiceClient = new WebServiceClient();
        webServiceClient.setDefaultUri(str);
        webServiceClient.setMessageSender(buildMessageSender);
        webServiceClient.setInterceptors(buildInterceptors);
        webServiceClient.setMessageFactory(buildMessageFactory);
        webServiceClient.setMarshaller(buildMarshaller);
        webServiceClient.setUnmarshaller(buildUnmarshaller);
        webServiceClient.afterPropertiesSet();
        return webServiceClient.sendSoapRequestFromFactory(str3, version);
    }

    private Marshaller buildMarshaller(Map<String, String> map) {
        return new StringBodyMarshaller(map);
    }

    private Unmarshaller buildUnmarshaller(Map<String, String> map) {
        return new StringBodyMarshaller(map);
    }

    private WebServiceMessageFactory buildMessageFactory(SoapConnectorInput.Version version) {
        SaajSoapMessageFactory saajSoapMessageFactory = new SaajSoapMessageFactory();
        if (version instanceof SoapConnectorInput.Version._1_1) {
            saajSoapMessageFactory.setSoapVersion(SoapVersion.SOAP_11);
        }
        if (version instanceof SoapConnectorInput.Version._1_2) {
            saajSoapMessageFactory.setSoapVersion(SoapVersion.SOAP_12);
        }
        saajSoapMessageFactory.afterPropertiesSet();
        return saajSoapMessageFactory;
    }

    private WebServiceMessageSender buildMessageSender(ClientHttpRequestFactory clientHttpRequestFactory) {
        ClientHttpRequestMessageSender clientHttpRequestMessageSender = new ClientHttpRequestMessageSender();
        clientHttpRequestMessageSender.setRequestFactory(clientHttpRequestFactory);
        return clientHttpRequestMessageSender;
    }

    private ClientHttpRequestFactory buildRequestFactory(Integer num) {
        SimpleClientHttpRequestFactory simpleClientHttpRequestFactory = new SimpleClientHttpRequestFactory();
        if (num != null && num.intValue() > 0) {
            simpleClientHttpRequestFactory.setConnectTimeout(num.intValue() * 1000);
            simpleClientHttpRequestFactory.setReadTimeout(num.intValue() * 1000);
        }
        return simpleClientHttpRequestFactory;
    }

    private ClientInterceptor[] buildInterceptors(String str, SoapConnectorInput.Authentication authentication, Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        Optional<ClientInterceptor> handleAuthentication = handleAuthentication(authentication);
        Objects.requireNonNull(arrayList);
        handleAuthentication.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional<ClientInterceptor> handleSoapHeader = handleSoapHeader(str, map);
        Objects.requireNonNull(arrayList);
        handleSoapHeader.ifPresent((v1) -> {
            r1.add(v1);
        });
        arrayList.add(new LoggingInterceptor());
        return (ClientInterceptor[]) arrayList.toArray(new ClientInterceptor[0]);
    }

    private Optional<ClientInterceptor> handleSoapHeader(String str, Map<String, String> map) {
        return StringUtils.isEmpty(str) ? Optional.empty() : Optional.of(new HeaderClientInterceptor(str, map));
    }

    private Optional<ClientInterceptor> handleAuthentication(SoapConnectorInput.Authentication authentication) {
        Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
        if (authentication instanceof SoapConnectorInput.Authentication.UsernameToken) {
            SoapConnectorInput.Authentication.UsernameToken usernameToken = (SoapConnectorInput.Authentication.UsernameToken) authentication;
            wss4jSecurityInterceptor.setSecurementActions("UsernameToken");
            wss4jSecurityInterceptor.setSecurementUsername(usernameToken.username());
            if (SoapConnectorInput.YesNo.Yes.equals(usernameToken.encoded())) {
                try {
                    wss4jSecurityInterceptor.setSecurementPassword(new String(MessageDigest.getInstance("SHA-1").digest(usernameToken.password().getBytes())));
                    wss4jSecurityInterceptor.setSecurementPasswordType("PasswordDigest");
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException(e);
                }
            } else {
                wss4jSecurityInterceptor.setSecurementPassword(usernameToken.password());
                wss4jSecurityInterceptor.setSecurementPasswordType("PasswordText");
            }
        } else {
            if (!(authentication instanceof SoapConnectorInput.Authentication.Signature)) {
                return Optional.empty();
            }
            SoapConnectorInput.Authentication.Signature signature = (SoapConnectorInput.Authentication.Signature) authentication;
            wss4jSecurityInterceptor.setEnableSignatureConfirmation(true);
            wss4jSecurityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference");
            if (signature.timestamp() != null) {
                wss4jSecurityInterceptor.setSecurementActions(String.format("%s %s", "Timestamp", "Signature"));
                wss4jSecurityInterceptor.setSecurementTimeToLive(signature.timestamp().intValue());
            } else {
                wss4jSecurityInterceptor.setSecurementActions(String.format("%s", "Signature"));
            }
            SoapConnectorInput.Authentication.Signature.Certificate certificate = signature.certificate();
            if (certificate instanceof SoapConnectorInput.Authentication.Signature.Certificate.SingleCertificate) {
                Crypto cryptoFromSingleCertificate = cryptoFromSingleCertificate((SoapConnectorInput.Authentication.Signature.Certificate.SingleCertificate) certificate);
                wss4jSecurityInterceptor.setSecurementUsername(SINGLE_CERTIFICATE_ALIAS);
                wss4jSecurityInterceptor.setSecurementPassword(SINGLE_CERTIFICATE_PASSWORD);
                wss4jSecurityInterceptor.setSecurementSignatureCrypto(cryptoFromSingleCertificate);
                wss4jSecurityInterceptor.setValidationSignatureCrypto(cryptoFromSingleCertificate);
            } else {
                SoapConnectorInput.Authentication.Signature.Certificate certificate2 = signature.certificate();
                if (certificate2 instanceof SoapConnectorInput.Authentication.Signature.Certificate.KeystoreCertificate) {
                    SoapConnectorInput.Authentication.Signature.Certificate.KeystoreCertificate keystoreCertificate = (SoapConnectorInput.Authentication.Signature.Certificate.KeystoreCertificate) certificate2;
                    Crypto cryptoFromKeystoreCertificate = cryptoFromKeystoreCertificate(keystoreCertificate);
                    wss4jSecurityInterceptor.setSecurementUsername(keystoreCertificate.alias());
                    wss4jSecurityInterceptor.setSecurementPassword(keystoreCertificate.password());
                    wss4jSecurityInterceptor.setSecurementSignatureCrypto(cryptoFromKeystoreCertificate);
                    wss4jSecurityInterceptor.setValidationSignatureCrypto(cryptoFromKeystoreCertificate);
                }
            }
            wss4jSecurityInterceptor.setSecurementSignatureParts((String) signature.encryptionParts().stream().map(encryptionPart -> {
                return String.format("{}{%s}%s;", encryptionPart.namespace(), encryptionPart.localName());
            }).collect(Collectors.joining("")));
            wss4jSecurityInterceptor.setSecurementMustUnderstand(true);
            Optional ofNullable = Optional.ofNullable(signature.digestAlgorithm());
            Objects.requireNonNull(wss4jSecurityInterceptor);
            ofNullable.ifPresent(wss4jSecurityInterceptor::setSecurementSignatureDigestAlgorithm);
            Optional ofNullable2 = Optional.ofNullable(signature.signatureAlgorithm());
            Objects.requireNonNull(wss4jSecurityInterceptor);
            ofNullable2.ifPresent(wss4jSecurityInterceptor::setSecurementSignatureAlgorithm);
        }
        try {
            wss4jSecurityInterceptor.afterPropertiesSet();
            return Optional.of(wss4jSecurityInterceptor);
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private Crypto cryptoFromSingleCertificate(SoapConnectorInput.Authentication.Signature.Certificate.SingleCertificate singleCertificate) {
        try {
            Merlin merlin = new Merlin();
            KeyStore loadKeyStore = loadKeyStore(singleCertificate);
            merlin.setKeyStore(loadKeyStore);
            merlin.setTrustStore(loadKeyStore);
            return merlin;
        } catch (Exception e) {
            throw new RuntimeException("Error while building crypto", e);
        }
    }

    private KeyStore loadKeyStore(SoapConnectorInput.Authentication.Signature.Certificate.SingleCertificate singleCertificate) {
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore();
            X509Certificate loadCertificate = loadCertificate(singleCertificate.certificate());
            PrivateKey loadPrivateKey = loadPrivateKey(singleCertificate.privateKey());
            createEmptyKeyStore.setCertificateEntry("cert", loadCertificate);
            createEmptyKeyStore.setKeyEntry(SINGLE_CERTIFICATE_ALIAS, loadPrivateKey, SINGLE_CERTIFICATE_PASSWORD.toCharArray(), new Certificate[]{loadCertificate});
            return createEmptyKeyStore;
        } catch (KeyStoreException e) {
            throw new RuntimeException("Error while loading keystore", e);
        }
    }

    private KeyStore createEmptyKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            return keyStore;
        } catch (Exception e) {
            throw new RuntimeException("Error while creating keystore", e);
        }
    }

    private X509Certificate loadCertificate(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            throw new RuntimeException("Error while loading certificate", e);
        }
    }

    private PrivateKey loadPrivateKey(String str) {
        PrivateKeyInfo privateKeyInfo;
        try {
            Object readObject = new PEMParser(new StringReader(str)).readObject();
            if (readObject instanceof PEMKeyPair) {
                privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
            } else {
                if (!(readObject instanceof PrivateKeyInfo)) {
                    throw new IllegalStateException("Unknown PEM Parser result: " + String.valueOf(readObject));
                }
                privateKeyInfo = (PrivateKeyInfo) readObject;
            }
            return new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo);
        } catch (Exception e) {
            throw new RuntimeException("Error while loading privateKey", e);
        }
    }

    private Crypto cryptoFromKeystoreCertificate(SoapConnectorInput.Authentication.Signature.Certificate.KeystoreCertificate keystoreCertificate) {
        DefaultResourceLoader defaultResourceLoader = new DefaultResourceLoader();
        CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
        cryptoFactoryBean.setKeyStorePassword(keystoreCertificate.keystorePassword());
        try {
            cryptoFactoryBean.setKeyStoreLocation(defaultResourceLoader.getResource(keystoreCertificate.keystoreLocation()));
            cryptoFactoryBean.afterPropertiesSet();
            return cryptoFactoryBean.getObject();
        } catch (Exception e) {
            throw new RuntimeException("Error while loading keystore", e);
        }
    }
}
