package org.apache.cxf.rs.security.jose.jaxrs;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.interfaces.RSAPublicKey;
import java.util.Properties;
import java.util.zip.DeflaterOutputStream;
import javax.annotation.Priority;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.ext.WriterInterceptor;
import javax.ws.rs.ext.WriterInterceptorContext;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
import org.apache.cxf.rs.security.jose.jwe.AesGcmContentEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.ContentEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweEncryption;
import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionState;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweOutputStream;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jwe.RSAOaepKeyEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.WrappedKeyJweEncryption;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;

@Priority(1000)
/* loaded from: input_file:org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.class */
public class JweWriterInterceptor implements WriterInterceptor {
    private static final String RSSEC_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
    private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
    private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
    private static final String JSON_WEB_ENCRYPTION_KEY_ALGO_PROP = "rs.security.jwe.key.encryption.algorithm";
    private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
    private JweEncryptionProvider encryptionProvider;
    private boolean useJweOutputStream;
    private boolean contentTypeRequired = true;
    private JoseHeadersWriter writer = new JoseHeadersReaderWriter();

    public void aroundWriteTo(WriterInterceptorContext writerInterceptorContext) throws IOException, WebApplicationException {
        MediaType mediaType;
        OutputStream outputStream = writerInterceptorContext.getOutputStream();
        JweEncryptionProvider initializedEncryptionProvider = getInitializedEncryptionProvider();
        String str = null;
        if (this.contentTypeRequired && (mediaType = writerInterceptorContext.getMediaType()) != null) {
            str = "application".equals(mediaType.getType()) ? mediaType.getSubtype() : JAXRSUtils.mediaTypeToString(mediaType, new String[0]);
        }
        writerInterceptorContext.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
        if (!this.useJweOutputStream) {
            CachedOutputStream cachedOutputStream = new CachedOutputStream();
            writerInterceptorContext.setOutputStream(cachedOutputStream);
            writerInterceptorContext.proceed();
            IOUtils.copy(new ByteArrayInputStream(initializedEncryptionProvider.encrypt(cachedOutputStream.getBytes(), str).getBytes("UTF-8")), outputStream);
            outputStream.flush();
            return;
        }
        JweEncryptionState createJweEncryptionState = initializedEncryptionProvider.createJweEncryptionState(str);
        try {
            JweCompactProducer.startJweContent(outputStream, createJweEncryptionState.getHeaders(), this.writer, createJweEncryptionState.getContentEncryptionKey(), createJweEncryptionState.getIv());
            OutputStream jweOutputStream = new JweOutputStream(outputStream, createJweEncryptionState.getCipher(), createJweEncryptionState.getAuthTagProducer());
            if (createJweEncryptionState.isCompressionSupported()) {
                jweOutputStream = new DeflaterOutputStream(jweOutputStream);
            }
            writerInterceptorContext.setOutputStream(jweOutputStream);
            writerInterceptorContext.proceed();
            jweOutputStream.flush();
        } catch (IOException e) {
            throw new SecurityException(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v43, types: [org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm] */
    protected JweEncryptionProvider getInitializedEncryptionProvider() {
        if (this.encryptionProvider != null) {
            return this.encryptionProvider;
        }
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        String str = (String) MessageUtils.getContextualProperty(currentMessage, RSSEC_ENCRYPTION_OUT_PROPS, RSSEC_ENCRYPTION_PROPS);
        if (str == null) {
            throw new SecurityException();
        }
        try {
            RSAOaepKeyEncryptionAlgorithm rSAOaepKeyEncryptionAlgorithm = null;
            String str2 = null;
            Properties loadProperties = ResourceUtils.loadProperties(str, currentMessage.getExchange().getBus());
            String property = loadProperties.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
            ContentEncryptionAlgorithm contentEncryptionAlgorithm = null;
            if ("jwk".equals(loadProperties.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
                JsonWebKey loadJsonWebKey = JwkUtils.loadJsonWebKey(currentMessage, loadProperties, JsonWebKey.KEY_OPER_ENCRYPT);
                str2 = getKeyEncryptionAlgo(loadProperties, loadJsonWebKey.getAlgorithm());
                if ("direct".equals(str2)) {
                    property = getContentEncryptionAlgo(loadProperties, loadJsonWebKey.getAlgorithm());
                    contentEncryptionAlgorithm = JweUtils.getContentEncryptionAlgorithm(loadJsonWebKey, property);
                } else {
                    rSAOaepKeyEncryptionAlgorithm = JweUtils.getKeyEncryptionAlgorithm(loadJsonWebKey, str2);
                }
            } else {
                rSAOaepKeyEncryptionAlgorithm = new RSAOaepKeyEncryptionAlgorithm((RSAPublicKey) KeyManagementUtils.loadPublicKey(currentMessage, loadProperties), getKeyEncryptionAlgo(loadProperties, null));
            }
            if (rSAOaepKeyEncryptionAlgorithm == null && contentEncryptionAlgorithm == null) {
                throw new SecurityException();
            }
            JweHeaders jweHeaders = new JweHeaders(getKeyEncryptionAlgo(loadProperties, str2), property);
            String property2 = loadProperties.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP);
            if (property2 != null) {
                jweHeaders.setZipAlgorithm(property2);
            }
            return rSAOaepKeyEncryptionAlgorithm != null ? Algorithm.isAesCbcHmac(property) ? new AesCbcHmacJweEncryption(property, rSAOaepKeyEncryptionAlgorithm) : new WrappedKeyJweEncryption(jweHeaders, rSAOaepKeyEncryptionAlgorithm, new AesGcmContentEncryptionAlgorithm(property)) : new DirectKeyJweEncryption(contentEncryptionAlgorithm);
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException(e2);
        }
    }

    private String getKeyEncryptionAlgo(Properties properties, String str) {
        return str == null ? properties.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP) : str;
    }

    private String getContentEncryptionAlgo(Properties properties, String str) {
        return str == null ? properties.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP) : str;
    }

    public void setUseJweOutputStream(boolean z) {
        this.useJweOutputStream = z;
    }

    public void setWriter(JoseHeadersWriter joseHeadersWriter) {
        this.writer = joseHeadersWriter;
    }

    public void setEncryptionProvider(JweEncryptionProvider jweEncryptionProvider) {
        this.encryptionProvider = jweEncryptionProvider;
    }
}
