package org.apache.cxf.rs.security.jose.jaxrs;

import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.annotation.Priority;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.ext.WriterInterceptor;
import javax.ws.rs.ext.WriterInterceptorContext;
import org.apache.cxf.common.util.Base64UrlOutputStream;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.common.JoseHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream;
import org.apache.cxf.rs.security.jose.jws.JwsJsonProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignature;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;

@Priority(1002)
/* loaded from: input_file:lib/cxf-rt-rs-security-jose-jaxrs-3.4.3.jar:org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.class */
public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider implements WriterInterceptor {
    private Set<String> protectedHttpHeaders;
    private boolean protectHttpHeaders;
    private boolean useJwsOutputStream;
    private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();
    private boolean contentTypeRequired = true;
    private boolean encodePayload = true;

    @Override // javax.ws.rs.ext.WriterInterceptor
    public void aroundWriteTo(WriterInterceptorContext writerInterceptorContext) throws IOException, WebApplicationException {
        if (writerInterceptorContext.getEntity() == null) {
            writerInterceptorContext.proceed();
            return;
        }
        List<String> propertyLocations = getPropertyLocations();
        ArrayList arrayList = new ArrayList(propertyLocations.size());
        for (int i = 0; i < propertyLocations.size(); i++) {
            arrayList.add(new JwsHeaders());
        }
        List<JwsSignatureProvider> initializedSigProviders = getInitializedSigProviders(propertyLocations, arrayList);
        OutputStream outputStream = writerInterceptorContext.getOutputStream();
        if (!this.useJwsOutputStream) {
            CachedOutputStream cachedOutputStream = new CachedOutputStream();
            writerInterceptorContext.setOutputStream(cachedOutputStream);
            writerInterceptorContext.proceed();
            JwsJsonProducer jwsJsonProducer = new JwsJsonProducer(new String(cachedOutputStream.getBytes(), StandardCharsets.UTF_8));
            int size = initializedSigProviders.size();
            for (int i2 = 0; i2 < size; i2++) {
                JwsSignatureProvider jwsSignatureProvider = initializedSigProviders.get(i2);
                JwsHeaders jwsHeaders = arrayList.get(i2);
                prepareProtectedHeader(jwsHeaders, writerInterceptorContext, jwsSignatureProvider, size == 1);
                jwsJsonProducer.signWith(jwsSignatureProvider, jwsHeaders, null);
            }
            writerInterceptorContext.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
            writeJws(jwsJsonProducer, outputStream);
            return;
        }
        ArrayList arrayList2 = new ArrayList(initializedSigProviders.size());
        ArrayList arrayList3 = new ArrayList(initializedSigProviders.size());
        int size2 = initializedSigProviders.size();
        for (int i3 = 0; i3 < size2; i3++) {
            JwsSignatureProvider jwsSignatureProvider2 = initializedSigProviders.get(i3);
            JwsHeaders jwsHeaders2 = arrayList.get(i3);
            prepareProtectedHeader(jwsHeaders2, writerInterceptorContext, jwsSignatureProvider2, size2 == 1);
            String encode = Base64UrlUtility.encode(this.writer.toJson(jwsHeaders2));
            arrayList2.add(encode);
            JwsSignature createJwsSignature = jwsSignatureProvider2.createJwsSignature(jwsHeaders2);
            byte[] bytesUTF8 = StringUtils.toBytesUTF8(encode + ".");
            createJwsSignature.update(bytesUTF8, 0, bytesUTF8.length);
            arrayList3.add(createJwsSignature);
        }
        writerInterceptorContext.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
        outputStream.write(StringUtils.toBytesUTF8("{\"payload\":\""));
        JwsJsonOutputStream jwsJsonOutputStream = new JwsJsonOutputStream(outputStream, arrayList2, arrayList3);
        Base64UrlOutputStream base64UrlOutputStream = null;
        if (this.encodePayload) {
            base64UrlOutputStream = new Base64UrlOutputStream(jwsJsonOutputStream);
            writerInterceptorContext.setOutputStream(base64UrlOutputStream);
        } else {
            writerInterceptorContext.setOutputStream(jwsJsonOutputStream);
        }
        writerInterceptorContext.proceed();
        if (base64UrlOutputStream != null) {
            base64UrlOutputStream.flush();
        }
        jwsJsonOutputStream.flush();
    }

    private void prepareProtectedHeader(JwsHeaders jwsHeaders, WriterInterceptorContext writerInterceptorContext, JwsSignatureProvider jwsSignatureProvider, boolean z) {
        jwsHeaders.setSignatureAlgorithm(jwsSignatureProvider.getAlgorithm());
        setContentTypeIfNeeded(jwsHeaders, writerInterceptorContext);
        if (!this.encodePayload) {
            jwsHeaders.setPayloadEncodingStatus(false);
        }
        if (z) {
            protectHttpHeadersIfNeeded(writerInterceptorContext, jwsHeaders);
        }
    }

    public void setContentTypeRequired(boolean z) {
        this.contentTypeRequired = z;
    }

    public void setUseJwsJsonOutputStream(boolean z) {
        this.useJwsOutputStream = z;
    }

    private void setContentTypeIfNeeded(JoseHeaders joseHeaders, WriterInterceptorContext writerInterceptorContext) {
        MediaType mediaType;
        if (!this.contentTypeRequired || (mediaType = writerInterceptorContext.getMediaType()) == null || JAXRSUtils.mediaTypeToString(mediaType, new String[0]).equals(JoseConstants.MEDIA_TYPE_JOSE_JSON)) {
            return;
        }
        if ("application".equals(mediaType.getType())) {
            joseHeaders.setContentType(mediaType.getSubtype());
        } else {
            joseHeaders.setContentType(JAXRSUtils.mediaTypeToString(mediaType, new String[0]));
        }
    }

    public void setEncodePayload(boolean z) {
        this.encodePayload = z;
    }

    protected void protectHttpHeadersIfNeeded(WriterInterceptorContext writerInterceptorContext, JwsHeaders jwsHeaders) {
        if (this.protectHttpHeaders) {
            JoseJaxrsUtils.protectHttpHeaders(writerInterceptorContext.getHeaders(), jwsHeaders, this.protectedHttpHeaders);
        }
    }

    public void setProtectHttpHeaders(boolean z) {
        this.protectHttpHeaders = z;
    }

    public void setProtectedHttpHeaders(Set<String> set) {
        this.protectedHttpHeaders = set;
    }
}
