package com.draeger.medical.mdpws.qos.signature;

import com.draeger.medical.mdpws.qos.QoSMessageContext;
import com.draeger.medical.mdpws.qos.QoSPolicy;
import com.draeger.medical.mdpws.qos.interception.InboundSOAPXMLDocumentInterceptor;
import com.draeger.medical.mdpws.qos.interception.InterceptionException;
import com.draeger.medical.mdpws.qos.interception.OutboundSOAPUTF8TransformationInterceptor;
import com.draeger.medical.mdpws.qos.interception.QoSPolicyInterceptionDirection;
import com.draeger.medical.mdpws.qos.interception.QoSPolicyOrdinalNumber;
import com.draeger.medical.mdpws.qos.interception.QoSPolicyTokenState;
import com.draeger.medical.mdpws.qos.nonrepudiation.AuthenticationPolicyInterceptor;
import com.draeger.medical.mdpws.qos.security.SecurityEngine;
import com.draeger.medical.mdpws.qos.subjects.MessagePolicySubject;
import com.draeger.medical.mdpws.qos.subjects.OperationPolicySubject;
import com.draeger.medical.mdpws.qos.subjects.ServicePolicySubject;
import com.draeger.medical.mdpws.utils.Log;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.XMLUtils;
import org.w3c.dom.Document;
import org.ws4d.java.communication.ConnectionInfo;
import org.ws4d.java.communication.receiver.MessageReceiver;
import org.ws4d.java.schema.Element;
import org.ws4d.java.structures.ArrayList;
import org.ws4d.java.structures.Iterator;
import org.ws4d.java.structures.ReadOnlyIterator;
import org.xml.sax.InputSource;

/* loaded from: input_file:com/draeger/medical/mdpws/qos/signature/XMLSignatureInterceptor.class */
public class XMLSignatureInterceptor implements AuthenticationPolicyInterceptor, SignaturePolicyInterceptor, OutboundSOAPUTF8TransformationInterceptor, InboundSOAPXMLDocumentInterceptor {
    private final ArrayList associatedPolicies = new ArrayList();
    private final ArrayList associatedSubjectClasses = new ArrayList();
    private DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
    private DocumentBuilder builder;
    private TransformerFactory tFactory;
    private Transformer transformer;

    public XMLSignatureInterceptor() {
        this.docBuilderFactory.setNamespaceAware(true);
        this.tFactory = TransformerFactory.newInstance();
        SecurityEngine.getInstance().tick();
        this.associatedPolicies.add(InOutboundXMLSignatureQoSPolicy.class);
        this.associatedPolicies.add(InboundXMLSignatureQoSPolicy.class);
        this.associatedPolicies.add(OutboundXMLSignatureQoSPolicy.class);
        this.associatedSubjectClasses.add(ServicePolicySubject.class);
        this.associatedSubjectClasses.add(OperationPolicySubject.class);
        this.associatedSubjectClasses.add(MessagePolicySubject.class);
    }

    @Override // com.draeger.medical.mdpws.qos.interception.OutboundSOAPUTF8TransformationInterceptor
    public boolean interceptOutbound(InputStream inputStream, ConnectionInfo connectionInfo, QoSMessageContext qoSMessageContext, QoSPolicy qoSPolicy, OutputStream outputStream, Element element) throws InterceptionException, IOException {
        try {
            Document addSignature = SecurityEngine.getInstance().addSignature(getDocumentBuilder().parse(new InputSource(inputStream)));
            if (Log.isDebug()) {
                Log.debug(XMLUtils.PrettyDocumentToString(addSignature));
            }
            Log.info("Added Signature to message");
            getTransformer().transform(new DOMSource(addSignature), new StreamResult(outputStream));
            return false;
        } catch (Exception e) {
            Log.error("Could not sign message! " + e.getMessage() + " SecurityEngine init: " + SecurityEngine.getInstance().isInitialized());
            if (Boolean.parseBoolean(System.getProperty("MDPWS.SecurityFailFallbackEnabled", "false"))) {
                return false;
            }
            throw new IOException(e.getMessage());
        }
    }

    private synchronized DocumentBuilder getDocumentBuilder() throws ParserConfigurationException {
        if (this.builder == null) {
            this.builder = this.docBuilderFactory.newDocumentBuilder();
        }
        return this.builder;
    }

    private synchronized Transformer getTransformer() throws TransformerConfigurationException {
        if (this.transformer == null) {
            this.transformer = this.tFactory.newTransformer();
        }
        return this.transformer;
    }

    @Override // com.draeger.medical.mdpws.qos.interception.QoSPolicyInterceptor
    public QoSPolicyOrdinalNumber getOrdinalNumberForSubject(Class<?> cls) {
        return ServicePolicySubject.class.isAssignableFrom(cls) ? new QoSPolicyOrdinalNumber(0) : QoSPolicyOrdinalNumber.NOT_APPLICABLE;
    }

    @Override // com.draeger.medical.mdpws.qos.interception.QoSPolicyInterceptor
    public Iterator getQoSPolicyClasses() {
        return new ReadOnlyIterator(this.associatedPolicies.iterator());
    }

    @Override // com.draeger.medical.mdpws.qos.interception.QoSPolicyInterceptor
    public Iterator getInterceptorSubjectClasses() {
        return new ReadOnlyIterator(this.associatedSubjectClasses.iterator());
    }

    @Override // com.draeger.medical.mdpws.qos.interception.QoSPolicyInterceptor
    public QoSPolicyInterceptionDirection getInterceptionDirection() {
        return QoSPolicyInterceptionDirection.OUTBOUND;
    }

    @Override // com.draeger.medical.mdpws.qos.interception.InboundSOAPXMLDocumentInterceptor
    public Document interceptInbound(Document document, ConnectionInfo connectionInfo, MessageReceiver messageReceiver, QoSMessageContext qoSMessageContext, QoSPolicy qoSPolicy, String str) throws InterceptionException {
        Document document2 = null;
        if (SecurityEngine.getInstance().isInitialized()) {
            if (document != null) {
                try {
                    AuthenticationQoSPolicyToken authenticationQoSPolicyToken = new AuthenticationQoSPolicyToken(qoSPolicy, null, QoSPolicyInterceptionDirection.INBOUND);
                    try {
                        List<WSSecurityEngineResult> processSignature = SecurityEngine.getInstance().processSignature(document);
                        if (processSignature != null) {
                            java.util.ArrayList arrayList = new java.util.ArrayList();
                            Log.info("SecurityHeader Information available: " + processSignature.size());
                            for (WSSecurityEngineResult wSSecurityEngineResult : processSignature) {
                                if (wSSecurityEngineResult instanceof WSSecurityEngineResult) {
                                    X509Certificate x509Certificate = (X509Certificate) wSSecurityEngineResult.get("x509-certificate");
                                    if (x509Certificate != null) {
                                        arrayList.add(x509Certificate);
                                    }
                                    if (Log.isInfo()) {
                                        Log.info("CertificateChain Available " + arrayList.size());
                                    }
                                }
                            }
                            authenticationQoSPolicyToken.updateValue(arrayList, QoSPolicyTokenState.VALID, QoSPolicyInterceptionDirection.INBOUND);
                        } else {
                            Log.info("No SecurityHeader Information included");
                            authenticationQoSPolicyToken.updateValue(null, QoSPolicyTokenState.INVALID, QoSPolicyInterceptionDirection.INBOUND);
                        }
                    } catch (WSSecurityException e) {
                        logError(messageReceiver, e, connectionInfo, document);
                        authenticationQoSPolicyToken.updateValue(null, QoSPolicyTokenState.ERROR_DURING_PROCESSING, QoSPolicyInterceptionDirection.INBOUND);
                    }
                    qoSMessageContext.addQoSPolicyToken(authenticationQoSPolicyToken);
                    document2 = document;
                } catch (Exception e2) {
                    logError(messageReceiver, e2, connectionInfo, document);
                    throw new InterceptionException(e2);
                }
            }
        }
        return document2;
    }

    private void logError(MessageReceiver messageReceiver, Exception exc, ConnectionInfo connectionInfo, Document document) {
        Log.error(exc.getMessage() + " " + connectionInfo.toString());
    }
}
