package org.apache.abdera.security.util.servlet;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.abdera.model.Document;
import org.apache.abdera.model.Element;
import org.apache.abdera.protocol.server.servlet.AbstractFilter;
import org.apache.abdera.security.SecurityException;
import org.apache.abdera.security.Signature;
import org.apache.abdera.security.SignatureOptions;

/* loaded from: input_file:org/apache/abdera/security/util/servlet/SignedResponseFilter.class */
public class SignedResponseFilter extends SecurityFilter {
    private static final String KEYSTORE = "org.apache.abdera.security.util.servlet.Keystore";
    private static final String STOREPASS = "org.apache.abdera.security.util.servlet.KeystorePassword";
    private static final String KEY = "org.apache.abdera.security.util.servlet.PrivateKeyAlias";
    private static final String KEYPASS = "org.apache.abdera.security.util.servlet.PrivateKeyPassword";
    private static final String CERT = "org.apache.abdera.security.util.servlet.CertificateAlias";
    private static final String ALGO = "org.apache.abdera.security.util.servlet.SigningAlgorithm";
    private static final String keystoreType = "JKS";
    private String keystoreFile = null;
    private String keystorePass = null;
    private String privateKeyAlias = null;
    private String privateKeyPass = null;
    private String certificateAlias = null;
    private String algorithm = null;
    private PrivateKey signingKey = null;
    private X509Certificate cert = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.keystoreFile = filterConfig.getInitParameter(KEYSTORE);
        this.keystorePass = filterConfig.getInitParameter(STOREPASS);
        this.privateKeyAlias = filterConfig.getInitParameter(KEY);
        this.privateKeyPass = filterConfig.getInitParameter(KEYPASS);
        this.certificateAlias = filterConfig.getInitParameter(CERT);
        this.algorithm = filterConfig.getInitParameter(ALGO);
        try {
            KeyStore keyStore = KeyStore.getInstance(keystoreType);
            keyStore.load(new FileInputStream(this.keystoreFile), this.keystorePass.toCharArray());
            this.signingKey = (PrivateKey) keyStore.getKey(this.privateKeyAlias, this.privateKeyPass.toCharArray());
            this.cert = (X509Certificate) keyStore.getCertificate(this.certificateAlias);
        } catch (Exception e) {
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        AbstractFilter.BufferingResponseWrapper bufferingResponseWrapper = new AbstractFilter.BufferingResponseWrapper((HttpServletResponse) servletResponse);
        filterChain.doFilter(servletRequest, bufferingResponseWrapper);
        try {
            Document document = getDocument(bufferingResponseWrapper);
            if (document != null) {
                sign(document).writeTo(servletResponse.getOutputStream());
            }
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    private Document<Element> sign(Document<Element> document) throws SecurityException {
        if (this.signingKey == null || this.cert == null) {
            return document;
        }
        Signature signature = this.security.getSignature();
        SignatureOptions defaultSignatureOptions = signature.getDefaultSignatureOptions();
        defaultSignatureOptions.setCertificate(this.cert);
        defaultSignatureOptions.setSigningKey(this.signingKey);
        defaultSignatureOptions.setSigningAlgorithm(this.algorithm);
        return signature.sign(document.getRoot(), defaultSignatureOptions).getDocument();
    }
}
