package org.mule.connectors.wss.internal.incoming;

import javax.inject.Inject;
import javax.inject.Named;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.mule.connectors.wss.api.handler.CredentialsCallbackHandler;
import org.mule.connectors.wss.api.incoming.DecryptionConfig;
import org.mule.connectors.wss.api.incoming.VerifySignatureConfig;
import org.mule.connectors.wss.api.incoming.VerifyTimestampConfig;
import org.mule.connectors.wss.api.incoming.VerifyUsernameTokenConfig;
import org.mule.connectors.wss.internal.error.WssException;
import org.mule.connectors.wss.internal.error.WssSecurityException;
import org.mule.connectors.wss.internal.security.SoapWssSecurityProvider;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.lifecycle.Disposable;
import org.mule.runtime.api.lifecycle.Initialisable;
import org.mule.runtime.api.lifecycle.InitialisationException;
import org.mule.runtime.api.meta.ExpressionSupport;
import org.mule.runtime.core.api.security.SecurityManager;
import org.mule.runtime.extension.api.annotation.Configuration;
import org.mule.runtime.extension.api.annotation.Expression;
import org.mule.runtime.extension.api.annotation.Operations;
import org.mule.runtime.extension.api.annotation.dsl.xml.ParameterDsl;
import org.mule.runtime.extension.api.annotation.param.Optional;
import org.mule.runtime.extension.api.annotation.param.Parameter;
import org.mule.runtime.extension.api.annotation.param.display.DisplayName;
import org.w3c.dom.Document;

@Configuration(name = "incoming")
@Operations({WssIncomingOperations.class})
/* loaded from: input_file:org/mule/connectors/wss/internal/incoming/WssIncomingConfig.class */
public class WssIncomingConfig implements Initialisable, Disposable {

    @Inject
    @Named("_muleSecurityManager")
    private SecurityManager securityManager;

    @Optional
    @Parameter
    private String actor;

    @Optional
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private boolean extractSecurityHeader;

    @Optional
    @ParameterDsl(allowReferences = false)
    @Parameter
    @DisplayName("Username Token Configuration")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private VerifyUsernameTokenConfig usernameConfig;

    @Optional
    @ParameterDsl(allowReferences = false)
    @Parameter
    @DisplayName("Verify Signature Configuration")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private VerifySignatureConfig verifySignatureConfig;

    @Optional
    @ParameterDsl(allowReferences = false)
    @Parameter
    @DisplayName("Decryption Configuration")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private DecryptionConfig decryptionConfig;

    @Optional
    @ParameterDsl(allowReferences = false)
    @Parameter
    @DisplayName("Timestamp Configuration")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private VerifyTimestampConfig timestampConfig;
    private WSSecurityEngine engine;
    private RequestData requestData;

    public void initialise() throws InitialisationException {
        validateConfig();
        doSetUpSecurityProvider();
        doSetUpEngine();
    }

    private void doSetUpSecurityProvider() throws InitialisationException {
        if (this.securityManager.getProvider(SoapWssSecurityProvider.ID) == null) {
            SoapWssSecurityProvider soapWssSecurityProvider = new SoapWssSecurityProvider();
            soapWssSecurityProvider.initialise();
            this.securityManager.addProvider(soapWssSecurityProvider);
        }
    }

    private void validateConfig() throws InitialisationException {
        if (this.verifySignatureConfig == null && this.decryptionConfig == null && this.timestampConfig == null && this.usernameConfig == null) {
            throw new InitialisationException(I18nMessageFactory.createStaticMessage("No WSS config was found in config, at least one is required"), this);
        }
    }

    private void doSetUpEngine() throws InitialisationException {
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        WSSConfig wssConfig = wSSecurityEngine.getWssConfig();
        initConfig(wssConfig);
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(new CredentialsCallbackHandler());
        try {
            if (this.verifySignatureConfig != null) {
                this.verifySignatureConfig.setUp(wssConfig, requestData);
            }
            if (this.decryptionConfig != null) {
                this.decryptionConfig.setUp(wssConfig, requestData);
            }
            if (this.timestampConfig != null) {
                this.timestampConfig.setUp(wssConfig, requestData);
            }
            if (this.usernameConfig != null) {
                this.usernameConfig.setUp(wssConfig, requestData);
            }
            requestData.setAllowRSA15KeyTransportAlgorithm(true);
            requestData.setActor(this.actor);
            requestData.setWssConfig(wssConfig);
            this.requestData = requestData;
            this.engine = wSSecurityEngine;
        } catch (WssException e) {
            throw new InitialisationException(e, this);
        }
    }

    private void initConfig(WSSConfig wSSConfig) {
        wSSConfig.setProcessor(WSConstants.SAML_TOKEN, NullProcessor.class);
        wSSConfig.setProcessor(WSConstants.SAML2_TOKEN, NullProcessor.class);
        wSSConfig.setProcessor(WSConstants.SIGNATURE, NullProcessor.class);
        wSSConfig.setProcessor(WSConstants.TIMESTAMP, NullProcessor.class);
        wSSConfig.setProcessor(WSConstants.USERNAME_TOKEN, NullProcessor.class);
        wSSConfig.setProcessor(WSConstants.ENCRYPTED_KEY, NullProcessor.class);
    }

    public String getActor() {
        return this.actor;
    }

    public boolean extractSecurityHeader() {
        return this.extractSecurityHeader;
    }

    public void dispose() {
        this.engine = null;
    }

    public WSHandlerResult processSecurity(Document document) {
        try {
            return this.engine.processSecurityHeader(document, this.requestData);
        } catch (WSSecurityException e) {
            throw new WssSecurityException("Error processing security: " + e.getMessage(), e);
        }
    }
}
