package org.mule.connectors.wss.api.outgoing;

import java.security.cert.X509Certificate;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.xml.security.Init;
import org.mule.connectors.wss.api.constants.EncryptionDigestAlgorithmConstants;
import org.mule.connectors.wss.api.constants.EncryptionKeyIdentifierConstants;
import org.mule.connectors.wss.api.constants.EncryptionKeyTransportAlgorithmConstants;
import org.mule.connectors.wss.api.constants.EncryptionSymAlgorithmConstants;
import org.mule.connectors.wss.api.store.KeyStoreConfiguration;
import org.mule.connectors.wss.internal.error.WssApplyException;
import org.mule.runtime.api.meta.ExpressionSupport;
import org.mule.runtime.api.store.ObjectStoreException;
import org.mule.runtime.api.store.ObjectStoreManager;
import org.mule.runtime.extension.api.annotation.Alias;
import org.mule.runtime.extension.api.annotation.Expression;
import org.mule.runtime.extension.api.annotation.dsl.xml.ParameterDsl;
import org.mule.runtime.extension.api.annotation.param.Optional;
import org.mule.runtime.extension.api.annotation.param.Parameter;
import org.mule.runtime.extension.api.annotation.param.display.DisplayName;
import org.mule.runtime.extension.api.annotation.param.display.Summary;
import org.w3c.dom.Document;

/* loaded from: input_file:org/mule/connectors/wss/api/outgoing/EncryptionConfig.class */
public class EncryptionConfig extends BaseOutgoingConfig implements OutgoingWss {

    @Optional(defaultValue = "ISSUER_SERIAL")
    @Parameter
    @Summary("The key identifier type to use for encryption.")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private EncryptionKeyIdentifierConstants encryptionKeyIdentifier;

    @Optional(defaultValue = "AES_128")
    @Parameter
    @Summary("The symmetric encryption algorithm to use.")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private EncryptionSymAlgorithmConstants encryptionSymAlgorithm;

    @Optional(defaultValue = "KEYTRANSPORT_RSAOAEP")
    @Parameter
    @Summary("The algorithm to use to encrypt the generated symmetric key.")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private EncryptionKeyTransportAlgorithmConstants encryptionKeyTransportAlgorithm;

    @Optional(defaultValue = "SHA1")
    @Parameter
    @Summary("The encryption digest algorithm to use with the key transport algorithm.")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private EncryptionDigestAlgorithmConstants encryptionDigestAlgorithm;

    @Optional
    @ParameterDsl(allowReferences = false)
    @Parameter
    @DisplayName("KeyStore Configuration")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias("keystore-config")
    protected KeyStoreConfiguration keyStoreConfiguration;

    @Inject
    @Named("_muleObjectStoreManager")
    private ObjectStoreManager runtimeObjectStoreManager;

    @Override // org.mule.connectors.wss.api.outgoing.OutgoingWss
    public void apply(String str, Document document, WSSecHeader wSSecHeader) throws WssApplyException {
        try {
            Init.init();
            WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
            if (this.keyStoreConfiguration == null) {
                X509Certificate signingRequestCertificate = getSigningRequestCertificate(str);
                if (signingRequestCertificate != null) {
                    wSSecEncrypt.setUseThisCert(signingRequestCertificate);
                }
            } else {
                wSSecEncrypt.setUserInfo(this.keyStoreConfiguration.getAlias(), this.keyStoreConfiguration.getKeyPassword());
            }
            wSSecEncrypt.setSymmetricEncAlgorithm(this.encryptionSymAlgorithm.toString());
            wSSecEncrypt.setKeyEncAlgo(this.encryptionKeyTransportAlgorithm.toString());
            wSSecEncrypt.setDigestAlgorithm(this.encryptionDigestAlgorithm.toString());
            List<WSEncryptionPart> createWSParts = createWSParts();
            if (!createWSParts.isEmpty()) {
                wSSecEncrypt.getParts().addAll(createWSParts);
            }
            wSSecEncrypt.build(this.keyStoreConfiguration != null ? getCrypto(this.keyStoreConfiguration) : null);
        } catch (Exception e) {
            throw new WssApplyException(e);
        }
    }

    private X509Certificate getSigningRequestCertificate(String str) {
        try {
            return (X509Certificate) this.runtimeObjectStoreManager.getDefaultPartition().retrieve(str);
        } catch (ObjectStoreException e) {
            return null;
        }
    }
}
