package org.apache.wss4j.stax.setup;

import java.io.OutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.stream.XMLStreamWriter;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.processor.output.BinarySecurityTokenOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.CustomTokenOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.DerivedKeyTokenOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.EncryptEndingOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.EncryptOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.EncryptedKeyOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.ReferenceListOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.SAMLTokenOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.SecurityContextTokenOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.SecurityHeaderOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.SecurityHeaderReorderProcessor;
import org.apache.wss4j.stax.impl.processor.output.SignatureConfirmationOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.TimestampOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.UsernameTokenOutputProcessor;
import org.apache.wss4j.stax.impl.processor.output.WSSSignatureOutputProcessor;
import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.utils.WSSUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
import org.apache.xml.security.stax.ext.OutboundSecurityContext;
import org.apache.xml.security.stax.ext.OutputProcessor;
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.impl.DocumentContextImpl;
import org.apache.xml.security.stax.impl.OutboundSecurityContextImpl;
import org.apache.xml.security.stax.impl.OutputProcessorChainImpl;
import org.apache.xml.security.stax.impl.XMLSecurityStreamWriter;
import org.apache.xml.security.stax.impl.processor.output.FinalOutputProcessor;
import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;

/* loaded from: input_file:WEB-INF/lib/wss4j-ws-security-stax-2.2.3.jar:org/apache/wss4j/stax/setup/OutboundWSSec.class */
public class OutboundWSSec {
    private final WSSSecurityProperties securityProperties;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/wss4j-ws-security-stax-2.2.3.jar:org/apache/wss4j/stax/setup/OutboundWSSec$ConfiguredAction.class */
    public static class ConfiguredAction {
        boolean signatureAction;
        boolean encryptionAction;
        boolean signedSAML;
        boolean kerberos;
        boolean signatureKerberos;
        boolean encryptionKerberos;
        boolean derivedSignature;
        boolean derivedEncryption;

        private ConfiguredAction() {
            this.signatureAction = false;
            this.encryptionAction = false;
            this.signedSAML = false;
            this.kerberos = false;
            this.signatureKerberos = false;
            this.encryptionKerberos = false;
            this.derivedSignature = false;
            this.derivedEncryption = false;
        }
    }

    public OutboundWSSec(WSSSecurityProperties wSSSecurityProperties) {
        this.securityProperties = wSSSecurityProperties;
    }

    public XMLStreamWriter processOutMessage(OutputStream outputStream, String str, List<SecurityEvent> list) throws WSSecurityException {
        return processOutMessage(outputStream, str, list, (SecurityEventListener) null);
    }

    public XMLStreamWriter processOutMessage(XMLStreamWriter xMLStreamWriter, String str, List<SecurityEvent> list) throws WSSecurityException {
        return processOutMessage(xMLStreamWriter, str, list, (SecurityEventListener) null);
    }

    public XMLStreamWriter processOutMessage(OutputStream outputStream, String str, List<SecurityEvent> list, SecurityEventListener securityEventListener) throws WSSecurityException {
        OutboundSecurityContextImpl outboundSecurityContextImpl = new OutboundSecurityContextImpl();
        outboundSecurityContextImpl.putList(SecurityEvent.class, list);
        outboundSecurityContextImpl.addSecurityEventListener(securityEventListener);
        return processOutMessage(outputStream, str, outboundSecurityContextImpl);
    }

    public XMLStreamWriter processOutMessage(XMLStreamWriter xMLStreamWriter, String str, List<SecurityEvent> list, SecurityEventListener securityEventListener) throws WSSecurityException {
        OutboundSecurityContextImpl outboundSecurityContextImpl = new OutboundSecurityContextImpl();
        outboundSecurityContextImpl.putList(SecurityEvent.class, list);
        outboundSecurityContextImpl.addSecurityEventListener(securityEventListener);
        return processOutMessage((Object) xMLStreamWriter, str, (OutboundSecurityContext) outboundSecurityContextImpl);
    }

    public XMLStreamWriter processOutMessage(XMLStreamWriter xMLStreamWriter, String str, OutboundSecurityContext outboundSecurityContext) throws WSSecurityException {
        return processOutMessage((Object) xMLStreamWriter, str, outboundSecurityContext);
    }

    public XMLStreamWriter processOutMessage(Object obj, String str, OutboundSecurityContext outboundSecurityContext) throws WSSecurityException {
        DocumentContextImpl documentContextImpl = new DocumentContextImpl();
        documentContextImpl.setEncoding(str);
        OutputProcessorChainImpl outputProcessorChainImpl = new OutputProcessorChainImpl(outboundSecurityContext, documentContextImpl);
        try {
            initializeOutputProcessor(outputProcessorChainImpl, new SecurityHeaderOutputProcessor(), null);
            ConfiguredAction configureActions = configureActions(outputProcessorChainImpl);
            if (configureActions.signatureAction) {
                setupSignatureKey(outputProcessorChainImpl, this.securityProperties, configureActions.signedSAML);
            }
            if (configureActions.encryptionAction) {
                setupEncryptionKey(outputProcessorChainImpl, this.securityProperties);
            }
            if (configureActions.kerberos) {
                setupKerberosKey(outputProcessorChainImpl, this.securityProperties, configureActions.signatureKerberos, configureActions.encryptionKerberos);
            }
            if (configureActions.derivedSignature) {
                setDerivedIdentifier(outputProcessorChainImpl, (String) outputProcessorChainImpl.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE));
            }
            if (configureActions.derivedEncryption) {
                String str2 = (String) outputProcessorChainImpl.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY);
                if (str2 == null) {
                    str2 = (String) outputProcessorChainImpl.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
                }
                setDerivedIdentifier(outputProcessorChainImpl, str2);
            }
            initializeOutputProcessor(outputProcessorChainImpl, new SecurityHeaderReorderProcessor(), null);
            if (obj instanceof OutputStream) {
                initializeOutputProcessor(outputProcessorChainImpl, new FinalOutputProcessor((OutputStream) obj, str), null);
            } else {
                if (!(obj instanceof XMLStreamWriter)) {
                    throw new IllegalArgumentException(obj + " is not supported as output");
                }
                initializeOutputProcessor(outputProcessorChainImpl, new FinalOutputProcessor((XMLStreamWriter) obj), null);
            }
            return new XMLSecurityStreamWriter(outputProcessorChainImpl);
        } catch (XMLSecurityException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        }
    }

    private void initializeOutputProcessor(OutputProcessorChainImpl outputProcessorChainImpl, OutputProcessor outputProcessor, XMLSecurityConstants.Action action) throws XMLSecurityException {
        outputProcessor.setXMLSecurityProperties(this.securityProperties);
        outputProcessor.setAction(action);
        outputProcessor.init(outputProcessorChainImpl);
    }

    private void setupSignatureKey(OutputProcessorChainImpl outputProcessorChainImpl, WSSSecurityProperties wSSSecurityProperties, boolean z) throws XMLSecurityException {
        Key privateKey;
        X509Certificate[] x509Certificates;
        String signatureAlgorithm = wSSSecurityProperties.getSignatureAlgorithm();
        GenericOutboundSecurityToken outboundSecurityToken = getOutboundSecurityToken(outputProcessorChainImpl, XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE);
        if (outboundSecurityToken != null && signatureAlgorithm != null) {
            if (signatureAlgorithm.contains("hmac-sha") && outboundSecurityToken.getSecretKey(signatureAlgorithm) != null) {
                return;
            }
            if (!signatureAlgorithm.contains("hmac-sha") && outboundSecurityToken.getX509Certificates() != null) {
                if (outboundSecurityToken.getSecretKey(signatureAlgorithm) != null) {
                    return;
                }
                outboundSecurityToken.setSecretKey(signatureAlgorithm, wSSSecurityProperties.getSignatureCrypto().getPrivateKey(outboundSecurityToken.getX509Certificates()[0], wSSSecurityProperties.getCallbackHandler()));
                return;
            }
        }
        String signatureUser = wSSSecurityProperties.getSignatureUser();
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(signatureUser, 3);
        WSSUtils.doPasswordCallback(wSSSecurityProperties.getCallbackHandler(), wSPasswordCallback);
        String password = wSPasswordCallback.getPassword();
        byte[] key = wSPasswordCallback.getKey();
        if (password != null) {
            try {
                if (wSSSecurityProperties.getSignatureCrypto() != null) {
                    privateKey = wSSSecurityProperties.getSignatureCrypto().getPrivateKey(signatureUser, password);
                    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
                    cryptoType.setAlias(signatureUser);
                    x509Certificates = wSSSecurityProperties.getSignatureCrypto().getX509Certificates(cryptoType);
                    if (x509Certificates == null || x509Certificates.length == 0) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noUserCertsFound", new Object[]{signatureUser});
                    }
                    final String generateID = IDGenerator.generateID(null);
                    final GenericOutboundSecurityToken genericOutboundSecurityToken = new GenericOutboundSecurityToken(generateID, WSSecurityTokenConstants.X509V3Token, privateKey, x509Certificates);
                    outputProcessorChainImpl.getSecurityContext().registerSecurityTokenProvider(generateID, new SecurityTokenProvider<OutboundSecurityToken>() { // from class: org.apache.wss4j.stax.setup.OutboundWSSec.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                        public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
                            return genericOutboundSecurityToken;
                        }

                        @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                        public String getId() {
                            return generateID;
                        }
                    });
                    outputProcessorChainImpl.getSecurityContext().put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, generateID);
                }
            } catch (WSSecurityException e) {
                if (!z || wSSSecurityProperties.getSamlCallbackHandler() == null) {
                    throw e;
                }
                return;
            }
        }
        if (key == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noPassword", new Object[]{signatureUser});
        }
        x509Certificates = null;
        privateKey = new SecretKeySpec(key, JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(signatureAlgorithm));
        final String generateID2 = IDGenerator.generateID(null);
        final GenericOutboundSecurityToken genericOutboundSecurityToken2 = new GenericOutboundSecurityToken(generateID2, WSSecurityTokenConstants.X509V3Token, privateKey, x509Certificates);
        outputProcessorChainImpl.getSecurityContext().registerSecurityTokenProvider(generateID2, new SecurityTokenProvider<OutboundSecurityToken>() { // from class: org.apache.wss4j.stax.setup.OutboundWSSec.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
                return genericOutboundSecurityToken2;
            }

            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public String getId() {
                return generateID2;
            }
        });
        outputProcessorChainImpl.getSecurityContext().put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, generateID2);
    }

    private void setupEncryptionKey(OutputProcessorChainImpl outputProcessorChainImpl, WSSSecurityProperties wSSSecurityProperties) throws XMLSecurityException {
        String encryptionSymAlgorithm = wSSSecurityProperties.getEncryptionSymAlgorithm();
        GenericOutboundSecurityToken outboundSecurityToken = getOutboundSecurityToken(outputProcessorChainImpl, XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
        if (outboundSecurityToken == null || outboundSecurityToken.getSecretKey(encryptionSymAlgorithm) == null) {
            String jCEKeyAlgorithmFromURI = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(wSSSecurityProperties.getEncryptionSymAlgorithm());
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(jCEKeyAlgorithmFromURI);
                if (jCEKeyAlgorithmFromURI.contains("AES")) {
                    keyGenerator.init(JCEAlgorithmMapper.getKeyLengthFromURI(wSSSecurityProperties.getEncryptionSymAlgorithm()));
                }
                SecretKey generateKey = keyGenerator.generateKey();
                final String generateID = IDGenerator.generateID(null);
                final GenericOutboundSecurityToken genericOutboundSecurityToken = new GenericOutboundSecurityToken(generateID, WSSecurityTokenConstants.EncryptedKeyToken, generateKey);
                outboundSecurityToken = genericOutboundSecurityToken;
                outputProcessorChainImpl.getSecurityContext().registerSecurityTokenProvider(generateID, new SecurityTokenProvider<OutboundSecurityToken>() { // from class: org.apache.wss4j.stax.setup.OutboundWSSec.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                    public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {
                        return genericOutboundSecurityToken;
                    }

                    @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                    public String getId() {
                        return generateID;
                    }
                });
                outputProcessorChainImpl.getSecurityContext().put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, generateID);
            } catch (NoSuchAlgorithmException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
            }
        }
        if (wSSSecurityProperties.isEncryptSymmetricEncryptionKey()) {
            X509Certificate[] x509CertificateArr = null;
            PublicKey publicKey = null;
            if (wSSSecurityProperties.isUseReqSigCertForEncryption()) {
                X509Certificate reqSigCert = getReqSigCert(outputProcessorChainImpl.getSecurityContext());
                if (reqSigCert == null) {
                    publicKey = getReqSigPublicKey(outputProcessorChainImpl.getSecurityContext());
                    if (publicKey == null) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "noCert");
                    }
                } else {
                    x509CertificateArr = new X509Certificate[]{reqSigCert};
                }
            } else if (wSSSecurityProperties.getEncryptionUseThisCertificate() != null) {
                x509CertificateArr = new X509Certificate[]{wSSSecurityProperties.getEncryptionUseThisCertificate()};
            } else {
                CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
                cryptoType.setAlias(wSSSecurityProperties.getEncryptionUser());
                x509CertificateArr = wSSSecurityProperties.getEncryptionCrypto().getX509Certificates(cryptoType);
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "noUserCertsFound", new Object[]{wSSSecurityProperties.getEncryptionUser(), "encryption"});
                }
            }
            if (wSSSecurityProperties.isEnableRevocation() && x509CertificateArr != null) {
                wSSSecurityProperties.getEncryptionCrypto().verifyTrust(x509CertificateArr, true, null, null);
            }
            final String generateID2 = IDGenerator.generateID(null);
            final GenericOutboundSecurityToken genericOutboundSecurityToken2 = new GenericOutboundSecurityToken(generateID2, WSSecurityTokenConstants.X509V3Token, publicKey, x509CertificateArr);
            genericOutboundSecurityToken2.addWrappedToken(outboundSecurityToken);
            outboundSecurityToken.setKeyWrappingToken(genericOutboundSecurityToken2);
            outputProcessorChainImpl.getSecurityContext().registerSecurityTokenProvider(generateID2, new SecurityTokenProvider<OutboundSecurityToken>() { // from class: org.apache.wss4j.stax.setup.OutboundWSSec.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
                    return genericOutboundSecurityToken2;
                }

                @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                public String getId() {
                    return generateID2;
                }
            });
            outputProcessorChainImpl.getSecurityContext().put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY, generateID2);
        }
    }

    private void setupKerberosKey(OutputProcessorChainImpl outputProcessorChainImpl, WSSSecurityProperties wSSSecurityProperties, boolean z, boolean z2) throws XMLSecurityException {
        String id;
        GenericOutboundSecurityToken outboundSecurityToken = getOutboundSecurityToken(outputProcessorChainImpl, WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS);
        if (outboundSecurityToken == null) {
            final String generateID = IDGenerator.generateID(null);
            id = generateID;
            final KerberosClientSecurityToken kerberosClientSecurityToken = new KerberosClientSecurityToken(wSSSecurityProperties.getCallbackHandler(), generateID);
            outputProcessorChainImpl.getSecurityContext().registerSecurityTokenProvider(generateID, new SecurityTokenProvider<OutboundSecurityToken>() { // from class: org.apache.wss4j.stax.setup.OutboundWSSec.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
                    return kerberosClientSecurityToken;
                }

                @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                public String getId() {
                    return generateID;
                }
            });
            outputProcessorChainImpl.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS, generateID);
        } else {
            id = outboundSecurityToken.getId();
        }
        if (z) {
            outputProcessorChainImpl.getSecurityContext().put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, id);
        }
        if (z2) {
            outputProcessorChainImpl.getSecurityContext().put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, id);
        }
    }

    private GenericOutboundSecurityToken getOutboundSecurityToken(OutputProcessorChainImpl outputProcessorChainImpl, String str) throws XMLSecurityException {
        SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider;
        String str2 = (String) outputProcessorChainImpl.getSecurityContext().get(str);
        if (str2 == null || (securityTokenProvider = outputProcessorChainImpl.getSecurityContext().getSecurityTokenProvider(str2)) == null) {
            return null;
        }
        return (GenericOutboundSecurityToken) securityTokenProvider.getSecurityToken();
    }

    private X509Certificate getReqSigCert(SecurityContext securityContext) throws XMLSecurityException {
        X509Certificate[] x509Certificates;
        List asList = securityContext.getAsList(SecurityEvent.class);
        if (asList == null) {
            return null;
        }
        for (int i = 0; i < asList.size(); i++) {
            SecurityEvent securityEvent = (SecurityEvent) asList.get(i);
            if (securityEvent instanceof TokenSecurityEvent) {
                TokenSecurityEvent tokenSecurityEvent = (TokenSecurityEvent) securityEvent;
                if (tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE) && (x509Certificates = tokenSecurityEvent.getSecurityToken().getX509Certificates()) != null && x509Certificates.length > 0) {
                    return x509Certificates[0];
                }
            }
        }
        return null;
    }

    private PublicKey getReqSigPublicKey(SecurityContext securityContext) throws XMLSecurityException {
        PublicKey publicKey;
        List asList = securityContext.getAsList(SecurityEvent.class);
        if (asList == null) {
            return null;
        }
        for (int i = 0; i < asList.size(); i++) {
            SecurityEvent securityEvent = (SecurityEvent) asList.get(i);
            if (securityEvent instanceof TokenSecurityEvent) {
                TokenSecurityEvent tokenSecurityEvent = (TokenSecurityEvent) securityEvent;
                if (tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE) && (publicKey = tokenSecurityEvent.getSecurityToken().getPublicKey()) != null) {
                    return publicKey;
                }
            }
        }
        return null;
    }

    private void setDerivedIdentifier(OutputProcessorChainImpl outputProcessorChainImpl, String str) {
        switch (this.securityProperties.getDerivedKeyTokenReference()) {
            case DirectReference:
                outputProcessorChainImpl.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY, str);
                return;
            case EncryptedKey:
                outputProcessorChainImpl.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY, (String) outputProcessorChainImpl.getSecurityContext().get(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION));
                outputProcessorChainImpl.getSecurityContext().put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY, str);
                return;
            case SecurityContextToken:
                outputProcessorChainImpl.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN, str);
                return;
            default:
                return;
        }
    }

    private ConfiguredAction configureActions(OutputProcessorChainImpl outputProcessorChainImpl) throws XMLSecurityException {
        ConfiguredAction configuredAction = new ConfiguredAction();
        boolean z = false;
        if (this.securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
            Iterator<XMLSecurityConstants.Action> it = this.securityProperties.getActions().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                XMLSecurityConstants.Action next = it.next();
                if (!WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(next)) {
                    if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(next)) {
                        z = false;
                        break;
                    }
                } else {
                    z = true;
                }
            }
        }
        for (XMLSecurityConstants.Action action : this.securityProperties.getActions()) {
            if (WSSConstants.TIMESTAMP.equals(action)) {
                initializeOutputProcessor(outputProcessorChainImpl, new TimestampOutputProcessor(), action);
            } else if (WSSConstants.SIGNATURE.equals(action)) {
                configuredAction.signatureAction = true;
                initializeOutputProcessor(outputProcessorChainImpl, new BinarySecurityTokenOutputProcessor(), action);
                initializeOutputProcessor(outputProcessorChainImpl, new WSSSignatureOutputProcessor(), action);
            } else if (WSSConstants.ENCRYPT.equals(action)) {
                configuredAction.encryptionAction = true;
                EncryptedKeyOutputProcessor encryptedKeyOutputProcessor = null;
                if (this.securityProperties.isEncryptSymmetricEncryptionKey()) {
                    initializeOutputProcessor(outputProcessorChainImpl, new BinarySecurityTokenOutputProcessor(), action);
                    encryptedKeyOutputProcessor = new EncryptedKeyOutputProcessor();
                    initializeOutputProcessor(outputProcessorChainImpl, encryptedKeyOutputProcessor, action);
                }
                initializeOutputProcessor(outputProcessorChainImpl, new EncryptOutputProcessor(), action);
                if (encryptedKeyOutputProcessor == null) {
                    ReferenceListOutputProcessor referenceListOutputProcessor = new ReferenceListOutputProcessor();
                    referenceListOutputProcessor.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
                    initializeOutputProcessor(outputProcessorChainImpl, referenceListOutputProcessor, action);
                }
            } else if (WSSConstants.USERNAMETOKEN.equals(action)) {
                initializeOutputProcessor(outputProcessorChainImpl, new UsernameTokenOutputProcessor(), action);
            } else if (WSSConstants.USERNAMETOKEN_SIGNED.equals(action)) {
                initializeOutputProcessor(outputProcessorChainImpl, new UsernameTokenOutputProcessor(), action);
                initializeOutputProcessor(outputProcessorChainImpl, new WSSSignatureOutputProcessor(), action);
            } else if (WSSConstants.SIGNATURE_CONFIRMATION.equals(action)) {
                initializeOutputProcessor(outputProcessorChainImpl, new SignatureConfirmationOutputProcessor(), action);
            } else if (WSSConstants.SIGNATURE_WITH_DERIVED_KEY.equals(action)) {
                if (this.securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
                    if (z) {
                        initializeOutputProcessor(outputProcessorChainImpl, new EncryptedKeyOutputProcessor(), action);
                    }
                    configuredAction.encryptionAction = true;
                    configuredAction.derivedEncryption = true;
                } else if (this.securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.SecurityContextToken) {
                    initializeOutputProcessor(outputProcessorChainImpl, new SecurityContextTokenOutputProcessor(), action);
                    configuredAction.signatureAction = true;
                    configuredAction.derivedSignature = true;
                } else {
                    configuredAction.signatureAction = true;
                    configuredAction.derivedSignature = true;
                }
                initializeOutputProcessor(outputProcessorChainImpl, new DerivedKeyTokenOutputProcessor(), action);
                initializeOutputProcessor(outputProcessorChainImpl, new WSSSignatureOutputProcessor(), action);
            } else if (WSSConstants.ENCRYPT_WITH_DERIVED_KEY.equals(action)) {
                configuredAction.encryptionAction = true;
                configuredAction.derivedEncryption = true;
                EncryptedKeyOutputProcessor encryptedKeyOutputProcessor2 = null;
                if (this.securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
                    encryptedKeyOutputProcessor2 = new EncryptedKeyOutputProcessor();
                    initializeOutputProcessor(outputProcessorChainImpl, encryptedKeyOutputProcessor2, action);
                } else if (this.securityProperties.getDerivedKeyTokenReference() == WSSConstants.DerivedKeyTokenReference.SecurityContextToken) {
                    initializeOutputProcessor(outputProcessorChainImpl, new SecurityContextTokenOutputProcessor(), action);
                }
                initializeOutputProcessor(outputProcessorChainImpl, new DerivedKeyTokenOutputProcessor(), action);
                initializeOutputProcessor(outputProcessorChainImpl, new EncryptOutputProcessor(), action);
                if (encryptedKeyOutputProcessor2 == null) {
                    ReferenceListOutputProcessor referenceListOutputProcessor2 = new ReferenceListOutputProcessor();
                    referenceListOutputProcessor2.addAfterProcessor(EncryptEndingOutputProcessor.class.getName());
                    initializeOutputProcessor(outputProcessorChainImpl, referenceListOutputProcessor2, action);
                }
            } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)) {
                configuredAction.signatureAction = true;
                configuredAction.signedSAML = true;
                initializeOutputProcessor(outputProcessorChainImpl, new BinarySecurityTokenOutputProcessor(), action);
                initializeOutputProcessor(outputProcessorChainImpl, new SAMLTokenOutputProcessor(), action);
                initializeOutputProcessor(outputProcessorChainImpl, new WSSSignatureOutputProcessor(), action);
            } else if (WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
                initializeOutputProcessor(outputProcessorChainImpl, new SAMLTokenOutputProcessor(), action);
            } else if (WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN.equals(action)) {
                configuredAction.kerberos = true;
                configuredAction.signatureKerberos = true;
                initializeOutputProcessor(outputProcessorChainImpl, new BinarySecurityTokenOutputProcessor(), action);
                initializeOutputProcessor(outputProcessorChainImpl, new WSSSignatureOutputProcessor(), action);
            } else if (WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN.equals(action)) {
                configuredAction.kerberos = true;
                configuredAction.encryptionKerberos = true;
                initializeOutputProcessor(outputProcessorChainImpl, new BinarySecurityTokenOutputProcessor(), action);
                initializeOutputProcessor(outputProcessorChainImpl, new EncryptOutputProcessor(), action);
            } else if (WSSConstants.KERBEROS_TOKEN.equals(action)) {
                configuredAction.kerberos = true;
                initializeOutputProcessor(outputProcessorChainImpl, new BinarySecurityTokenOutputProcessor(), action);
            } else if (WSSConstants.CUSTOM_TOKEN.equals(action)) {
                initializeOutputProcessor(outputProcessorChainImpl, new CustomTokenOutputProcessor(), action);
            }
        }
        return configuredAction;
    }
}
