package org.apache.xml.security.stax.impl.processor.output;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Deque;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.SignaturePartDef;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
import org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;

/* loaded from: input_file:WEB-INF/lib/xmlsec-3.0.5.jar:org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.class */
public class XMLSignatureEndingOutputProcessor extends AbstractSignatureEndingOutputProcessor {
    private AbstractSignatureEndingOutputProcessor.SignedInfoProcessor signedInfoProcessor;

    public XMLSignatureEndingOutputProcessor(XMLSignatureOutputProcessor xMLSignatureOutputProcessor) throws XMLSecurityException {
        super(xMLSignatureOutputProcessor);
        addAfterProcessor(XMLSignatureOutputProcessor.class);
    }

    @Override // org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor
    protected AbstractSignatureEndingOutputProcessor.SignedInfoProcessor newSignedInfoProcessor(SignatureAlgorithm signatureAlgorithm, String str, XMLSecStartElement xMLSecStartElement, OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
        this.signedInfoProcessor = new AbstractSignatureEndingOutputProcessor.SignedInfoProcessor(signatureAlgorithm, str, xMLSecStartElement);
        this.signedInfoProcessor.setXMLSecurityProperties(getSecurityProperties());
        this.signedInfoProcessor.setAction(getAction(), getActionOrder());
        this.signedInfoProcessor.addAfterProcessor(XMLSignatureEndingOutputProcessor.class);
        this.signedInfoProcessor.init(outputProcessorChain);
        return this.signedInfoProcessor;
    }

    @Override // org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor, org.apache.xml.security.stax.ext.AbstractBufferingOutputProcessor
    public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
        super.processHeaderEvent(outputProcessorChain);
        SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
        signatureValueSecurityEvent.setSignatureValue(this.signedInfoProcessor.getSignatureValue());
        signatureValueSecurityEvent.setCorrelationID(this.signedInfoProcessor.getSignatureId());
        outputProcessorChain.getSecurityContext().registerSecurityEvent(signatureValueSecurityEvent);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.xml.security.stax.ext.AbstractBufferingOutputProcessor
    public void flushBufferAndCallbackAfterHeader(OutputProcessorChain outputProcessorChain, Deque<XMLSecEvent> deque) throws XMLStreamException, XMLSecurityException {
        XMLSecEvent xMLSecEvent;
        XMLSecEvent pop = deque.pop();
        while (true) {
            xMLSecEvent = pop;
            if (xMLSecEvent.isStartElement()) {
                break;
            }
            outputProcessorChain.reset();
            outputProcessorChain.processEvent(xMLSecEvent);
            pop = deque.pop();
        }
        outputProcessorChain.reset();
        outputProcessorChain.processEvent(xMLSecEvent);
        int i = 0;
        QName signaturePositionQName = getSecurityProperties().getSignaturePositionQName();
        boolean isSignaturePositionStart = getSecurityProperties().isSignaturePositionStart();
        if (signaturePositionQName == null) {
            int signaturePosition = getSecurityProperties().getSignaturePosition();
            if (signaturePosition < 0) {
                signaturePosition = 0;
            }
            int i2 = 0;
            while (true) {
                if (i2 == signaturePosition) {
                    break;
                }
                XMLSecEvent pop2 = deque.pop();
                if (pop2.isStartElement()) {
                    i++;
                } else if (pop2.isEndElement()) {
                    i--;
                    if (i == 0) {
                        i2++;
                    } else if (i < 0) {
                        deque.push(pop2);
                        break;
                    }
                } else {
                    continue;
                }
                outputProcessorChain.reset();
                outputProcessorChain.processEvent(pop2);
            }
        } else {
            while (true) {
                if (deque.isEmpty() || ((isSignaturePositionStart && xMLSecEvent.isStartElement() && xMLSecEvent.mo3261asStartElement().getName().equals(signaturePositionQName)) || (!isSignaturePositionStart && xMLSecEvent.isEndElement() && xMLSecEvent.mo3260asEndElement().getName().equals(signaturePositionQName)))) {
                    break;
                }
                xMLSecEvent = deque.pop();
                if (xMLSecEvent.isStartElement()) {
                    i++;
                } else if (xMLSecEvent.isEndElement()) {
                    i--;
                    if (i < 0) {
                        deque.push(xMLSecEvent);
                        break;
                    }
                } else {
                    continue;
                }
                outputProcessorChain.reset();
                outputProcessorChain.processEvent(xMLSecEvent);
            }
        }
        super.flushBufferAndCallbackAfterHeader(outputProcessorChain, deque);
    }

    @Override // org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor
    protected void createKeyInfoStructureForSignature(OutputProcessorChain outputProcessorChain, OutboundSecurityToken outboundSecurityToken, boolean z) throws XMLStreamException, XMLSecurityException {
        X509Certificate[] x509Certificates = outboundSecurityToken.getX509Certificates();
        if (x509Certificates == null) {
            if (outboundSecurityToken.getPublicKey() != null) {
                XMLSecurityUtils.createKeyValueTokenStructure(this, outputProcessorChain, outboundSecurityToken.getPublicKey());
                return;
            }
            return;
        }
        if (getSecurityProperties().getSignatureKeyIdentifiers().isEmpty()) {
            XMLSecurityUtils.createX509IssuerSerialStructure(this, outputProcessorChain, x509Certificates);
            return;
        }
        List<SecurityTokenConstants.KeyIdentifier> signatureKeyIdentifiers = getSecurityProperties().getSignatureKeyIdentifiers();
        if (signatureKeyIdentifiers.remove(SecurityTokenConstants.KeyIdentifier_KeyName)) {
            XMLSecurityUtils.createKeyNameTokenStructure(this, outputProcessorChain, getSecurityProperties().getSignatureKeyName());
        }
        if (signatureKeyIdentifiers.remove(SecurityTokenConstants.KeyIdentifier_KeyValue)) {
            XMLSecurityUtils.createKeyValueTokenStructure(this, outputProcessorChain, x509Certificates);
        }
        if (signatureKeyIdentifiers.isEmpty()) {
            return;
        }
        createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509Data, true, (List<XMLSecAttribute>) null);
        for (SecurityTokenConstants.KeyIdentifier keyIdentifier : signatureKeyIdentifiers) {
            if (SecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier)) {
                XMLSecurityUtils.createX509IssuerSerialStructure(this, outputProcessorChain, x509Certificates, false);
            } else if (SecurityTokenConstants.KeyIdentifier_SkiKeyIdentifier.equals(keyIdentifier)) {
                XMLSecurityUtils.createX509SubjectKeyIdentifierStructure(this, outputProcessorChain, x509Certificates, false);
            } else if (SecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(keyIdentifier)) {
                XMLSecurityUtils.createX509CertificateStructure(this, outputProcessorChain, x509Certificates, false);
            } else if (SecurityTokenConstants.KeyIdentifier_X509SubjectName.equals(keyIdentifier)) {
                XMLSecurityUtils.createX509SubjectNameStructure(this, outputProcessorChain, x509Certificates, false);
            } else if (!SecurityTokenConstants.KeyIdentifier_KeyName.equals(keyIdentifier) && !SecurityTokenConstants.KeyIdentifier_KeyValue.equals(keyIdentifier)) {
                throw new XMLSecurityException("stax.unsupportedToken", new Object[]{keyIdentifier});
            }
        }
        createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_X509Data);
    }

    @Override // org.apache.xml.security.stax.impl.processor.output.AbstractSignatureEndingOutputProcessor
    protected void createTransformsStructureForSignature(OutputProcessorChain outputProcessorChain, SignaturePartDef signaturePartDef) throws XMLStreamException, XMLSecurityException {
        if (signaturePartDef.getTransforms() != null) {
            createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms, false, (List<XMLSecAttribute>) null);
            for (String str : signaturePartDef.getTransforms()) {
                if (shouldIncludeTransform(str)) {
                    ArrayList arrayList = new ArrayList(1);
                    arrayList.add(createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, str));
                    createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform, false, (List<XMLSecAttribute>) arrayList);
                    if (getSecurityProperties().isAddExcC14NInclusivePrefixes()) {
                        ArrayList arrayList2 = new ArrayList(1);
                        arrayList2.add(createAttribute(XMLSecurityConstants.ATT_NULL_PrefixList, signaturePartDef.getInclusiveNamespacesPrefixes()));
                        createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces, true, (List<XMLSecAttribute>) arrayList2);
                        createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
                    }
                    createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform);
                }
            }
            createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms);
        }
    }

    private boolean shouldIncludeTransform(String str) {
        boolean z = true;
        if (!this.securityProperties.isSignatureIncludeDigestTransform() && !str.equals("http://www.w3.org/2000/09/xmldsig#enveloped-signature")) {
            z = false;
        }
        return z;
    }
}
