package org.apache.cxf.rs.security.jose.jaxrs;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Set;
import java.util.logging.Logger;
import java.util.zip.DeflaterOutputStream;
import javax.annotation.Priority;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.ext.WriterInterceptor;
import javax.ws.rs.ext.WriterInterceptorContext;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwe.JweCompactBuilder;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionInput;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionOutput;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweException;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweOutputStream;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;

@Priority(1001)
/* loaded from: input_file:org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.class */
public class JweWriterInterceptor implements WriterInterceptor {
    protected static final Logger LOG = LogUtils.getL7dLogger(JweWriterInterceptor.class);
    private Set<String> protectedHttpHeaders;
    private boolean protectHttpHeaders;
    private JweEncryptionProvider encryptionProvider;
    private boolean contentTypeRequired = true;
    private boolean useJweOutputStream;

    public void aroundWriteTo(WriterInterceptorContext writerInterceptorContext) throws IOException, WebApplicationException {
        if (writerInterceptorContext.getEntity() == null) {
            writerInterceptorContext.proceed();
            return;
        }
        OutputStream outputStream = writerInterceptorContext.getOutputStream();
        JweHeaders jweHeaders = new JweHeaders();
        JweEncryptionProvider initializedEncryptionProvider = getInitializedEncryptionProvider(jweHeaders);
        String str = null;
        MediaType mediaType = writerInterceptorContext.getMediaType();
        if (this.contentTypeRequired && mediaType != null) {
            str = "application".equals(mediaType.getType()) ? mediaType.getSubtype() : JAXRSUtils.mediaTypeToString(mediaType, new String[0]);
        }
        if (str != null) {
            jweHeaders.setContentType(str);
        }
        protectHttpHeadersIfNeeded(writerInterceptorContext, jweHeaders);
        if (!this.useJweOutputStream) {
            CachedOutputStream cachedOutputStream = new CachedOutputStream();
            writerInterceptorContext.setOutputStream(cachedOutputStream);
            writerInterceptorContext.proceed();
            String encrypt = initializedEncryptionProvider.encrypt(cachedOutputStream.getBytes(), jweHeaders);
            JoseUtils.traceHeaders(jweHeaders);
            setJoseMediaType(writerInterceptorContext);
            IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(encrypt)), outputStream);
            outputStream.flush();
            return;
        }
        JweEncryptionOutput encryptionOutput = initializedEncryptionProvider.getEncryptionOutput(new JweEncryptionInput(jweHeaders));
        JoseUtils.traceHeaders(encryptionOutput.getHeaders());
        try {
            JweCompactBuilder.startJweContent(outputStream, encryptionOutput.getHeaders(), encryptionOutput.getEncryptedContentEncryptionKey(), encryptionOutput.getIv());
            DeflaterOutputStream jweOutputStream = new JweOutputStream(outputStream, encryptionOutput.getCipher(), encryptionOutput.getAuthTagProducer());
            writerInterceptorContext.setOutputStream(encryptionOutput.isCompressionSupported() ? new DeflaterOutputStream(jweOutputStream) : jweOutputStream);
            writerInterceptorContext.proceed();
            setJoseMediaType(writerInterceptorContext);
            jweOutputStream.finalFlush();
        } catch (IOException e) {
            LOG.warning("JWE encryption error");
            throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE, e);
        }
    }

    private void setJoseMediaType(WriterInterceptorContext writerInterceptorContext) {
        writerInterceptorContext.setMediaType(JAXRSUtils.toMediaType("application/jose"));
    }

    protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders jweHeaders) {
        return this.encryptionProvider != null ? this.encryptionProvider : JweUtils.loadEncryptionProvider(jweHeaders, true);
    }

    public void setUseJweOutputStream(boolean z) {
        this.useJweOutputStream = z;
    }

    public void setEncryptionProvider(JweEncryptionProvider jweEncryptionProvider) {
        this.encryptionProvider = jweEncryptionProvider;
    }

    protected void protectHttpHeadersIfNeeded(WriterInterceptorContext writerInterceptorContext, JweHeaders jweHeaders) {
        if (this.protectHttpHeaders) {
            JoseJaxrsUtils.protectHttpHeaders(writerInterceptorContext.getHeaders(), jweHeaders, this.protectedHttpHeaders);
        }
    }

    public void setProtectHttpHeaders(boolean z) {
        this.protectHttpHeaders = z;
    }

    public void setProtectedHttpHeaders(Set<String> set) {
        this.protectedHttpHeaders = set;
    }
}
