package org.apache.cxf.rs.security.jose.jaxrs;

import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.Priority;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.ext.WriterInterceptor;
import javax.ws.rs.ext.WriterInterceptorContext;
import org.apache.cxf.common.util.Base64UrlOutputStream;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.common.JoseHeaders;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsOutputStream;
import org.apache.cxf.rs.security.jose.jws.JwsSignature;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;

@Priority(1002)
/* loaded from: input_file:lib/cxf-rt-rs-security-jose-jaxrs-3.1.18.jar:org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.class */
public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements WriterInterceptor {
    private static final Set<String> DEFAULT_PROTECTED_HTTP_HEADERS = new HashSet(Arrays.asList("Content-Type", "Accept"));
    private boolean protectHttpHeaders;
    private boolean useJwsOutputStream;
    private Set<String> protectedHttpHeaders = DEFAULT_PROTECTED_HTTP_HEADERS;
    private boolean contentTypeRequired = true;
    private boolean encodePayload = true;
    private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();

    @Override // javax.ws.rs.ext.WriterInterceptor
    public void aroundWriteTo(WriterInterceptorContext writerInterceptorContext) throws IOException, WebApplicationException {
        if (writerInterceptorContext.getEntity() == null) {
            writerInterceptorContext.proceed();
            return;
        }
        JwsHeaders jwsHeaders = new JwsHeaders();
        JwsSignatureProvider initializedSigProvider = getInitializedSigProvider(jwsHeaders);
        setContentTypeIfNeeded(jwsHeaders, writerInterceptorContext);
        if (!this.encodePayload) {
            jwsHeaders.setPayloadEncodingStatus(false);
        }
        protectHttpHeadersIfNeeded(writerInterceptorContext, jwsHeaders);
        OutputStream outputStream = writerInterceptorContext.getOutputStream();
        if (!this.useJwsOutputStream) {
            CachedOutputStream cachedOutputStream = new CachedOutputStream();
            writerInterceptorContext.setOutputStream(cachedOutputStream);
            writerInterceptorContext.proceed();
            JwsCompactProducer jwsCompactProducer = new JwsCompactProducer(jwsHeaders, new String(cachedOutputStream.getBytes(), StandardCharsets.UTF_8));
            setJoseMediaType(writerInterceptorContext);
            writeJws(jwsCompactProducer, initializedSigProvider, outputStream);
            return;
        }
        JwsSignature createJwsSignature = initializedSigProvider.createJwsSignature(jwsHeaders);
        JoseUtils.traceHeaders(jwsHeaders);
        JwsOutputStream jwsOutputStream = new JwsOutputStream(outputStream, createJwsSignature, true);
        byte[] bytesUTF8 = StringUtils.toBytesUTF8(this.writer.toJson(jwsHeaders));
        Base64UrlUtility.encodeAndStream(bytesUTF8, 0, bytesUTF8.length, jwsOutputStream);
        jwsOutputStream.write(new byte[]{46});
        Base64UrlOutputStream base64UrlOutputStream = null;
        if (this.encodePayload) {
            base64UrlOutputStream = new Base64UrlOutputStream(jwsOutputStream);
            writerInterceptorContext.setOutputStream(base64UrlOutputStream);
        } else {
            writerInterceptorContext.setOutputStream(jwsOutputStream);
        }
        writerInterceptorContext.proceed();
        setJoseMediaType(writerInterceptorContext);
        if (base64UrlOutputStream != null) {
            base64UrlOutputStream.flush();
        }
        jwsOutputStream.flush();
    }

    public void setContentTypeRequired(boolean z) {
        this.contentTypeRequired = z;
    }

    public void setUseJwsOutputStream(boolean z) {
        this.useJwsOutputStream = z;
    }

    private void setContentTypeIfNeeded(JoseHeaders joseHeaders, WriterInterceptorContext writerInterceptorContext) {
        MediaType mediaType;
        if (!this.contentTypeRequired || (mediaType = writerInterceptorContext.getMediaType()) == null || JAXRSUtils.mediaTypeToString(mediaType, new String[0]).equals(JoseConstants.MEDIA_TYPE_JOSE)) {
            return;
        }
        if ("application".equals(mediaType.getType())) {
            joseHeaders.setContentType(mediaType.getSubtype());
        } else {
            joseHeaders.setContentType(JAXRSUtils.mediaTypeToString(mediaType, new String[0]));
        }
    }

    private void setJoseMediaType(WriterInterceptorContext writerInterceptorContext) {
        writerInterceptorContext.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE));
    }

    public void setEncodePayload(boolean z) {
        this.encodePayload = z;
    }

    protected void protectHttpHeadersIfNeeded(WriterInterceptorContext writerInterceptorContext, JwsHeaders jwsHeaders) {
        if (this.protectHttpHeaders) {
            JoseJaxrsUtils.protectHttpHeaders(writerInterceptorContext.getHeaders(), jwsHeaders, this.protectedHttpHeaders);
        }
    }

    public void setProtectHttpHeaders(boolean z) {
        this.protectHttpHeaders = z;
    }

    public void setProtectedHttpHeaders(Set<String> set) {
        this.protectedHttpHeaders = set;
    }
}
