package io.cloudsoft.winrm4j.client.encryption;

import io.cloudsoft.winrm4j.client.PayloadEncryptionMode;
import io.cloudsoft.winrm4j.client.ntlm.NTCredentialsWithEncryption;
import java.io.IOException;
import java.io.OutputStream;
import org.apache.commons.io.output.NullOutputStream;
import org.apache.cxf.interceptor.StaxOutInterceptor;
import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.http.auth.Credentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/cloudsoft/winrm4j/client/encryption/SignAndEncryptOutInterceptor.class */
public class SignAndEncryptOutInterceptor extends AbstractPhaseInterceptor<Message> {
    private static final Logger LOG = LoggerFactory.getLogger(SignAndEncryptOutInterceptor.class);
    public static final String APPLIED = SignAndEncryptOutInterceptor.class.getSimpleName() + ".APPLIED";
    private final PayloadEncryptionMode payloadEncryptionMode;

    /* loaded from: input_file:io/cloudsoft/winrm4j/client/encryption/SignAndEncryptOutInterceptor$ContentWithType.class */
    public static class ContentWithType {
        public String contentType;
        public String encoding;
        public byte[] payload;

        static ContentWithType of(Message message, byte[] bArr) {
            return of((String) message.get("Content-Type"), (String) message.get(Message.ENCODING), bArr);
        }

        static ContentWithType of(String str, String str2, byte[] bArr) {
            ContentWithType contentWithType = new ContentWithType();
            contentWithType.contentType = str;
            contentWithType.encoding = str2;
            contentWithType.payload = bArr;
            return contentWithType;
        }

        public ContentWithType with(byte[] bArr) {
            return of(this.contentType, this.encoding, bArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/cloudsoft/winrm4j/client/encryption/SignAndEncryptOutInterceptor$EncryptAndSignOutputStream.class */
    public class EncryptAndSignOutputStream extends CachedOutputStream {
        final Message message;
        OutputStream wrapped;
        NTCredentialsWithEncryption credentials;
        ContentWithType unencryptedResult = null;
        ContentWithType encrypted = null;
        final CachedOutputStream unencrypted = new CachedOutputStream();

        public EncryptAndSignOutputStream(Message message, OutputStream outputStream) {
            this.message = message;
            this.wrapped = outputStream;
            Object obj = message.get(Credentials.class.getName());
            if (obj instanceof NTCredentialsWithEncryption) {
                this.credentials = (NTCredentialsWithEncryption) obj;
            }
        }

        public void resetOut(OutputStream outputStream, boolean z) throws IOException {
            super.resetOut(outputStream, z);
        }

        public void close() throws IOException {
            SignAndEncryptOutInterceptor.LOG.trace("Closing stream {}", this.wrapped);
            super.close();
            this.unencrypted.write(getBytes());
            this.currentStream = new NullOutputStream();
            if (this.wrapped == null) {
                SignAndEncryptOutInterceptor.LOG.warn("No stream for writing encrypted message to");
            } else {
                processAndShip(this.wrapped);
                this.wrapped.close();
            }
        }

        protected synchronized ContentWithType getEncrypted() {
            try {
                if (this.encrypted == null) {
                    this.encrypted = ContentWithType.of(this.message, new NtlmEncryptionUtils(this.credentials, SignAndEncryptOutInterceptor.this.payloadEncryptionMode).encryptAndSign(this.message, this.unencrypted.getBytes()));
                }
                return this.encrypted;
            } catch (IOException e) {
                throw new IllegalStateException(e);
            }
        }

        protected byte[] getUnencrypted() {
            try {
                return this.unencrypted.getBytes();
            } catch (IOException e) {
                throw new IllegalStateException(e);
            }
        }

        public synchronized ContentWithType getAppropriate() {
            return getAppropriate(false);
        }

        public synchronized ContentWithType getAppropriate(boolean z) {
            if (this.unencryptedResult == null) {
                this.unencryptedResult = ContentWithType.of(this.message, null);
            }
            if (SignAndEncryptOutInterceptor.this.payloadEncryptionMode.isPermitted() && this.credentials != null && this.credentials.isAuthenticated()) {
                return getEncrypted();
            }
            if (this.encrypted != null) {
                this.encrypted = null;
                SignAndEncryptOutInterceptor.LOG.debug("Clearing previously encrypted message becasue credentials no longer authenticated");
            }
            if (SignAndEncryptOutInterceptor.this.payloadEncryptionMode.isRequired() && this.credentials == null) {
                throw new IllegalStateException("Encryption required but unavailable");
            }
            return (this.credentials == null || this.credentials.isAuthenticated()) ? this.unencryptedResult.with(getUnencrypted()) : this.unencryptedResult.with(AsyncHttpEncryptionAwareConduit.PRE_AUTH_BOGUS_PAYLOAD);
        }

        protected void processAndShip(OutputStream outputStream) throws IOException {
            outputStream.write(getAppropriate(true).payload);
            outputStream.close();
        }
    }

    public SignAndEncryptOutInterceptor(PayloadEncryptionMode payloadEncryptionMode) {
        super("pre-stream");
        addBefore(StaxOutInterceptor.class.getName());
        this.payloadEncryptionMode = payloadEncryptionMode;
    }

    public void handleMessage(Message message) {
        if (message.containsKey(APPLIED)) {
            return;
        }
        message.put(APPLIED, Boolean.TRUE);
        EncryptAndSignOutputStream encryptAndSignOutputStream = new EncryptAndSignOutputStream(message, (OutputStream) message.getContent(OutputStream.class));
        message.setContent(OutputStream.class, encryptAndSignOutputStream);
        message.setContent(EncryptAndSignOutputStream.class, encryptAndSignOutputStream);
    }
}
