package org.keycloak.broker.saml;

import java.io.StringWriter;
import java.net.URI;
import java.security.KeyPair;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import javax.xml.parsers.ParserConfigurationException;
import org.jboss.logging.Logger;
import org.keycloak.broker.provider.AbstractIdentityProvider;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.IdentityProviderDataMarshaller;
import org.keycloak.broker.provider.IdentityProviderMapper;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.util.PemUtils;
import org.keycloak.crypto.KeyStatus;
import org.keycloak.crypto.KeyUse;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.assertion.SubjectType;
import org.keycloak.dom.saml.v2.metadata.AttributeConsumingServiceType;
import org.keycloak.dom.saml.v2.metadata.EntityDescriptorType;
import org.keycloak.dom.saml.v2.metadata.LocalizedNameType;
import org.keycloak.dom.saml.v2.protocol.AuthnRequestType;
import org.keycloak.dom.saml.v2.protocol.LogoutRequestType;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.KeyManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.saml.JaxrsSAML2BindingBuilder;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.protocol.saml.SamlService;
import org.keycloak.protocol.saml.SamlSessionUtils;
import org.keycloak.protocol.saml.mappers.SamlMetadataDescriptorUpdater;
import org.keycloak.protocol.saml.preprocessor.SamlAuthenticationPreprocessor;
import org.keycloak.saml.SAML2AuthnRequestBuilder;
import org.keycloak.saml.SAML2LogoutRequestBuilder;
import org.keycloak.saml.SAML2NameIDPolicyBuilder;
import org.keycloak.saml.SAML2RequestedAuthnContextBuilder;
import org.keycloak.saml.SPMetadataDescriptor;
import org.keycloak.saml.SamlProtocolExtensionsAwareBuilder;
import org.keycloak.saml.SignatureAlgorithm;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.common.util.StaxUtil;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.saml.processing.api.saml.v2.sig.SAML2Signature;
import org.keycloak.saml.processing.core.saml.v2.writers.SAMLMetadataWriter;
import org.keycloak.saml.processing.core.util.KeycloakKeySamlExtensionGenerator;
import org.keycloak.saml.validators.DestinationValidator;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.util.JsonSerialization;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/keycloak/broker/saml/SAMLIdentityProvider.class */
public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityProviderConfig> {
    protected static final Logger logger = Logger.getLogger(SAMLIdentityProvider.class);
    private final DestinationValidator destinationValidator;

    public SAMLIdentityProvider(KeycloakSession keycloakSession, SAMLIdentityProviderConfig sAMLIdentityProviderConfig, DestinationValidator destinationValidator) {
        super(keycloakSession, sAMLIdentityProviderConfig);
        this.destinationValidator = destinationValidator;
    }

    public Object callback(RealmModel realmModel, IdentityProvider.AuthenticationCallback authenticationCallback, EventBuilder eventBuilder) {
        return new SAMLEndpoint(realmModel, this, (SAMLIdentityProviderConfig) getConfig(), authenticationCallback, this.destinationValidator);
    }

    public Response performLogin(AuthenticationRequest authenticationRequest) {
        try {
            UriInfo uriInfo = authenticationRequest.getUriInfo();
            RealmModel realm = authenticationRequest.getRealm();
            String entityId = getEntityId(uriInfo, realm);
            String singleSignOnServiceUrl = ((SAMLIdentityProviderConfig) getConfig()).getSingleSignOnServiceUrl();
            String nameIDPolicyFormat = ((SAMLIdentityProviderConfig) getConfig()).getNameIDPolicyFormat();
            if (nameIDPolicyFormat == null) {
                nameIDPolicyFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
            }
            String str = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
            String redirectUri = authenticationRequest.getRedirectUri();
            if (((SAMLIdentityProviderConfig) getConfig()).isPostBindingResponse()) {
                str = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
            }
            SAML2RequestedAuthnContextBuilder comparison = new SAML2RequestedAuthnContextBuilder().setComparison(((SAMLIdentityProviderConfig) getConfig()).getAuthnContextComparisonType());
            Iterator<String> it = getAuthnContextClassRefUris().iterator();
            while (it.hasNext()) {
                comparison.addAuthnContextClassRef(it.next());
            }
            Iterator<String> it2 = getAuthnContextDeclRefUris().iterator();
            while (it2.hasNext()) {
                comparison.addAuthnContextDeclRef(it2.next());
            }
            Integer attributeConsumingServiceIndex = ((SAMLIdentityProviderConfig) getConfig()).getAttributeConsumingServiceIndex();
            String clientNote = ((SAMLIdentityProviderConfig) getConfig()).isLoginHint() ? authenticationRequest.getAuthenticationSession().getClientNote("login_hint") : null;
            Boolean bool = null;
            if (((SAMLIdentityProviderConfig) getConfig()).getConfig().get(SAMLIdentityProviderConfig.ALLOW_CREATE) == null || ((SAMLIdentityProviderConfig) getConfig()).isAllowCreate()) {
                bool = Boolean.TRUE;
            }
            SAML2AuthnRequestBuilder subject = new SAML2AuthnRequestBuilder().assertionConsumerUrl(redirectUri).destination(singleSignOnServiceUrl).issuer(entityId).forceAuthn(((SAMLIdentityProviderConfig) getConfig()).isForceAuthn()).protocolBinding(str).nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat).setAllowCreate(bool)).attributeConsumingServiceIndex(attributeConsumingServiceIndex).requestedAuthnContext(comparison).subject(clientNote);
            JaxrsSAML2BindingBuilder jaxrsSAML2BindingBuilder = (JaxrsSAML2BindingBuilder) new JaxrsSAML2BindingBuilder(this.session).relayState(authenticationRequest.getState().getEncoded());
            boolean isPostBindingAuthnRequest = ((SAMLIdentityProviderConfig) getConfig()).isPostBindingAuthnRequest();
            if (((SAMLIdentityProviderConfig) getConfig()).isWantAuthnRequestsSigned()) {
                KeyManager.ActiveRsaKey activeRsaKey = this.session.keys().getActiveRsaKey(realm);
                String keyName = ((SAMLIdentityProviderConfig) getConfig()).getXmlSigKeyInfoKeyNameTransformer().getKeyName(activeRsaKey.getKid(), activeRsaKey.getCertificate());
                ((JaxrsSAML2BindingBuilder) ((JaxrsSAML2BindingBuilder) jaxrsSAML2BindingBuilder.signWith(keyName, activeRsaKey.getPrivateKey(), activeRsaKey.getPublicKey(), activeRsaKey.getCertificate())).signatureAlgorithm(getSignatureAlgorithm())).signDocument();
                if (!isPostBindingAuthnRequest && ((SAMLIdentityProviderConfig) getConfig()).isAddExtensionsElementWithKeyInfo()) {
                    subject.addExtension(new KeycloakKeySamlExtensionGenerator(keyName));
                }
            }
            AuthnRequestType createAuthnRequest = subject.createAuthnRequest();
            Iterator<SamlAuthenticationPreprocessor> samlAuthenticationPreprocessorIterator = SamlSessionUtils.getSamlAuthenticationPreprocessorIterator(this.session);
            while (samlAuthenticationPreprocessorIterator.hasNext()) {
                createAuthnRequest = samlAuthenticationPreprocessorIterator.next().beforeSendingLoginRequest(createAuthnRequest, authenticationRequest.getAuthenticationSession());
            }
            if (createAuthnRequest.getDestination() != null) {
                singleSignOnServiceUrl = createAuthnRequest.getDestination().toString();
            }
            authenticationRequest.getAuthenticationSession().setClientNote(SamlProtocol.SAML_REQUEST_ID_BROKER, createAuthnRequest.getID());
            return isPostBindingAuthnRequest ? jaxrsSAML2BindingBuilder.m429postBinding(subject.toDocument()).request(singleSignOnServiceUrl) : jaxrsSAML2BindingBuilder.m430redirectBinding(subject.toDocument()).request(singleSignOnServiceUrl);
        } catch (Exception e) {
            throw new IdentityBrokerException("Could not create authentication request.", e);
        }
    }

    private String getEntityId(UriInfo uriInfo, RealmModel realmModel) {
        String entityId = ((SAMLIdentityProviderConfig) getConfig()).getEntityId();
        return (entityId == null || entityId.isEmpty()) ? UriBuilder.fromUri(uriInfo.getBaseUri()).path("realms").path(realmModel.getName()).build(new Object[0]).toString() : entityId;
    }

    private List<String> getAuthnContextClassRefUris() {
        String authnContextClassRefs = ((SAMLIdentityProviderConfig) getConfig()).getAuthnContextClassRefs();
        if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
            return new LinkedList();
        }
        try {
            return Arrays.asList((String[]) JsonSerialization.readValue(authnContextClassRefs, String[].class));
        } catch (Exception e) {
            logger.warn("Could not json-deserialize AuthContextClassRefs config entry: " + authnContextClassRefs, e);
            return new LinkedList();
        }
    }

    private List<String> getAuthnContextDeclRefUris() {
        String authnContextDeclRefs = ((SAMLIdentityProviderConfig) getConfig()).getAuthnContextDeclRefs();
        if (authnContextDeclRefs == null || authnContextDeclRefs.isEmpty()) {
            return new LinkedList();
        }
        try {
            return Arrays.asList((String[]) JsonSerialization.readValue(authnContextDeclRefs, String[].class));
        } catch (Exception e) {
            logger.warn("Could not json-deserialize AuthContextDeclRefs config entry: " + authnContextDeclRefs, e);
            return new LinkedList();
        }
    }

    public void authenticationFinished(AuthenticationSessionModel authenticationSessionModel, BrokeredIdentityContext brokeredIdentityContext) {
        SubjectType.STSubType subType = ((AssertionType) brokeredIdentityContext.getContextData().get(SAMLEndpoint.SAML_ASSERTION)).getSubject().getSubType();
        if (subType != null) {
            authenticationSessionModel.setUserSessionNote(SAMLEndpoint.SAML_FEDERATED_SUBJECT_NAMEID, subType.getBaseID().serializeAsString());
        }
        AuthnStatementType authnStatementType = (AuthnStatementType) brokeredIdentityContext.getContextData().get(SAMLEndpoint.SAML_AUTHN_STATEMENT);
        if (authnStatementType == null || authnStatementType.getSessionIndex() == null) {
            return;
        }
        authenticationSessionModel.setUserSessionNote(SAMLEndpoint.SAML_FEDERATED_SESSION_INDEX, authnStatementType.getSessionIndex());
    }

    public Response retrieveToken(KeycloakSession keycloakSession, FederatedIdentityModel federatedIdentityModel) {
        return Response.ok(federatedIdentityModel.getToken()).build();
    }

    public void backchannelLogout(KeycloakSession keycloakSession, UserSessionModel userSessionModel, UriInfo uriInfo, RealmModel realmModel) {
        String singleLogoutServiceUrl = ((SAMLIdentityProviderConfig) getConfig()).getSingleLogoutServiceUrl();
        if (singleLogoutServiceUrl == null || singleLogoutServiceUrl.trim().equals("") || !((SAMLIdentityProviderConfig) getConfig()).isBackchannelSupported()) {
            return;
        }
        JaxrsSAML2BindingBuilder buildLogoutBinding = buildLogoutBinding(keycloakSession, userSessionModel, realmModel);
        try {
            LogoutRequestType buildLogoutRequest = buildLogoutRequest(userSessionModel, uriInfo, realmModel, singleLogoutServiceUrl, new SamlProtocolExtensionsAwareBuilder.NodeGenerator[0]);
            if (buildLogoutRequest.getDestination() != null) {
                singleLogoutServiceUrl = buildLogoutRequest.getDestination().toString();
            }
            int asStatus = SimpleHttp.doPost(singleLogoutServiceUrl, keycloakSession).param("SAMLRequest", buildLogoutBinding.m429postBinding(SAML2Request.convert(buildLogoutRequest)).encoded()).param("RelayState", userSessionModel.getId()).asStatus();
            if (!(asStatus >= 200 && asStatus < 400)) {
                logger.warn("Failed saml backchannel broker logout to: " + singleLogoutServiceUrl);
            }
        } catch (Exception e) {
            logger.warn("Failed saml backchannel broker logout to: " + singleLogoutServiceUrl, e);
        }
    }

    public Response keycloakInitiatedBrowserLogout(KeycloakSession keycloakSession, UserSessionModel userSessionModel, UriInfo uriInfo, RealmModel realmModel) {
        String singleLogoutServiceUrl = ((SAMLIdentityProviderConfig) getConfig()).getSingleLogoutServiceUrl();
        if (singleLogoutServiceUrl == null || singleLogoutServiceUrl.trim().equals("")) {
            return null;
        }
        if (((SAMLIdentityProviderConfig) getConfig()).isBackchannelSupported()) {
            backchannelLogout(keycloakSession, userSessionModel, uriInfo, realmModel);
            return null;
        }
        try {
            LogoutRequestType buildLogoutRequest = buildLogoutRequest(userSessionModel, uriInfo, realmModel, singleLogoutServiceUrl, new SamlProtocolExtensionsAwareBuilder.NodeGenerator[0]);
            if (buildLogoutRequest.getDestination() != null) {
                singleLogoutServiceUrl = buildLogoutRequest.getDestination().toString();
            }
            JaxrsSAML2BindingBuilder buildLogoutBinding = buildLogoutBinding(keycloakSession, userSessionModel, realmModel);
            return ((SAMLIdentityProviderConfig) getConfig()).isPostBindingLogout() ? buildLogoutBinding.m429postBinding(SAML2Request.convert(buildLogoutRequest)).request(singleLogoutServiceUrl) : buildLogoutBinding.m430redirectBinding(SAML2Request.convert(buildLogoutRequest)).request(singleLogoutServiceUrl);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected LogoutRequestType buildLogoutRequest(UserSessionModel userSessionModel, UriInfo uriInfo, RealmModel realmModel, String str, SamlProtocolExtensionsAwareBuilder.NodeGenerator... nodeGeneratorArr) throws ConfigurationException {
        SAML2LogoutRequestBuilder destination = new SAML2LogoutRequestBuilder().assertionExpiration(realmModel.getAccessCodeLifespan()).issuer(getEntityId(uriInfo, realmModel)).sessionIndex(userSessionModel.getNote(SAMLEndpoint.SAML_FEDERATED_SESSION_INDEX)).nameId(NameIDType.deserializeFromString(userSessionModel.getNote(SAMLEndpoint.SAML_FEDERATED_SUBJECT_NAMEID))).destination(str);
        LogoutRequestType createLogoutRequest = destination.createLogoutRequest();
        for (SamlProtocolExtensionsAwareBuilder.NodeGenerator nodeGenerator : nodeGeneratorArr) {
            destination.addExtension(nodeGenerator);
        }
        Iterator<SamlAuthenticationPreprocessor> samlAuthenticationPreprocessorIterator = SamlSessionUtils.getSamlAuthenticationPreprocessorIterator(this.session);
        while (samlAuthenticationPreprocessorIterator.hasNext()) {
            createLogoutRequest = samlAuthenticationPreprocessorIterator.next().beforeSendingLogoutRequest(createLogoutRequest, userSessionModel, null);
        }
        return createLogoutRequest;
    }

    private JaxrsSAML2BindingBuilder buildLogoutBinding(KeycloakSession keycloakSession, UserSessionModel userSessionModel, RealmModel realmModel) {
        JaxrsSAML2BindingBuilder jaxrsSAML2BindingBuilder = (JaxrsSAML2BindingBuilder) new JaxrsSAML2BindingBuilder(keycloakSession).relayState(userSessionModel.getId());
        if (((SAMLIdentityProviderConfig) getConfig()).isWantAuthnRequestsSigned()) {
            KeyManager.ActiveRsaKey activeRsaKey = keycloakSession.keys().getActiveRsaKey(realmModel);
            ((JaxrsSAML2BindingBuilder) ((JaxrsSAML2BindingBuilder) jaxrsSAML2BindingBuilder.signWith(((SAMLIdentityProviderConfig) getConfig()).getXmlSigKeyInfoKeyNameTransformer().getKeyName(activeRsaKey.getKid(), activeRsaKey.getCertificate()), activeRsaKey.getPrivateKey(), activeRsaKey.getPublicKey(), activeRsaKey.getCertificate())).signatureAlgorithm(getSignatureAlgorithm())).signDocument();
        }
        return jaxrsSAML2BindingBuilder;
    }

    public Response export(UriInfo uriInfo, RealmModel realmModel, String str) {
        try {
            URI uri = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri();
            if (((SAMLIdentityProviderConfig) getConfig()).isPostBindingAuthnRequest()) {
                uri = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.getUri();
            }
            URI build = uriInfo.getBaseUriBuilder().path("realms").path(realmModel.getName()).path("broker").path(((SAMLIdentityProviderConfig) getConfig()).getAlias()).path("endpoint").build(new Object[0]);
            boolean isWantAuthnRequestsSigned = ((SAMLIdentityProviderConfig) getConfig()).isWantAuthnRequestsSigned();
            boolean isWantAssertionsSigned = ((SAMLIdentityProviderConfig) getConfig()).isWantAssertionsSigned();
            boolean isWantAssertionsEncrypted = ((SAMLIdentityProviderConfig) getConfig()).isWantAssertionsEncrypted();
            String entityId = getEntityId(uriInfo, realmModel);
            String nameIDPolicyFormat = ((SAMLIdentityProviderConfig) getConfig()).getNameIDPolicyFormat();
            LinkedList linkedList = new LinkedList();
            LinkedList linkedList2 = new LinkedList();
            this.session.keys().getKeysStream(realmModel, KeyUse.SIG, "RS256").filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter(keyWrapper -> {
                return keyWrapper.getCertificate() != null;
            }).sorted(SamlService::compareKeys).forEach(keyWrapper2 -> {
                try {
                    Element buildKeyInfoElement = SPMetadataDescriptor.buildKeyInfoElement(keyWrapper2.getKid(), PemUtils.encodeCertificate(keyWrapper2.getCertificate()));
                    linkedList.add(buildKeyInfoElement);
                    if (keyWrapper2.getStatus() == KeyStatus.ACTIVE) {
                        linkedList2.add(buildKeyInfoElement);
                    }
                } catch (ParserConfigurationException e) {
                    logger.warn("Failed to export SAML SP Metadata!", e);
                    throw new RuntimeException(e);
                }
            });
            StringWriter stringWriter = new StringWriter();
            SAMLMetadataWriter sAMLMetadataWriter = new SAMLMetadataWriter(StaxUtil.getXMLStreamWriter(stringWriter));
            EntityDescriptorType buildSPdescriptor = SPMetadataDescriptor.buildSPdescriptor(uri, uri, build, build, isWantAuthnRequestsSigned, isWantAssertionsSigned, isWantAssertionsEncrypted, entityId, nameIDPolicyFormat, linkedList, linkedList2);
            ArrayList arrayList = new ArrayList();
            realmModel.getIdentityProviderMappersByAliasStream(((SAMLIdentityProviderConfig) getConfig()).getAlias()).forEach(identityProviderMapperModel -> {
                SamlMetadataDescriptorUpdater samlMetadataDescriptorUpdater = (IdentityProviderMapper) this.session.getKeycloakSessionFactory().getProviderFactory(IdentityProviderMapper.class, identityProviderMapperModel.getIdentityProviderMapper());
                if (samlMetadataDescriptorUpdater instanceof SamlMetadataDescriptorUpdater) {
                    arrayList.add(new AbstractMap.SimpleEntry(identityProviderMapperModel, samlMetadataDescriptorUpdater));
                }
            });
            if (!arrayList.isEmpty()) {
                int intValue = ((SAMLIdentityProviderConfig) getConfig()).getAttributeConsumingServiceIndex() != null ? ((SAMLIdentityProviderConfig) getConfig()).getAttributeConsumingServiceIndex().intValue() : 1;
                String attributeConsumingServiceName = ((SAMLIdentityProviderConfig) getConfig()).getAttributeConsumingServiceName();
                if (attributeConsumingServiceName == null) {
                    attributeConsumingServiceName = realmModel.getDisplayName() != null ? realmModel.getDisplayName() : realmModel.getName();
                }
                AttributeConsumingServiceType attributeConsumingServiceType = new AttributeConsumingServiceType(intValue);
                attributeConsumingServiceType.setIsDefault(true);
                LocalizedNameType localizedNameType = new LocalizedNameType(realmModel.getDefaultLocale() == null ? "en" : realmModel.getDefaultLocale());
                localizedNameType.setValue(attributeConsumingServiceName);
                attributeConsumingServiceType.addServiceName(localizedNameType);
                Iterator it = buildSPdescriptor.getChoiceType().iterator();
                while (it.hasNext()) {
                    Iterator it2 = ((EntityDescriptorType.EDTChoiceType) it.next()).getDescriptors().iterator();
                    while (it2.hasNext()) {
                        ((EntityDescriptorType.EDTDescriptorChoiceType) it2.next()).getSpDescriptor().addAttributeConsumerService(attributeConsumingServiceType);
                    }
                }
                arrayList.forEach(entry -> {
                    ((SamlMetadataDescriptorUpdater) entry.getValue()).updateMetadata((IdentityProviderMapperModel) entry.getKey(), buildSPdescriptor);
                });
            }
            sAMLMetadataWriter.writeEntityDescriptor(buildSPdescriptor);
            String stringWriter2 = stringWriter.toString();
            if (((SAMLIdentityProviderConfig) getConfig()).isSignSpMetadata()) {
                KeyManager.ActiveRsaKey activeRsaKey = this.session.keys().getActiveRsaKey(realmModel);
                String keyName = ((SAMLIdentityProviderConfig) getConfig()).getXmlSigKeyInfoKeyNameTransformer().getKeyName(activeRsaKey.getKid(), activeRsaKey.getCertificate());
                KeyPair keyPair = new KeyPair(activeRsaKey.getPublicKey(), activeRsaKey.getPrivateKey());
                Document document = DocumentUtil.getDocument(stringWriter2);
                SAML2Signature sAML2Signature = new SAML2Signature();
                sAML2Signature.setSignatureMethod(getSignatureAlgorithm().getXmlSignatureMethod());
                sAML2Signature.setDigestMethod(getSignatureAlgorithm().getXmlSignatureDigestMethod());
                sAML2Signature.setNextSibling(document.getDocumentElement().getFirstChild());
                sAML2Signature.signSAMLDocument(document, keyName, keyPair, "http://www.w3.org/2001/10/xml-exc-c14n#");
                stringWriter2 = DocumentUtil.getDocumentAsString(document);
            }
            return Response.ok(stringWriter2, MediaType.APPLICATION_XML_TYPE).build();
        } catch (Exception e) {
            logger.warn("Failed to export SAML SP Metadata!", e);
            throw new RuntimeException(e);
        }
    }

    public SignatureAlgorithm getSignatureAlgorithm() {
        SignatureAlgorithm valueOf;
        String signatureAlgorithm = ((SAMLIdentityProviderConfig) getConfig()).getSignatureAlgorithm();
        return (signatureAlgorithm == null || (valueOf = SignatureAlgorithm.valueOf(signatureAlgorithm)) == null) ? SignatureAlgorithm.RSA_SHA256 : valueOf;
    }

    public IdentityProviderDataMarshaller getMarshaller() {
        return new SAMLDataMarshaller();
    }
}
