package org.apache.cxf.fediz.core.util;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.apache.wss4j.common.crypto.Crypto;
import org.opensaml.security.crypto.JCAConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:BOOT-INF/lib/fediz-core-1.4.3.jar:org/apache/cxf/fediz/core/util/SignatureUtils.class */
public final class SignatureUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SignatureUtils.class);
    private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");

    private SignatureUtils() {
    }

    public static Document signMetaInfo(Crypto crypto, String str, String str2, Document document, String str3) throws Exception {
        String str4;
        if (str == null || "".equals(str)) {
            str = crypto.getDefaultX509Identifier();
        }
        X509Certificate x509CertificateFromCrypto = CertsUtils.getX509CertificateFromCrypto(crypto, str);
        if (JCAConstants.SIGNATURE_DSA_SHA1.equals(x509CertificateFromCrypto.getSigAlgName())) {
            str4 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        } else if (JCAConstants.SIGNATURE_RSA_SHA1.equals(x509CertificateFromCrypto.getSigAlgName())) {
            str4 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        } else {
            if (!"SHA256withRSA".equals(x509CertificateFromCrypto.getSigAlgName())) {
                LOG.error("Unsupported signature method: " + x509CertificateFromCrypto.getSigAlgName());
                throw new RuntimeException("Unsupported signature method: " + x509CertificateFromCrypto.getSigAlgName());
            }
            str4 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(XML_SIGNATURE_FACTORY.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
        arrayList.add(XML_SIGNATURE_FACTORY.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec) null));
        SignedInfo newSignedInfo = XML_SIGNATURE_FACTORY.newSignedInfo(XML_SIGNATURE_FACTORY.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec) null), XML_SIGNATURE_FACTORY.newSignatureMethod(str4, (SignatureMethodParameterSpec) null), Collections.singletonList(XML_SIGNATURE_FACTORY.newReference("#" + str3, XML_SIGNATURE_FACTORY.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), arrayList, (String) null, (String) null)));
        PrivateKey privateKey = crypto.getPrivateKey(str, str2);
        KeyInfoFactory keyInfoFactory = XML_SIGNATURE_FACTORY.getKeyInfoFactory();
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(x509CertificateFromCrypto.getSubjectX500Principal().getName());
        arrayList2.add(x509CertificateFromCrypto);
        KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList2)));
        DOMSignContext dOMSignContext = new DOMSignContext(privateKey, document.getDocumentElement());
        dOMSignContext.setIdAttributeNS(document.getDocumentElement(), (String) null, "ID");
        dOMSignContext.setNextSibling(document.getDocumentElement().getFirstChild());
        XML_SIGNATURE_FACTORY.newXMLSignature(newSignedInfo, newKeyInfo).sign(dOMSignContext);
        return document;
    }
}
