package org.opensaml.xml.signature;

import java.security.Key;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.impl.SignatureImpl;
import org.opensaml.xml.validation.ValidationException;
import org.opensaml.xml.validation.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/xmltooling-1.4.4.jar:org/opensaml/xml/signature/SignatureValidator.class
 */
/* loaded from: input_file:WEB-INF/lib/opensaml-2.6.4.wso2v3.jar:org/opensaml/xml/signature/SignatureValidator.class */
public class SignatureValidator implements Validator<Signature> {
    private final Logger log = LoggerFactory.getLogger((Class<?>) SignatureValidator.class);
    private Credential validationCredential;

    public SignatureValidator(Credential credential) {
        this.validationCredential = credential;
    }

    @Override // org.opensaml.xml.validation.Validator
    public void validate(Signature signature) throws ValidationException {
        this.log.debug("Attempting to validate signature using key from supplied credential");
        XMLSignature buildSignature = buildSignature(signature);
        Key extractVerificationKey = SecurityHelper.extractVerificationKey(this.validationCredential);
        if (extractVerificationKey == null) {
            this.log.debug("Supplied credential contained no key suitable for signature validation");
            throw new ValidationException("No key available to validate signature");
        }
        this.log.debug("Validating signature with signature algorithm URI: {}", signature.getSignatureAlgorithm());
        this.log.debug("Validation credential key algorithm '{}', key instance class '{}'", extractVerificationKey.getAlgorithm(), extractVerificationKey.getClass().getName());
        try {
            if (buildSignature.checkSignatureValue(extractVerificationKey)) {
                this.log.debug("Signature validated with key from supplied credential");
            } else {
                this.log.debug("Signature did not validate against the credential's key");
                throw new ValidationException("Signature did not validate against the credential's key");
            }
        } catch (XMLSignatureException e) {
            throw new ValidationException("Unable to evaluate key against signature", e);
        }
    }

    protected XMLSignature buildSignature(Signature signature) {
        this.log.debug("Creating XMLSignature object");
        return ((SignatureImpl) signature).getXMLSignature();
    }
}
