package org.wso2.carbon.identity.sso.saml.builders.signature;

import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import javax.xml.namespace.QName;
import org.apache.xml.security.Init;
import org.apache.xml.security.utils.Base64;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.common.SAMLObjectContentReference;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.X509Certificate;
import org.opensaml.xmlsec.signature.X509Data;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.opensaml.xmlsec.signature.support.Signer;
import org.wso2.carbon.identity.base.IdentityException;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/builders/signature/DefaultSSOSigner.class */
public class DefaultSSOSigner implements SSOSigner {
    @Override // org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner
    public void init() throws IdentityException {
    }

    @Override // org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner
    public boolean validateXMLSignature(RequestAbstractType requestAbstractType, X509Credential x509Credential, String str) throws IdentityException {
        return validateXMLSignature((SignableXMLObject) requestAbstractType, x509Credential, str);
    }

    public boolean validateXMLSignature(SignableXMLObject signableXMLObject, X509Credential x509Credential, String str) throws IdentityException {
        boolean z = false;
        if (signableXMLObject.getSignature() != null) {
            try {
                SignatureValidator.validate(signableXMLObject.getSignature(), x509Credential);
                z = true;
            } catch (SignatureException e) {
                throw IdentityException.error("Signature Validation Failed for the SAML Assertion.", e);
            }
        }
        return z;
    }

    @Override // org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner
    public SignableXMLObject setSignature(SignableXMLObject signableXMLObject, String str, String str2, X509Credential x509Credential) throws IdentityException {
        Signature buildXMLObject = buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setSigningCredential(x509Credential);
        buildXMLObject.setSignatureAlgorithm(str);
        buildXMLObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data buildXMLObject3 = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        X509Certificate buildXMLObject4 = buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
        try {
            buildXMLObject4.setValue(Base64.encode(x509Credential.getEntityCertificate().getEncoded()));
            buildXMLObject3.getX509Certificates().add(buildXMLObject4);
            buildXMLObject2.getX509Datas().add(buildXMLObject3);
            buildXMLObject.setKeyInfo(buildXMLObject2);
            signableXMLObject.setSignature(buildXMLObject);
            ((SAMLObjectContentReference) buildXMLObject.getContentReferences().get(0)).setDigestAlgorithm(str2);
            ArrayList arrayList = new ArrayList();
            arrayList.add(buildXMLObject);
            try {
                XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(signableXMLObject).marshall(signableXMLObject);
                Init.init();
                try {
                    Signer.signObjects(arrayList);
                    return signableXMLObject;
                } catch (SignatureException e) {
                    throw IdentityException.error("Error occurred while signing request", e);
                }
            } catch (MarshallingException e2) {
                throw IdentityException.error("Unable to marshall the request", e2);
            }
        } catch (CertificateEncodingException e3) {
            throw IdentityException.error("Error occurred while retrieving encoded cert", e3);
        }
    }

    private XMLObject buildXMLObject(QName qName) throws IdentityException {
        XMLObjectBuilder builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw IdentityException.error("Unable to retrieve builder for object QName " + qName);
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }
}
