package org.wso2.carbon.identity.sso.saml.builders.encryption;

import java.security.cert.CertificateEncodingException;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.xml.NamespaceSupport;
import org.apache.xml.security.utils.Base64;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.encryption.Encrypter;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoGenerator;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.X509Certificate;
import org.opensaml.xmlsec.signature.X509Data;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.sso.saml.builders.X509CredentialImpl;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/builders/encryption/DefaultSSOEncrypter.class */
public class DefaultSSOEncrypter implements SSOEncrypter {
    private static final String prefix = "ds";

    @Override // org.wso2.carbon.identity.sso.saml.builders.encryption.SSOEncrypter
    public void init() throws IdentityException {
    }

    @Override // org.wso2.carbon.identity.sso.saml.builders.encryption.SSOEncrypter
    public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential x509Credential, String str, String str2) throws IdentityException {
        try {
            String keyAlgorithm = AlgorithmSupport.getKeyAlgorithm(IdentityApplicationManagementUtil.getAssertionEncryptionAlgorithmURIByConfig());
            Integer keyLength = AlgorithmSupport.getKeyLength(IdentityApplicationManagementUtil.getAssertionEncryptionAlgorithmURIByConfig());
            if (keyAlgorithm == null || keyLength == null) {
                throw new IdentityException("Invalid assertion encryption algorithm");
            }
            BasicCredential simpleCredential = CredentialSupport.getSimpleCredential(KeySupport.generateKey(keyAlgorithm, keyLength.intValue(), (String) null));
            DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters();
            dataEncryptionParameters.setAlgorithm(IdentityApplicationManagementUtil.getAssertionEncryptionAlgorithmURIByConfig());
            dataEncryptionParameters.setEncryptionCredential(simpleCredential);
            KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
            keyEncryptionParameters.setAlgorithm(IdentityApplicationManagementUtil.getKeyEncryptionAlgorithmURIByConfig());
            keyEncryptionParameters.setEncryptionCredential(x509Credential);
            Encrypter encrypter = new Encrypter(dataEncryptionParameters, keyEncryptionParameters);
            encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);
            EncryptedAssertion encrypt = encrypter.encrypt(assertion);
            appendNamespaceDeclaration(encrypt);
            return encrypt;
        } catch (Exception e) {
            throw IdentityException.error("Error while Encrypting Assertion", e);
        }
    }

    @Override // org.wso2.carbon.identity.sso.saml.builders.encryption.SSOEncrypter
    public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential x509Credential, String str, String str2, String str3) throws IdentityException {
        try {
            String keyAlgorithm = AlgorithmSupport.getKeyAlgorithm(str2);
            Integer keyLength = AlgorithmSupport.getKeyLength(str2);
            if (keyAlgorithm == null || keyLength == null) {
                throw new IdentityException("Invalid assertion encryption algorithm");
            }
            BasicCredential simpleCredential = CredentialSupport.getSimpleCredential(KeySupport.generateKey(keyAlgorithm, keyLength.intValue(), (String) null));
            DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters();
            dataEncryptionParameters.setAlgorithm(str2);
            dataEncryptionParameters.setEncryptionCredential(simpleCredential);
            KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
            keyEncryptionParameters.setAlgorithm(str3);
            keyEncryptionParameters.setEncryptionCredential(x509Credential);
            KeyInfo buildXMLObject = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
            X509Data buildXMLObject2 = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
            X509Certificate buildXMLObject3 = buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
            try {
                buildXMLObject3.setValue(Base64.encode(((X509CredentialImpl) x509Credential).getSigningCert().getEncoded()));
                buildXMLObject2.getX509Certificates().add(buildXMLObject3);
                buildXMLObject.getX509Datas().add(buildXMLObject2);
                keyEncryptionParameters.setKeyInfoGenerator(new StaticKeyInfoGenerator(buildXMLObject));
                Encrypter encrypter = new Encrypter(dataEncryptionParameters, keyEncryptionParameters);
                encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);
                EncryptedAssertion encrypt = encrypter.encrypt(assertion);
                appendNamespaceDeclaration(encrypt);
                return encrypt;
            } catch (CertificateEncodingException e) {
                throw IdentityException.error("Error occurred while retrieving encoded cert", e);
            }
        } catch (Exception e2) {
            throw IdentityException.error("Error while Encrypting Assertion", e2);
        }
    }

    private XMLObject buildXMLObject(QName qName) throws IdentityException {
        XMLObjectBuilder builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw IdentityException.error("Unable to retrieve builder for object QName " + qName);
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }

    private void appendNamespaceDeclaration(EncryptedAssertion encryptedAssertion) throws IdentityException {
        Boolean bool = false;
        if (encryptedAssertion.getEncryptedData().getKeyInfo() == null || encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().size() <= 0) {
            throw new IdentityException("Failed to set Namespace Declaration");
        }
        for (EncryptedKey encryptedKey : encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys()) {
            if (encryptedKey.getEncryptionMethod() != null && encryptedKey.getEncryptionMethod().hasChildren()) {
                for (XMLObject xMLObject : encryptedKey.getEncryptionMethod().getOrderedChildren()) {
                    if (xMLObject.getElementQName().getLocalPart().equals("DigestMethod") && xMLObject.getDOM() != null) {
                        NamespaceSupport.appendNamespaceDeclaration(xMLObject.getDOM(), "http://www.w3.org/2000/09/xmldsig#", prefix);
                        bool = true;
                    }
                }
            }
        }
        if (!bool.booleanValue()) {
            throw new IdentityException("Failed to set Namespace Declaration");
        }
    }
}
