package org.wso2.carbon.identity.sso.saml.builders.signature;

import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import javax.xml.namespace.QName;
import org.apache.xml.security.Init;
import org.apache.xml.security.utils.Base64;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
import org.opensaml.xml.validation.ValidationException;
import org.wso2.carbon.identity.base.IdentityException;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/builders/signature/DefaultSSOSigner.class */
public class DefaultSSOSigner implements SSOSigner {
    private static XMLObject buildXMLObject(QName qName) throws IdentityException {
        XMLObjectBuilder builder = Configuration.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new IdentityException("Unable to retrieve builder for object QName " + qName);
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }

    @Override // org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner
    public void init() throws IdentityException {
    }

    @Override // org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner
    public boolean doValidateXMLSignature(RequestAbstractType requestAbstractType, X509Credential x509Credential, String str) throws IdentityException {
        boolean z = false;
        if (requestAbstractType.getSignature() != null) {
            try {
                new SignatureValidator(x509Credential).validate(requestAbstractType.getSignature());
                z = true;
            } catch (ValidationException e) {
                throw new IdentityException("Signature Validation Failed for the SAML Assertion : Signature is invalid.");
            }
        }
        return z;
    }

    @Override // org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner
    public Assertion doSetSignature(Assertion assertion, String str, X509Credential x509Credential) throws IdentityException {
        try {
            Signature buildXMLObject = buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
            buildXMLObject.setSigningCredential(x509Credential);
            buildXMLObject.setSignatureAlgorithm(str);
            buildXMLObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            try {
                KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
                X509Data buildXMLObject3 = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
                X509Certificate buildXMLObject4 = buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
                buildXMLObject4.setValue(Base64.encode(x509Credential.getEntityCertificate().getEncoded()));
                buildXMLObject3.getX509Certificates().add(buildXMLObject4);
                buildXMLObject2.getX509Datas().add(buildXMLObject3);
                buildXMLObject.setKeyInfo(buildXMLObject2);
                assertion.setSignature(buildXMLObject);
                ArrayList arrayList = new ArrayList();
                arrayList.add(buildXMLObject);
                Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
                Init.init();
                Signer.signObjects(arrayList);
                return assertion;
            } catch (CertificateEncodingException e) {
                throw new IdentityException("errorGettingCert");
            }
        } catch (Exception e2) {
            throw new IdentityException("Error while signing the SAML Response message.", e2);
        }
    }

    @Override // org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner
    public StatusResponseType doSignResponse(StatusResponseType statusResponseType, String str, X509Credential x509Credential) throws IdentityException {
        try {
            Signature buildXMLObject = buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
            buildXMLObject.setSigningCredential(x509Credential);
            buildXMLObject.setSignatureAlgorithm(str);
            buildXMLObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            try {
                KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
                X509Data buildXMLObject3 = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
                X509Certificate buildXMLObject4 = buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
                buildXMLObject4.setValue(Base64.encode(x509Credential.getEntityCertificate().getEncoded()));
                buildXMLObject3.getX509Certificates().add(buildXMLObject4);
                buildXMLObject2.getX509Datas().add(buildXMLObject3);
                buildXMLObject.setKeyInfo(buildXMLObject2);
                statusResponseType.setSignature(buildXMLObject);
                ArrayList arrayList = new ArrayList();
                arrayList.add(buildXMLObject);
                Configuration.getMarshallerFactory().getMarshaller(statusResponseType).marshall(statusResponseType);
                Init.init();
                Signer.signObjects(arrayList);
                return statusResponseType;
            } catch (CertificateEncodingException e) {
                throw new IdentityException("errorGettingCert");
            }
        } catch (Exception e2) {
            throw new IdentityException("Error while signing the SAML Response message.", e2);
        }
    }
}
