package org.wso2.carbon.identity.outbound.metadata.saml2;

import java.security.cert.CertificateEncodingException;
import java.util.Iterator;
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.Init;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.ElementProxy;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Document;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.outbound.metadata.saml2.util.BuilderUtil;
import org.wso2.carbon.idp.mgt.MetadataException;

/* loaded from: input_file:org/wso2/carbon/identity/outbound/metadata/saml2/MetadataCryptoProvider.class */
public class MetadataCryptoProvider implements CryptoProvider {
    private X509Credential credential;
    private static Log log = LogFactory.getLog(MetadataCryptoProvider.class);

    public MetadataCryptoProvider() throws MetadataException {
        if (log.isDebugEnabled()) {
            log.debug("Creating the credential object");
        }
        this.credential = new SignKeyDataHolder();
    }

    @Override // org.wso2.carbon.identity.outbound.metadata.saml2.CryptoProvider
    public void signMetadata(EntityDescriptor entityDescriptor) throws MetadataException {
        List roleDescriptors = entityDescriptor.getRoleDescriptors();
        if (roleDescriptors.size() > 0) {
            Iterator it = roleDescriptors.iterator();
            while (it.hasNext()) {
                ((RoleDescriptor) it.next()).getKeyDescriptors().add(createKeyDescriptor());
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Key Descriptors set for all the role descriptor types");
        }
        try {
            ElementProxy.setDefaultPrefix(ConfigElements.XMLSIGNATURE_NS, "");
            Init.init();
        } catch (XMLSecurityException e) {
            throw new MetadataException("Unable to set default prefix for signature element", e);
        }
    }

    private KeyInfo createKeyInfo() throws MetadataException {
        if (log.isDebugEnabled()) {
            log.debug("Creating the KeyInfo element");
        }
        KeyInfo keyInfo = (KeyInfo) BuilderUtil.createSAMLObject(ConfigElements.XMLSIGNATURE_NS, "KeyInfo", "");
        X509Data x509Data = (X509Data) BuilderUtil.createSAMLObject(ConfigElements.XMLSIGNATURE_NS, "X509Data", "");
        X509Certificate x509Certificate = (X509Certificate) BuilderUtil.createSAMLObject(ConfigElements.XMLSIGNATURE_NS, "X509Certificate", "");
        try {
            x509Certificate.setValue(Base64.encode(this.credential.getEntityCertificate().getEncoded()));
            x509Data.getX509Certificates().add(x509Certificate);
            keyInfo.getX509Datas().add(x509Data);
            if (log.isDebugEnabled()) {
                log.debug("Completed KeyInfo element creation");
            }
            return keyInfo;
        } catch (CertificateEncodingException e) {
            throw new MetadataException("Error while encoding the certificate.", e);
        }
    }

    private KeyDescriptor createKeyDescriptor() throws MetadataException {
        if (log.isDebugEnabled()) {
            log.debug("Creating the KeyDescriptor element");
        }
        KeyDescriptor keyDescriptor = (KeyDescriptor) BuilderUtil.createSAMLObject(ConfigElements.FED_METADATA_NS, "KeyDescriptor", "");
        keyDescriptor.setUse(UsageType.SIGNING);
        keyDescriptor.setKeyInfo(createKeyInfo());
        return keyDescriptor;
    }

    private Document marshallDescriptor(EntityDescriptor entityDescriptor) throws MetadataException {
        try {
            DocumentBuilder newDocumentBuilder = IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder();
            if (log.isDebugEnabled()) {
                log.debug("Marshalling the metadata element contents");
            }
            Document newDocument = newDocumentBuilder.newDocument();
            try {
                Configuration.getMarshallerFactory().getMarshaller(entityDescriptor).marshall(entityDescriptor, newDocument);
                if (log.isDebugEnabled()) {
                    log.debug("Marshalling completed");
                }
                return newDocument;
            } catch (MarshallingException e) {
                throw new MetadataException("Error while marshalling the descriptor.", e);
            }
        } catch (ParserConfigurationException e2) {
            throw new MetadataException("Error while creating the document.", e2);
        }
    }
}
