package se.litsec.opensaml.utils;

import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.ext.saml2alg.DigestMethod;
import org.opensaml.saml.ext.saml2alg.SigningMethod;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.SSODescriptor;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.SecurityConfigurationSupport;
import org.opensaml.xmlsec.SignatureSigningConfiguration;
import org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion;
import org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration;
import org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureSupport;
import se.litsec.opensaml.saml2.metadata.MetadataUtils;

/* loaded from: input_file:se/litsec/opensaml/utils/SignatureUtils.class */
public class SignatureUtils {
    public static SignatureSigningConfiguration getSignaturePreferences(EntityDescriptor entityDescriptor) {
        if (entityDescriptor == null) {
            return null;
        }
        List emptyList = Collections.emptyList();
        List emptyList2 = Collections.emptyList();
        SSODescriptor sSODescriptor = MetadataUtils.getSSODescriptor(entityDescriptor);
        if (sSODescriptor != null) {
            emptyList = MetadataUtils.getMetadataExtensions(sSODescriptor.getExtensions(), SigningMethod.class);
            emptyList2 = MetadataUtils.getMetadataExtensions(sSODescriptor.getExtensions(), DigestMethod.class);
        }
        if (emptyList.isEmpty()) {
            emptyList = MetadataUtils.getMetadataExtensions(entityDescriptor.getExtensions(), SigningMethod.class);
        }
        if (emptyList2.isEmpty()) {
            emptyList2 = MetadataUtils.getMetadataExtensions(entityDescriptor.getExtensions(), DigestMethod.class);
        }
        if (emptyList.isEmpty() && emptyList2.isEmpty()) {
            return null;
        }
        BasicSignatureSigningConfiguration basicSignatureSigningConfiguration = new BasicSignatureSigningConfiguration();
        if (!emptyList.isEmpty()) {
            basicSignatureSigningConfiguration.setSignatureAlgorithms((List) emptyList.stream().map((v0) -> {
                return v0.getAlgorithm();
            }).collect(Collectors.toList()));
        }
        if (!emptyList2.isEmpty()) {
            basicSignatureSigningConfiguration.setSignatureReferenceDigestMethods((List) emptyList2.stream().map((v0) -> {
                return v0.getAlgorithm();
            }).collect(Collectors.toList()));
        }
        return basicSignatureSigningConfiguration;
    }

    @Deprecated
    public static <T extends SignableSAMLObject> void sign(T t, Credential credential) throws SignatureException {
        sign(t, credential, SecurityConfigurationSupport.getGlobalSignatureSigningConfiguration());
    }

    public static <T extends SignableSAMLObject> void sign(T t, Credential credential, SignatureSigningConfiguration signatureSigningConfiguration, EntityDescriptor entityDescriptor) throws SignatureException {
        SignatureSigningConfiguration signaturePreferences = getSignaturePreferences(entityDescriptor);
        if (signatureSigningConfiguration == null) {
            signatureSigningConfiguration = SecurityConfigurationSupport.getGlobalSignatureSigningConfiguration();
        }
        SignatureSigningConfiguration[] signatureSigningConfigurationArr = new SignatureSigningConfiguration[1 + (signaturePreferences != null ? 1 : 0)];
        int i = 0;
        if (signaturePreferences != null) {
            i = 0 + 1;
            signatureSigningConfigurationArr[0] = signaturePreferences;
        }
        signatureSigningConfigurationArr[i] = signatureSigningConfiguration;
        sign(t, credential, signatureSigningConfigurationArr);
    }

    public static <T extends SignableSAMLObject> void sign(T t, Credential credential, SignatureSigningConfiguration... signatureSigningConfigurationArr) throws SignatureException {
        if (signatureSigningConfigurationArr == null || signatureSigningConfigurationArr.length == 0) {
            signatureSigningConfigurationArr = new SignatureSigningConfiguration[]{SecurityConfigurationSupport.getGlobalSignatureSigningConfiguration()};
        }
        try {
            t.setSignature((Signature) null);
            SignatureSigningConfiguration basicSignatureSigningConfiguration = new BasicSignatureSigningConfiguration();
            basicSignatureSigningConfiguration.setSigningCredentials(Collections.singletonList(credential));
            BasicSignatureSigningParametersResolver basicSignatureSigningParametersResolver = new BasicSignatureSigningParametersResolver();
            SignatureSigningConfiguration[] signatureSigningConfigurationArr2 = new SignatureSigningConfiguration[signatureSigningConfigurationArr.length + 1];
            System.arraycopy(signatureSigningConfigurationArr, 0, signatureSigningConfigurationArr2, 0, signatureSigningConfigurationArr.length);
            signatureSigningConfigurationArr2[signatureSigningConfigurationArr.length] = basicSignatureSigningConfiguration;
            SignatureSupport.signObject(t, basicSignatureSigningParametersResolver.resolveSingle(new CriteriaSet(new Criterion[]{new SignatureSigningConfigurationCriterion(signatureSigningConfigurationArr2)})));
        } catch (ResolverException | SecurityException | MarshallingException e) {
            throw new SignatureException(e);
        }
    }

    private SignatureUtils() {
    }
}
