package se.litsec.swedisheid.opensaml.saml2.signservice;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.opensaml.saml.ext.saml2alg.DigestMethod;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.SSODescriptor;
import org.opensaml.xmlsec.algorithm.AlgorithmDescriptor;
import org.opensaml.xmlsec.algorithm.AlgorithmRegistry;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.litsec.opensaml.saml2.metadata.MetadataUtils;
import se.litsec.swedisheid.opensaml.saml2.attribute.AttributeConstants;
import se.litsec.swedisheid.opensaml.saml2.signservice.dss.Message;

/* loaded from: input_file:se/litsec/swedisheid/opensaml/saml2/signservice/SignMessageDigestIssuer.class */
public class SignMessageDigestIssuer {
    private final Logger log = LoggerFactory.getLogger(SignMessageDigestIssuer.class);
    public static final String DEFAULT_DIGEST_METHOD = "http://www.w3.org/2001/04/xmlenc#sha256";
    private String defaultDigestMethod;

    public Attribute create(Message message) {
        return create(message, null);
    }

    public Attribute create(Message message, EntityDescriptor entityDescriptor) {
        if (message == null || message.getValue() == null) {
            throw new IllegalArgumentException("Supplied sign message is null or empty");
        }
        String str = null;
        if (entityDescriptor != null) {
            try {
                str = getDigestPreference(entityDescriptor);
            } catch (Exception e) {
                this.log.error("Error during recipient metadata analyze (looking for preferred digest algorithm)", e);
            }
        }
        if (str == null) {
            str = getDefaultDigestMethod();
        }
        this.log.debug("Using digest algorithm '{}' when issuing signMessageDigest", str);
        AlgorithmDescriptor algorithmDescriptor = AlgorithmSupport.getGlobalAlgorithmRegistry().get(str);
        if (algorithmDescriptor == null) {
            throw new SecurityException(str + " is not supported");
        }
        try {
            return AttributeConstants.ATTRIBUTE_TEMPLATE_SIGNMESSAGE_DIGEST.createBuilder().value(new String[]{String.format("%s;%s", str, Base64.getEncoder().encodeToString(MessageDigest.getInstance(algorithmDescriptor.getJCAAlgorithmID()).digest(message.getContent().getBytes(StandardCharsets.UTF_8))))}).build();
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityException(e2);
        }
    }

    public static String getDigestPreference(EntityDescriptor entityDescriptor) {
        if (entityDescriptor == null) {
            return null;
        }
        List emptyList = Collections.emptyList();
        SSODescriptor sSODescriptor = MetadataUtils.getSSODescriptor(entityDescriptor);
        if (sSODescriptor != null) {
            emptyList = MetadataUtils.getMetadataExtensions(sSODescriptor.getExtensions(), DigestMethod.class);
        }
        if (emptyList.isEmpty()) {
            emptyList = MetadataUtils.getMetadataExtensions(entityDescriptor.getExtensions(), DigestMethod.class);
        }
        AlgorithmRegistry globalAlgorithmRegistry = AlgorithmSupport.getGlobalAlgorithmRegistry();
        if (!emptyList.isEmpty()) {
            emptyList = (List) emptyList.stream().filter(digestMethod -> {
                AlgorithmDescriptor algorithmDescriptor = globalAlgorithmRegistry.get(digestMethod.getAlgorithm());
                if (algorithmDescriptor != null) {
                    return AlgorithmDescriptor.AlgorithmType.MessageDigest.equals(algorithmDescriptor.getType());
                }
                return false;
            }).collect(Collectors.toList());
        }
        if (emptyList.isEmpty()) {
            return null;
        }
        return ((DigestMethod) emptyList.get(0)).getAlgorithm();
    }

    public String getDefaultDigestMethod() {
        return this.defaultDigestMethod != null ? this.defaultDigestMethod : DEFAULT_DIGEST_METHOD;
    }

    public void setDefaultDigestMethod(String str) {
        AlgorithmDescriptor algorithmDescriptor = AlgorithmSupport.getGlobalAlgorithmRegistry().get(str);
        if (algorithmDescriptor == null) {
            throw new SecurityException(str + " is not supported");
        }
        if (algorithmDescriptor.getType() != AlgorithmDescriptor.AlgorithmType.MessageDigest) {
            throw new SecurityException(str + " is not a valid digest algorithm");
        }
        this.defaultDigestMethod = str;
    }
}
