package org.jboss.identity.federation.api.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.Collections;
import javax.security.cert.X509Certificate;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory;
import org.jboss.identity.xmlsec.w3.xmldsig.SignatureType;
import org.jcp.xml.dsig.internal.dom.XMLDSigRI;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/jboss/identity/federation/api/util/XMLSignatureUtil.class */
public class XMLSignatureUtil {
    private static String pkgName = "org.jboss.identity.federation.w3.xmldsig";
    private static String schemaLocation = "schema/saml/v2/xmldsig-core-schema.xsd";
    private static ObjectFactory objectFactory = new ObjectFactory();
    private static XMLSignatureFactory fac = getXMLSignatureFactory();

    private static XMLSignatureFactory getXMLSignatureFactory() {
        XMLSignatureFactory xMLSignatureFactory;
        try {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        } catch (Exception e) {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());
        }
        return xMLSignatureFactory;
    }

    public static Document sign(AuthnRequestType authnRequestType, PrivateKey privateKey, X509Certificate x509Certificate, String str, String str2) throws Exception {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        SAML2Request sAML2Request = new SAML2Request();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        sAML2Request.marshall(authnRequestType, byteArrayOutputStream);
        Document parse = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        DOMSignContext dOMSignContext = new DOMSignContext(privateKey, parse.getDocumentElement());
        SignedInfo newSignedInfo = fac.newSignedInfo(fac.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (C14NMethodParameterSpec) null), fac.newSignatureMethod(str2, (SignatureMethodParameterSpec) null), Collections.singletonList(fac.newReference("#" + authnRequestType.getID(), fac.newDigestMethod(str, (DigestMethodParameterSpec) null), Collections.singletonList(fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null)));
        KeyInfo keyInfo = null;
        if (x509Certificate != null) {
            KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory();
            keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue(x509Certificate.getPublicKey())));
        }
        fac.newXMLSignature(newSignedInfo, keyInfo).sign(dOMSignContext);
        return parse;
    }

    public static Document sign(RequestAbstractType requestAbstractType, KeyPair keyPair, String str, String str2) throws Exception {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        SAML2Request sAML2Request = new SAML2Request();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        sAML2Request.marshall(requestAbstractType, byteArrayOutputStream);
        Document parse = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        DOMSignContext dOMSignContext = new DOMSignContext(keyPair.getPrivate(), parse.getDocumentElement());
        SignedInfo newSignedInfo = fac.newSignedInfo(fac.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (C14NMethodParameterSpec) null), fac.newSignatureMethod(str2, (SignatureMethodParameterSpec) null), Collections.singletonList(fac.newReference("#" + requestAbstractType.getID(), fac.newDigestMethod(str, (DigestMethodParameterSpec) null), Collections.singletonList(fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null)));
        KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory();
        fac.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue(keyPair.getPublic())))).sign(dOMSignContext);
        return parse;
    }

    public static boolean validate(Document document, Key key) throws Exception {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new Exception("Cannot find Signature element");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(key, elementsByTagNameNS.item(0));
        return fac.unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
    }

    public static void marshall(SignatureType signatureType, OutputStream outputStream) throws Exception {
        JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation).marshal(objectFactory.createSignature(signatureType), outputStream);
    }

    public static void marshall(Document document, OutputStream outputStream) throws Exception {
        TransformerFactory.newInstance().newTransformer().transform(new DOMSource(document), new StreamResult(outputStream));
    }
}
