package org.keycloak.saml.processing.api.saml.v2.sig;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.xpath.XPathException;
import org.keycloak.dom.saml.v2.protocol.RequestAbstractType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.common.constants.JBossSAMLConstants;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.saml.processing.api.saml.v2.response.SAML2Response;
import org.keycloak.saml.processing.core.util.SignatureUtilTransferObject;
import org.keycloak.saml.processing.core.util.XMLSignatureUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/keycloak/saml/processing/api/saml/v2/sig/SAML2Signature.class */
public class SAML2Signature {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    private static final String ID_ATTRIBUTE_NAME = "ID";
    private String signatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    private String digestMethod = "http://www.w3.org/2000/09/xmldsig#sha1";
    private Node sibling;
    private X509Certificate x509Certificate;

    public String getSignatureMethod() {
        return this.signatureMethod;
    }

    public void setSignatureMethod(String str) {
        this.signatureMethod = str;
    }

    public String getDigestMethod() {
        return this.digestMethod;
    }

    public void setDigestMethod(String str) {
        this.digestMethod = str;
    }

    public void setNextSibling(Node node) {
        this.sibling = node;
    }

    public void setSignatureIncludeKeyInfo(boolean z) {
        if (z) {
            return;
        }
        XMLSignatureUtil.setIncludeKeyInfoInSignature(false);
    }

    public void setX509Certificate(X509Certificate x509Certificate) {
        this.x509Certificate = x509Certificate;
    }

    public Document sign(RequestAbstractType requestAbstractType, KeyPair keyPair) throws SAXException, IOException, ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException {
        Document convert = new SAML2Request().convert(requestAbstractType);
        convert.normalize();
        Node nextSiblingOfIssuer = getNextSiblingOfIssuer(convert);
        if (nextSiblingOfIssuer != null) {
            this.sibling = nextSiblingOfIssuer;
        }
        return sign(convert, requestAbstractType.getID(), keyPair);
    }

    public Document sign(ResponseType responseType, KeyPair keyPair) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException {
        Document convert = new SAML2Response().convert(responseType);
        convert.normalize();
        Node nextSiblingOfIssuer = getNextSiblingOfIssuer(convert);
        if (nextSiblingOfIssuer != null) {
            this.sibling = nextSiblingOfIssuer;
        }
        return sign(convert, responseType.getID(), keyPair);
    }

    public Document sign(Document document, String str, KeyPair keyPair) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException {
        String str2 = "#" + str;
        configureIdAttribute(document);
        if (this.sibling == null) {
            return XMLSignatureUtil.sign(document, keyPair, this.digestMethod, this.signatureMethod, str2);
        }
        SignatureUtilTransferObject signatureUtilTransferObject = new SignatureUtilTransferObject();
        signatureUtilTransferObject.setDocumentToBeSigned(document);
        signatureUtilTransferObject.setKeyPair(keyPair);
        signatureUtilTransferObject.setDigestMethod(this.digestMethod);
        signatureUtilTransferObject.setSignatureMethod(this.signatureMethod);
        signatureUtilTransferObject.setReferenceURI(str2);
        signatureUtilTransferObject.setNextSibling(this.sibling);
        if (this.x509Certificate != null) {
            signatureUtilTransferObject.setX509Certificate(this.x509Certificate);
        }
        return XMLSignatureUtil.sign(signatureUtilTransferObject);
    }

    public Document sign(ResponseType responseType, String str, KeyPair keyPair, String str2) throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException {
        Document convert = new SAML2Response().convert(responseType);
        convert.normalize();
        Node nextSiblingOfIssuer = getNextSiblingOfIssuer(convert);
        if (nextSiblingOfIssuer != null) {
            this.sibling = nextSiblingOfIssuer;
        }
        return sign(convert, str, keyPair, str2);
    }

    public Document sign(Document document, String str, KeyPair keyPair, String str2) throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException {
        return sign(document, str, keyPair);
    }

    public void signSAMLDocument(Document document, KeyPair keyPair) throws ProcessingException {
        try {
            sign(document, document.getDocumentElement().getAttribute(ID_ATTRIBUTE_NAME), keyPair);
        } catch (Exception e) {
            throw new ProcessingException((Throwable) logger.signatureError(e));
        }
    }

    public boolean validate(Document document, PublicKey publicKey) throws ProcessingException {
        try {
            configureIdAttribute(document);
            return XMLSignatureUtil.validate(document, publicKey);
        } catch (XMLSignatureException e) {
            throw new ProcessingException((Throwable) logger.signatureError(e));
        } catch (MarshalException e2) {
            throw new ProcessingException((Throwable) logger.signatureError(e2));
        }
    }

    public Node getNextSiblingOfIssuer(Document document) {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get());
        if (elementsByTagNameNS.getLength() > 0) {
            return elementsByTagNameNS.item(0).getNextSibling();
        }
        return null;
    }

    private void configureIdAttribute(Document document) {
        document.getDocumentElement().setIdAttribute(ID_ATTRIBUTE_NAME, true);
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ASSERTION.get());
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Node item = elementsByTagNameNS.item(i);
            if (item instanceof Element) {
                ((Element) item).setIdAttribute(ID_ATTRIBUTE_NAME, true);
            }
        }
    }
}
