package org.opensaml.xmlsec.signature.support;

import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.security.SecurityException;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.opensaml.xmlsec.signature.Signature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-04.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-xmlsec-api-3.1.1.jar:org/opensaml/xmlsec/signature/support/SignatureSupport.class */
public final class SignatureSupport {
    private SignatureSupport() {
    }

    @Nonnull
    private static Logger getLogger() {
        return LoggerFactory.getLogger(SignatureSupport.class);
    }

    public static void prepareSignatureParams(@Nonnull Signature signature, @Nonnull SignatureSigningParameters signatureSigningParameters) throws SecurityException {
        Constraint.isNotNull(signature, "Signature cannot be null");
        Constraint.isNotNull(signatureSigningParameters, "Signature signing parameters cannot be null");
        Logger logger = getLogger();
        if (signature.getSigningCredential() == null) {
            signature.setSigningCredential(signatureSigningParameters.getSigningCredential());
        }
        if (signature.getSigningCredential() == null) {
            throw new SecurityException("No signing credential was available on the signing parameters or Signature");
        }
        if (signature.getSignatureAlgorithm() == null) {
            signature.setSignatureAlgorithm(signatureSigningParameters.getSignatureAlgorithm());
        }
        if (signature.getSignatureAlgorithm() == null) {
            throw new SecurityException("No signature algorithm was available on the signing parameters or Signature");
        }
        if (signature.getHMACOutputLength() == null && AlgorithmSupport.isHMAC(signature.getSignatureAlgorithm())) {
            signature.setHMACOutputLength(signatureSigningParameters.getSignatureHMACOutputLength());
        }
        if (signature.getCanonicalizationAlgorithm() == null) {
            signature.setCanonicalizationAlgorithm(signatureSigningParameters.getSignatureCanonicalizationAlgorithm());
        }
        if (signature.getCanonicalizationAlgorithm() == null) {
            throw new SecurityException("No C14N algorithm was available on the signing parameters or Signature");
        }
        String signatureReferenceDigestMethod = signatureSigningParameters.getSignatureReferenceDigestMethod();
        for (ContentReference contentReference : signature.getContentReferences()) {
            if (contentReference instanceof ConfigurableContentReference) {
                ConfigurableContentReference configurableContentReference = (ConfigurableContentReference) contentReference;
                if (signatureReferenceDigestMethod != null) {
                    configurableContentReference.setDigestAlgorithm(signatureReferenceDigestMethod);
                }
                if (configurableContentReference.getDigestAlgorithm() == null) {
                    throw new SecurityException("No reference digest algorithm was available on the signing parameters or Signature ContentReference");
                }
            }
        }
        if (signature.getKeyInfo() == null) {
            KeyInfoGenerator keyInfoGenerator = signatureSigningParameters.getKeyInfoGenerator();
            if (keyInfoGenerator == null) {
                logger.info("No KeyInfoGenerator was supplied in parameters or resolveable for credential type {}, No KeyInfo will be generated for Signature", signature.getSigningCredential().getCredentialType().getName());
                return;
            }
            try {
                signature.setKeyInfo(keyInfoGenerator.generate(signature.getSigningCredential()));
            } catch (SecurityException e) {
                logger.error("Error generating KeyInfo from credential", e);
                throw e;
            }
        }
    }

    public static void signObject(@Nonnull SignableXMLObject signableXMLObject, @Nonnull SignatureSigningParameters signatureSigningParameters) throws SecurityException, MarshallingException, SignatureException {
        Constraint.isNotNull(signableXMLObject, "Signable XMLObject cannot be null");
        Constraint.isNotNull(signatureSigningParameters, "Signature signing parameters cannot be null");
        Signature signature = (Signature) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
        signableXMLObject.setSignature(signature);
        prepareSignatureParams(signature, signatureSigningParameters);
        XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(signableXMLObject).marshall(signableXMLObject);
        Signer.signObject(signature);
    }
}
