package uk.gov.ida.saml.hub.transformers.outbound;

import java.util.Iterator;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AttributeQuery;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.Signer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import uk.gov.ida.saml.core.OpenSamlXmlObjectFactory;
import uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever;

/* loaded from: input_file:uk/gov/ida/saml/hub/transformers/outbound/SamlAttributeQueryAssertionSignatureSigner.class */
public class SamlAttributeQueryAssertionSignatureSigner {
    private static final Logger LOG = LoggerFactory.getLogger(SamlAttributeQueryAssertionSignatureSigner.class);
    private final IdaKeyStoreCredentialRetriever keyStoreCredentialRetriever;
    private final OpenSamlXmlObjectFactory samlObjectFactory;
    private final String hubEntityId;

    public SamlAttributeQueryAssertionSignatureSigner(IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever, OpenSamlXmlObjectFactory openSamlXmlObjectFactory, String str) {
        this.keyStoreCredentialRetriever = idaKeyStoreCredentialRetriever;
        this.samlObjectFactory = openSamlXmlObjectFactory;
        this.hubEntityId = str;
    }

    public AttributeQuery signAssertions(AttributeQuery attributeQuery) {
        LOG.debug("Sign attribute query's C3 assertion's signatures");
        Iterator it = attributeQuery.getSubject().getSubjectConfirmations().iterator();
        while (it.hasNext()) {
            for (Assertion assertion : ((SubjectConfirmation) it.next()).getSubjectConfirmationData().getUnknownXMLObjects(Assertion.TYPE_NAME)) {
                if (assertion.getIssuer().getValue().equals(this.hubEntityId)) {
                    assertion.setSignature(this.samlObjectFactory.createSignature());
                    assertion.getSignature().setSigningCredential(this.keyStoreCredentialRetriever.getSigningCredential());
                    try {
                        XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
                        Signer.signObject(assertion.getSignature());
                    } catch (SignatureException | MarshallingException e) {
                        throw new IllegalStateException("Unable to sign assertion.", e);
                    }
                }
            }
        }
        return attributeQuery;
    }
}
