package uk.gov.ida.saml.security;

import java.security.cert.X509Certificate;
import javax.validation.constraints.NotNull;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.algorithm.DigestAlgorithm;
import org.opensaml.xmlsec.algorithm.SignatureAlgorithm;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.DocumentInternalIDContentReference;
import org.slf4j.event.Level;
import uk.gov.ida.saml.core.validation.SamlTransformationErrorException;

/* loaded from: input_file:uk/gov/ida/saml/security/SignatureFactory.class */
public class SignatureFactory {
    private final IdaKeyStoreCredentialRetriever keyStoreCredentialRetriever;
    private final SignatureAlgorithm signatureAlgorithm;
    private final DigestAlgorithm digestAlgorithm;
    private final boolean includeKeyInfo;

    public SignatureFactory(IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm) {
        this(false, idaKeyStoreCredentialRetriever, signatureAlgorithm, digestAlgorithm);
    }

    public SignatureFactory(boolean z, IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm) {
        this.includeKeyInfo = z;
        this.keyStoreCredentialRetriever = idaKeyStoreCredentialRetriever;
        this.signatureAlgorithm = signatureAlgorithm;
        this.digestAlgorithm = digestAlgorithm;
    }

    public Signature createSignature() {
        Credential signingCredential = this.keyStoreCredentialRetriever.getSigningCredential();
        X509Certificate signingCertificate = this.keyStoreCredentialRetriever.getSigningCertificate();
        Signature buildObject = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
        if (this.includeKeyInfo) {
            if (signingCertificate == null) {
                throw new SamlTransformationErrorException("Unable to generate key info without a signing certificate", Level.ERROR);
            }
            X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
            x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
            try {
                buildObject.setKeyInfo(x509KeyInfoGeneratorFactory.newInstance().generate(new BasicX509Credential(signingCertificate)));
            } catch (SecurityException e) {
                throw new SamlTransformationErrorException("Unable to add signature KeyInfo: ", e, Level.ERROR);
            }
        }
        buildObject.setSigningCredential(signingCredential);
        buildObject.setSignatureAlgorithm(this.signatureAlgorithm.getURI());
        buildObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        return buildObject;
    }

    public Signature createSignature(@NotNull String str) {
        Signature createSignature = createSignature();
        DocumentInternalIDContentReference documentInternalIDContentReference = new DocumentInternalIDContentReference(str);
        documentInternalIDContentReference.getTransforms().add("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
        documentInternalIDContentReference.getTransforms().add("http://www.w3.org/2001/10/xml-exc-c14n#");
        documentInternalIDContentReference.setDigestAlgorithm(this.digestAlgorithm.getURI());
        createSignature.getContentReferences().add(documentInternalIDContentReference);
        return createSignature;
    }
}
