package net.shibboleth.metadata.dom;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.namespace.QName;
import net.jcip.annotations.ThreadSafe;
import net.shibboleth.metadata.pipeline.BaseIteratingStage;
import net.shibboleth.metadata.pipeline.ComponentInitializationException;
import net.shibboleth.metadata.pipeline.StageProcessingException;
import org.apache.xml.security.Init;
import org.opensaml.util.StringSupport;
import org.opensaml.util.collections.CollectionSupport;
import org.opensaml.util.collections.LazyList;
import org.opensaml.util.xml.QNameSupport;
import org.opensaml.util.xml.XmlConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/metadata/dom/XMLSignatureSigningStage.class */
public class XMLSignatureSigningStage extends BaseIteratingStage<DomElementItem> {
    public static final String XML_SIG_NS_URI = "http://www.w3.org/2000/09/xmldsig#";
    public static final QName SIGNATURE_NAME = new QName(XML_SIG_NS_URI, "Signature");
    public static final String XML_ENC_NS_URI = "http://www.w3.org/2001/04/xmlenc#";
    public static final String RFC4501_BASE_URI = "http://www.w3.org/2001/04/xmldsig-more";
    public static final String ALGO_ID_SIGNATURE_RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    public static final String ALGO_ID_SIGNATURE_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
    public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
    public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
    public static final String ALGO_ID_DIGEST_SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
    public static final String ALGO_ID_DIGEST_SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256";
    public static final String ALGO_ID_DIGEST_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384";
    public static final String ALGO_ID_DIGEST_SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512";
    public static final String ALGO_ID_C14N_OMIT_COMMENTS = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    public static final String ALGO_ID_C14N_WITH_COMMENTS = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
    public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS = "http://www.w3.org/2001/10/xml-exc-c14n#";
    public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
    public static final String TRANSFORM_ENVELOPED_SIGNATURE = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
    private XMLSignatureFactory xmlSigFactory;
    private KeyInfoFactory keyInfoFactory;
    private PrivateKey privKey;
    private PublicKey pubKey;
    private String sigAlgo;
    private String digestAlgo;
    private boolean c14nWithComments;
    private String c14nAlgo;
    private boolean includeKeyValue;
    private boolean includeX509SubjectName;
    private boolean includeX509Crls;
    private boolean includeX509IssuerSerial;
    private final Logger log = LoggerFactory.getLogger(XMLSignatureSigningStage.class);
    private ShaVariant shaVariant = ShaVariant.SHA256;
    private List<X509Certificate> certificates = Collections.emptyList();
    private List<X509CRL> crls = Collections.emptyList();
    private boolean c14nExclusive = true;
    private List<String> inclusivePrefixList = Collections.emptyList();
    private List<QName> idAttributeNames = Collections.emptyList();
    private List<String> keyNames = Collections.emptyList();
    private boolean deriveKeyNames = true;
    private boolean includeKeyNames = true;
    private boolean includeX509Certificates = true;

    /* loaded from: input_file:net/shibboleth/metadata/dom/XMLSignatureSigningStage$ShaVariant.class */
    public enum ShaVariant {
        SHA1,
        SHA256,
        SHA384,
        SHA512
    }

    public ShaVariant getShaVariant() {
        return this.shaVariant;
    }

    public synchronized void setShaVariant(ShaVariant shaVariant) {
        if (isInitialized()) {
            return;
        }
        this.shaVariant = shaVariant;
    }

    public PrivateKey getPrivateKey() {
        return this.privKey;
    }

    public synchronized void setPrivateKey(PrivateKey privateKey) {
        if (isInitialized()) {
            return;
        }
        this.privKey = privateKey;
    }

    public PublicKey getPublicKey() {
        return this.pubKey;
    }

    public synchronized void setPublicKey(PublicKey publicKey) {
        if (isInitialized()) {
            return;
        }
        this.pubKey = publicKey;
    }

    public List<X509Certificate> getCertificates() {
        return this.certificates;
    }

    public synchronized void setCertificates(List<X509Certificate> list) {
        if (isInitialized()) {
            return;
        }
        this.certificates = (List) CollectionSupport.addNonNull(list, new LazyList());
    }

    public List<X509CRL> getCrls() {
        return this.crls;
    }

    public synchronized void setCrls(List<X509CRL> list) {
        if (isInitialized()) {
            return;
        }
        this.crls = (List) CollectionSupport.addNonNull(list, new LazyList());
    }

    public boolean isC14nExclusive() {
        return this.c14nExclusive;
    }

    public synchronized void setC14nExclusive(boolean z) {
        if (isInitialized()) {
            return;
        }
        this.c14nExclusive = z;
    }

    public boolean isC14nWithComments() {
        return this.c14nWithComments;
    }

    public synchronized void setC14nWithComments(boolean z) {
        if (isInitialized()) {
            return;
        }
        this.c14nWithComments = z;
    }

    public List<String> getInclusivePrefixList() {
        return this.inclusivePrefixList;
    }

    public synchronized void setInclusivePrefixList(List<String> list) {
        if (isInitialized()) {
            return;
        }
        this.inclusivePrefixList = (List) CollectionSupport.addNonNull(list, new LazyList());
    }

    public List<QName> getIdAttributeNames() {
        return this.idAttributeNames;
    }

    public synchronized void setIdAttributeNames(List<QName> list) {
        if (isInitialized()) {
            return;
        }
        this.idAttributeNames = (List) CollectionSupport.addNonNull(list, new LazyList());
    }

    public List<String> getKeyNames() {
        return this.keyNames;
    }

    public synchronized void setKeyNames(List<String> list) {
        if (isInitialized()) {
            return;
        }
        this.keyNames = (List) CollectionSupport.addNonNull(list, new LazyList());
    }

    public boolean isDeriveKeyNames() {
        return this.deriveKeyNames;
    }

    public synchronized void setDeriveKeyNames(boolean z) {
        if (isInitialized()) {
            return;
        }
        this.deriveKeyNames = z;
    }

    public boolean isIncludeKeyNames() {
        return this.includeKeyNames;
    }

    public synchronized void setIncludeKeyNames(boolean z) {
        if (isInitialized()) {
            return;
        }
        this.includeKeyNames = z;
    }

    public boolean isIncludeKeyValue() {
        return this.includeKeyValue;
    }

    public synchronized void setIncludeKeyValue(boolean z) {
        if (isInitialized()) {
            return;
        }
        this.includeKeyValue = z;
    }

    public boolean isIncludeX509SubjectName() {
        return this.includeX509SubjectName;
    }

    public synchronized void setIncludeX509SubjectName(boolean z) {
        if (isInitialized()) {
            return;
        }
        this.includeX509SubjectName = z;
    }

    public boolean isIncludeX509Certificates() {
        return this.includeX509Certificates;
    }

    public synchronized void setIncludeX509Certificates(boolean z) {
        if (isInitialized()) {
            return;
        }
        this.includeX509Certificates = z;
    }

    public boolean isIncludeX509Crls() {
        return this.includeX509Crls;
    }

    public synchronized void setIncludeX509Crls(boolean z) {
        if (isInitialized()) {
            return;
        }
        this.includeX509Crls = z;
    }

    public boolean isIncludeX509IssuerSerial() {
        return this.includeX509IssuerSerial;
    }

    public synchronized void setIncludeX509IssuerSerial(boolean z) {
        if (isInitialized()) {
            return;
        }
        this.includeX509IssuerSerial = z;
    }

    public String getSigAlgo() {
        return this.sigAlgo;
    }

    public String getDigestAlgo() {
        return this.digestAlgo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.metadata.pipeline.BaseIteratingStage
    public boolean doExecute(DomElementItem domElementItem) throws StageProcessingException {
        Element unwrap = domElementItem.unwrap();
        try {
            this.xmlSigFactory.newXMLSignature(buildSignedInfo(unwrap), buildKeyInfo()).sign(new DOMSignContext(this.privKey, unwrap, unwrap.getFirstChild()));
            return true;
        } catch (Exception e) {
            this.log.error("Unable to create signature for element", e);
            throw new StageProcessingException("Unable to create signature for element", e);
        }
    }

    protected SignedInfo buildSignedInfo(Element element) throws StageProcessingException {
        ExcC14NParameterSpec excC14NParameterSpec = null;
        if (this.c14nAlgo.startsWith(ALGO_ID_C14N_EXCL_OMIT_COMMENTS) && this.inclusivePrefixList != null && !this.inclusivePrefixList.isEmpty()) {
            excC14NParameterSpec = new ExcC14NParameterSpec(this.inclusivePrefixList);
        }
        try {
            try {
                return this.xmlSigFactory.newSignedInfo(this.xmlSigFactory.newCanonicalizationMethod(this.c14nAlgo, excC14NParameterSpec), this.xmlSigFactory.newSignatureMethod(this.sigAlgo, (SignatureMethodParameterSpec) null), Collections.singletonList(buildSignatureReference(element)));
            } catch (Exception e) {
                String str = "Unable to create signature method " + this.sigAlgo;
                this.log.error(str, e);
                throw new StageProcessingException(str, e);
            }
        } catch (Exception e2) {
            String str2 = "Unable to create transform " + this.c14nAlgo;
            this.log.error(str2, e2);
            throw new StageProcessingException(str2, e2);
        }
    }

    protected Reference buildSignatureReference(Element element) throws StageProcessingException {
        String elementId = getElementId(element);
        String str = elementId == null ? "" : "#" + elementId;
        try {
            DigestMethod newDigestMethod = this.xmlSigFactory.newDigestMethod(this.digestAlgo, (DigestMethodParameterSpec) null);
            ArrayList arrayList = new ArrayList();
            try {
                ExcC14NParameterSpec excC14NParameterSpec = null;
                arrayList.add(this.xmlSigFactory.newTransform(TRANSFORM_ENVELOPED_SIGNATURE, (TransformParameterSpec) null));
                try {
                    if (this.c14nAlgo.startsWith(ALGO_ID_C14N_EXCL_OMIT_COMMENTS) && this.inclusivePrefixList != null && !this.inclusivePrefixList.isEmpty()) {
                        excC14NParameterSpec = new ExcC14NParameterSpec(this.inclusivePrefixList);
                    }
                    arrayList.add(this.xmlSigFactory.newTransform(this.c14nAlgo, excC14NParameterSpec));
                    return this.xmlSigFactory.newReference(str, newDigestMethod, arrayList, (String) null, (String) null);
                } catch (Exception e) {
                    String str2 = "Unable to create transform " + this.c14nAlgo;
                    this.log.error(str2, e);
                    throw new StageProcessingException(str2, e);
                }
            } catch (Exception e2) {
                this.log.error("Unable to create transform http://www.w3.org/2000/09/xmldsig#enveloped-signature", e2);
                throw new StageProcessingException("Unable to create transform http://www.w3.org/2000/09/xmldsig#enveloped-signature", e2);
            }
        } catch (Exception e3) {
            String str3 = "Unable to create digest method " + this.digestAlgo;
            this.log.error(str3, e3);
            throw new StageProcessingException(str3, e3);
        }
    }

    protected String getElementId(Element element) {
        String trimOrNull;
        String trimOrNull2;
        NamedNodeMap attributes = element.getAttributes();
        if (attributes == null || attributes.getLength() < 1) {
            return null;
        }
        if (this.idAttributeNames != null && !this.idAttributeNames.isEmpty()) {
            for (int i = 0; i < attributes.getLength(); i++) {
                Attr attr = (Attr) attributes.item(i);
                if (this.idAttributeNames.contains(QNameSupport.getNodeQName(attr)) && (trimOrNull2 = StringSupport.trimOrNull(attr.getValue())) != null) {
                    return trimOrNull2;
                }
            }
        }
        for (int i2 = 0; i2 < attributes.getLength(); i2++) {
            Attr attr2 = (Attr) attributes.item(i2);
            if (attr2.isId() && (trimOrNull = StringSupport.trimOrNull(attr2.getValue())) != null) {
                return trimOrNull;
            }
        }
        return null;
    }

    protected KeyInfo buildKeyInfo() throws StageProcessingException {
        ArrayList<Object> arrayList = new ArrayList<>();
        addKeyNames(arrayList);
        addKeyValue(arrayList);
        addX509Data(arrayList);
        if (arrayList.isEmpty()) {
            return null;
        }
        return this.keyInfoFactory.newKeyInfo(arrayList);
    }

    protected void addKeyNames(ArrayList<Object> arrayList) throws StageProcessingException {
        if (this.includeKeyNames) {
            if (this.keyNames != null && !this.keyNames.isEmpty()) {
                Iterator<String> it = this.keyNames.iterator();
                while (it.hasNext()) {
                    arrayList.add(this.keyInfoFactory.newKeyName(it.next()));
                }
            }
            if (this.deriveKeyNames) {
            }
        }
    }

    protected void addKeyValue(ArrayList<Object> arrayList) throws StageProcessingException {
        X509Certificate x509Certificate;
        if (this.includeKeyValue) {
            PublicKey publicKey = this.pubKey;
            if (publicKey == null && this.certificates != null && (x509Certificate = this.certificates.get(0)) != null) {
                publicKey = x509Certificate.getPublicKey();
            }
            if (publicKey != null) {
                try {
                    arrayList.add(this.keyInfoFactory.newKeyValue(publicKey));
                } catch (Exception e) {
                    this.log.error("Unable to create KeyValue", e);
                    throw new StageProcessingException("Unable to create KeyValue", e);
                }
            }
        }
    }

    protected void addX509Data(ArrayList<Object> arrayList) throws StageProcessingException {
        ArrayList arrayList2 = new ArrayList();
        if (this.certificates != null && !this.certificates.isEmpty()) {
            X509Certificate x509Certificate = this.certificates.get(0);
            if (this.includeX509SubjectName) {
                arrayList.add(x509Certificate.getSubjectX500Principal().getName("RFC2253"));
            }
            if (this.includeX509Certificates) {
                arrayList2.addAll(this.certificates);
            }
            if (this.includeX509IssuerSerial) {
                X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                arrayList2.add(this.keyInfoFactory.newX509IssuerSerial(issuerX500Principal.getName("RFC2253"), x509Certificate.getSerialNumber()));
            }
        }
        if (this.includeX509Crls && this.crls != null && !this.crls.isEmpty()) {
            arrayList2.add(this.crls);
        }
        if (arrayList2.isEmpty()) {
            return;
        }
        arrayList.add(this.keyInfoFactory.newX509Data(arrayList2));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.metadata.pipeline.AbstractComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (!Init.isInitialized()) {
            Init.isInitialized();
        }
        this.xmlSigFactory = XMLSignatureFactory.getInstance();
        this.keyInfoFactory = this.xmlSigFactory.getKeyInfoFactory();
        switch (this.shaVariant) {
            case SHA1:
                this.sigAlgo = ALGO_ID_SIGNATURE_RSA_SHA1;
                this.digestAlgo = ALGO_ID_DIGEST_SHA1;
                break;
            case SHA384:
                this.sigAlgo = ALGO_ID_SIGNATURE_RSA_SHA384;
                this.digestAlgo = ALGO_ID_DIGEST_SHA384;
                break;
            case SHA512:
                this.sigAlgo = ALGO_ID_SIGNATURE_RSA_SHA512;
                this.digestAlgo = ALGO_ID_DIGEST_SHA512;
                break;
            case SHA256:
            default:
                this.sigAlgo = ALGO_ID_SIGNATURE_RSA_SHA256;
                this.digestAlgo = ALGO_ID_DIGEST_SHA256;
                break;
        }
        if (this.c14nExclusive) {
            if (this.c14nWithComments) {
                this.c14nAlgo = ALGO_ID_C14N_EXCL_WITH_COMMENTS;
            } else {
                this.c14nAlgo = ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
            }
        } else if (this.c14nWithComments) {
            this.c14nAlgo = ALGO_ID_C14N_WITH_COMMENTS;
        } else {
            this.c14nAlgo = ALGO_ID_C14N_OMIT_COMMENTS;
        }
        if (this.idAttributeNames == null) {
            this.idAttributeNames = new ArrayList();
            this.idAttributeNames.add(new QName("id"));
            this.idAttributeNames.add(new QName("Id"));
            this.idAttributeNames.add(new QName("ID"));
            this.idAttributeNames.add(XmlConstants.XML_ID_ATTRIB_NAME);
        }
    }
}
