package com.mulesoft.modules.saml.internal.builder.signature;

import com.mulesoft.modules.saml.api.signature.Signature;
import com.mulesoft.modules.saml.api.signature.SignatureKeyInformation;
import com.mulesoft.modules.saml.api.signature.store.KeyStore;
import com.mulesoft.modules.saml.internal.error.SamlError;
import java.io.IOException;
import java.util.Properties;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.mule.runtime.extension.api.exception.ModuleException;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;

/* loaded from: input_file:com/mulesoft/modules/saml/internal/builder/signature/DefaultSamlAssertionSignatureProcessor.class */
public class DefaultSamlAssertionSignatureProcessor implements SamlAssertionSignatureProcessor {
    private final Crypto crypto;
    private final String keyAlias;
    private final String keyPassword;
    private String signatureAlgorithm;
    private String signatureDigestAlgorithm;
    private String signatureC14nAlgorithm;
    private KeyInfoGenerator keyInfoGenerator;

    public DefaultSamlAssertionSignatureProcessor(Signature signature) {
        this.signatureAlgorithm = null;
        this.signatureDigestAlgorithm = null;
        this.signatureC14nAlgorithm = null;
        KeyStore keyStore = signature.getKeyStore();
        this.crypto = createCrypto(keyStore);
        this.keyAlias = keyStore.getAlias();
        this.keyPassword = keyStore.getKeyPassword();
        this.signatureAlgorithm = signature.getSignatureAlgorithm() == null ? null : signature.getSignatureAlgorithm().toString();
        this.signatureDigestAlgorithm = signature.getSignatureDigestAlgorithm() == null ? null : signature.getSignatureDigestAlgorithm().toString();
        this.signatureC14nAlgorithm = signature.getSignatureC14nAlgorithm() == null ? null : signature.getSignatureC14nAlgorithm().toString();
        this.keyInfoGenerator = createKeyInfoGenerator(signature.getKeyInformation());
    }

    private KeyInfoGenerator createKeyInfoGenerator(SignatureKeyInformation signatureKeyInformation) {
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        if (signatureKeyInformation.equals(SignatureKeyInformation.ISSUER_SERIAL)) {
            x509KeyInfoGeneratorFactory.setEmitX509IssuerSerial(true);
        } else {
            x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        }
        return x509KeyInfoGeneratorFactory.newInstance();
    }

    @Override // com.mulesoft.modules.saml.internal.builder.signature.SamlAssertionSignatureProcessor
    public void signAssertion(SamlAssertionWrapper samlAssertionWrapper) {
        try {
            SamlAssertionSignatureUtils.signAssertion(samlAssertionWrapper, this.keyAlias, this.keyPassword, this.crypto, this.keyInfoGenerator, this.signatureC14nAlgorithm, this.signatureAlgorithm, this.signatureDigestAlgorithm);
        } catch (WSSecurityException e) {
            throw new ModuleException(e.getMessage(), SamlError.STORE_ERROR, e);
        }
    }

    private Crypto createCrypto(KeyStore keyStore) {
        Properties properties = new Properties();
        properties.put("org.apache.wss4j.crypto.merlin.keystore.file", keyStore.getPath());
        if (keyStore.getType() != null) {
            properties.put("org.apache.wss4j.crypto.merlin.keystore.type", keyStore.getType().getName());
        }
        if (keyStore.getPassword() != null) {
            properties.put("org.apache.wss4j.crypto.merlin.keystore.password", keyStore.getPassword());
        }
        if (keyStore.getAlias() != null) {
            properties.put("org.apache.wss4j.crypto.merlin.keystore.alias", keyStore.getAlias());
        }
        if (keyStore.getKeyPassword() != null) {
            properties.put("org.apache.wss4j.crypto.merlin.keystore.private.password", keyStore.getKeyPassword());
        }
        try {
            return new Merlin(properties, getClass().getClassLoader(), (PasswordEncryptor) null);
        } catch (WSSecurityException | IOException e) {
            throw new ModuleException(e.getMessage(), SamlError.STORE_ERROR, e);
        }
    }
}
