package com.mulesoft.modules.saml.internal.builder.signature;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.opensaml.security.SecurityException;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.signature.Signature;

/* loaded from: input_file:com/mulesoft/modules/saml/internal/builder/signature/SamlAssertionSignatureUtils.class */
public class SamlAssertionSignatureUtils {
    private static final String DEFAULT_CANONICALIZATION_ALGORITHM = "http://www.w3.org/2001/10/xml-exc-c14n#";
    private static final String DEFAULT_RSA_SIGNATURE_ALGORITHM = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    private static final String DEFAULT_DSA_SIGNATURE_ALGORITHM = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
    private static final String DEFAULT_ECDSA_SIGNATURE_ALGORITHM = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";

    private SamlAssertionSignatureUtils() {
    }

    public static void signAssertion(SamlAssertionWrapper samlAssertionWrapper, String str, String str2, Crypto crypto, KeyInfoGenerator keyInfoGenerator, String str3, String str4, String str5) throws WSSecurityException {
        Signature buildSignature = OpenSAMLUtil.buildSignature();
        buildSignature.setCanonicalizationAlgorithm(str3 == null ? DEFAULT_CANONICALIZATION_ALGORITHM : str3);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(str);
        X509Certificate[] x509Certificates = crypto != null ? crypto.getX509Certificates(cryptoType) : null;
        if (x509Certificates == null || x509Certificates.length == 0) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"No issuer certs were found to sign the SAML Assertion using issuer name: " + str});
        }
        String defaultSignatureAlgorithmForKey = str4 == null ? getDefaultSignatureAlgorithmForKey(x509Certificates[0].getPublicKey()) : str4;
        try {
            PrivateKey privateKey = crypto.getPrivateKey(str, str2);
            if (privateKey == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"No private key was found using issuer name: " + str});
            }
            buildSignature.setSignatureAlgorithm(defaultSignatureAlgorithmForKey);
            BasicX509Credential basicX509Credential = new BasicX509Credential(x509Certificates[0], privateKey);
            buildSignature.setSigningCredential(basicX509Credential);
            try {
                buildSignature.setKeyInfo(keyInfoGenerator.generate(basicX509Credential));
                samlAssertionWrapper.setSignature(buildSignature, str5);
            } catch (SecurityException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "empty", new Object[]{"Error generating KeyInfo from signing credential"});
            }
        } catch (Exception e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2);
        }
    }

    private static String getDefaultSignatureAlgorithmForKey(PublicKey publicKey) {
        String algorithm = publicKey.getAlgorithm();
        return algorithm.equalsIgnoreCase("DSA") ? DEFAULT_DSA_SIGNATURE_ALGORITHM : algorithm.equalsIgnoreCase("EC") ? DEFAULT_ECDSA_SIGNATURE_ALGORITHM : DEFAULT_RSA_SIGNATURE_ALGORITHM;
    }
}
