package org.mule.modules.salesforce.config;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.mule.modules.salesforce.exception.SalesforceException;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.Signer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/mule/modules/salesforce/config/SignerService.class */
public class SignerService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SignerService.class);
    public static final String PAYLOAD_SIGNING_EXCEPTION_MESSAGE = "Failed signing payload";
    public static final String SAML_OBJECT_SIGNING_EXCEPTION_MESSAGE = "Failed signing SAML object";

    public byte[] signPayload(String str, byte[] bArr, InputStream inputStream, String str2, char[] cArr) throws SalesforceException {
        try {
            KeyStore loadKeyStore = loadKeyStore(inputStream, str2, cArr);
            String extractAlias = extractAlias(loadKeyStore);
            PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(extractAlias, cArr);
            Certificate certificate = loadKeyStore.getCertificate(extractAlias);
            if (!(certificate instanceof X509Certificate)) {
                throw new IOException("Unknown certificate type: " + certificate.getClass().getName());
            }
            String sigAlgName = ((X509Certificate) certificate).getSigAlgName();
            if (!str.equalsIgnoreCase(sigAlgName)) {
                throw new IOException(String.format("Algorithm used by keystore: \"%s\", not allowed. Expected algorithm: \"%s\"", sigAlgName, str));
            }
            Signature signature = Signature.getInstance(sigAlgName);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            logger.error(PAYLOAD_SIGNING_EXCEPTION_MESSAGE, (Throwable) e);
            throw new SalesforceException(PAYLOAD_SIGNING_EXCEPTION_MESSAGE, e);
        }
    }

    private KeyStore loadKeyStore(InputStream inputStream, String str, char[] cArr) throws SalesforceException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            try {
                keyStore.load(inputStream, cArr);
                return keyStore;
            } catch (Exception e) {
                throw new SalesforceException(e);
            }
        } catch (KeyStoreException e2) {
            throw new SalesforceException(e2);
        }
    }

    private String extractAlias(KeyStore keyStore) throws SalesforceException {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            if (!aliases.hasMoreElements()) {
                throw new SalesforceException("Keystore contains no certificate");
            }
            String nextElement = aliases.nextElement();
            if (aliases.hasMoreElements()) {
                logger.warn("There are more than one alias, picked first one with name: {}", nextElement);
            }
            return nextElement;
        } catch (KeyStoreException e) {
            throw new SalesforceException(e);
        }
    }

    public void signSAMLObject(SignableSAMLObject signableSAMLObject, InputStream inputStream, String str, char[] cArr) throws SalesforceException {
        try {
            KeyStore loadKeyStore = loadKeyStore(inputStream, str, cArr);
            String extractAlias = extractAlias(loadKeyStore);
            PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(extractAlias, cArr);
            Certificate certificate = loadKeyStore.getCertificate(extractAlias);
            if (!(certificate instanceof X509Certificate)) {
                throw new IOException("Unknown certificate type: " + certificate.getClass().getName());
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BasicX509Credential basicX509Credential = new BasicX509Credential();
            basicX509Credential.setEntityCertificate(x509Certificate);
            basicX509Credential.setPrivateKey(privateKey);
            org.opensaml.xml.signature.Signature signature = (org.opensaml.xml.signature.Signature) Configuration.getBuilderFactory().getBuilder(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME).buildObject(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME);
            signature.setSigningCredential(basicX509Credential);
            SecurityHelper.prepareSignatureParams(signature, basicX509Credential, null, null);
            signableSAMLObject.setSignature(signature);
            Configuration.getMarshallerFactory().getMarshaller(signableSAMLObject).marshall(signableSAMLObject);
            Signer.signObject(signature);
        } catch (Exception e) {
            logger.error(SAML_OBJECT_SIGNING_EXCEPTION_MESSAGE, (Throwable) e);
            throw new SalesforceException(SAML_OBJECT_SIGNING_EXCEPTION_MESSAGE, e);
        }
    }
}
