package se.litsec.swedisheid.opensaml.saml2.signservice;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Optional;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.saml.criterion.RoleDescriptorCriterion;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.security.impl.MetadataCredentialResolver;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.Encrypter;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.litsec.opensaml.saml2.metadata.provider.MetadataProvider;
import se.litsec.opensaml.utils.ObjectUtils;
import se.litsec.swedisheid.opensaml.saml2.signservice.dss.EncryptedMessage;
import se.litsec.swedisheid.opensaml.saml2.signservice.dss.Message;
import se.litsec.swedisheid.opensaml.saml2.signservice.dss.SignMessage;
import se.litsec.swedisheid.opensaml.saml2.signservice.dss.SignMessageMimeTypeEnum;

@Deprecated
/* loaded from: input_file:se/litsec/swedisheid/opensaml/saml2/signservice/SignMessageFactory.class */
public class SignMessageFactory {
    private MetadataProvider metadataProvider;
    private Logger logger = LoggerFactory.getLogger(SignMessageFactory.class);
    private String encryptionAlgorithmId = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    private MetadataCredentialResolver credentialResolver = new MetadataCredentialResolver();

    public SignMessageFactory(MetadataProvider metadataProvider) {
        this.metadataProvider = metadataProvider;
        ArrayList arrayList = new ArrayList();
        arrayList.add(new DSAKeyValueProvider());
        arrayList.add(new RSAKeyValueProvider());
        arrayList.add(new InlineX509DataProvider());
        this.credentialResolver.setKeyInfoCredentialResolver(new BasicProviderKeyInfoCredentialResolver(arrayList));
    }

    public SignMessage create(String str, SignMessageMimeTypeEnum signMessageMimeTypeEnum, Boolean bool, String str2, boolean z) throws ResolverException, EncryptionException {
        SignMessage signMessage = (SignMessage) ObjectUtils.createSamlObject(SignMessage.class);
        signMessage.setDisplayEntity(str2);
        signMessage.setMimeType(signMessageMimeTypeEnum);
        signMessage.setMustShow(bool);
        Message message = (Message) ObjectUtils.createXMLObject(Message.class, Message.DEFAULT_ELEMENT_NAME);
        message.setContent(str);
        if (!z) {
            signMessage.setMessage(message);
        } else {
            if (str2 == null) {
                throw new IllegalArgumentException("create invoked with no displayEntity. This is required for creating encrypted messages.");
            }
            Credential keyEncryptionCredential = getKeyEncryptionCredential(str2);
            if (keyEncryptionCredential == null) {
                throw new EncryptionException("No valid encryption key was found for IdP " + str2);
            }
            signMessage.setEncryptedMessage(encrypt(message, keyEncryptionCredential));
        }
        return signMessage;
    }

    public Credential getKeyEncryptionCredential(String str) {
        try {
            Optional iDPSSODescriptor = this.metadataProvider.getIDPSSODescriptor(str);
            if (!iDPSSODescriptor.isPresent()) {
                this.logger.error("Failed to find metadata for IdP '{}'", str);
                return null;
            }
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new RoleDescriptorCriterion((RoleDescriptor) iDPSSODescriptor.get()));
            criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
            Iterator it = this.credentialResolver.resolve(criteriaSet).iterator();
            if (it.hasNext()) {
                Credential credential = (Credential) it.next();
                this.logger.debug("Found encryption key of type '{}' for IdP '{}'", credential.getCredentialType().getName(), str);
                return credential;
            }
            criteriaSet.add(new UsageCriterion(UsageType.UNSPECIFIED), true);
            for (Credential credential2 : this.credentialResolver.resolve(criteriaSet)) {
                if (credential2.getUsageType() == null || !credential2.getUsageType().equals(UsageType.SIGNING)) {
                    this.logger.debug("Found encryption key of type '{}' for IdP '{}'", credential2.getCredentialType().getName(), str);
                    return credential2;
                }
            }
            this.logger.info("Failed to find valid encryption key for IdP '{}'", str);
            return null;
        } catch (ResolverException e) {
            this.logger.error("Failed to find encryption key for IdP '{}' - {}", new Object[]{str, e.getMessage(), e});
            return null;
        }
    }

    public EncryptedMessage encrypt(Message message, Credential credential) throws EncryptionException {
        DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters();
        dataEncryptionParameters.setAlgorithm(this.encryptionAlgorithmId);
        KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
        keyEncryptionParameters.setEncryptionCredential(credential);
        keyEncryptionParameters.setAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        EncryptedData encryptElement = new Encrypter().encryptElement(message, dataEncryptionParameters, keyEncryptionParameters);
        EncryptedMessage createSamlObject = ObjectUtils.createSamlObject(EncryptedMessage.class);
        createSamlObject.setEncryptedData(encryptElement);
        return createSamlObject;
    }

    public void setEncryptionAlgorithmId(String str) {
        this.encryptionAlgorithmId = str;
    }
}
