package se.litsec.swedisheid.opensaml.saml2.signservice;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Optional;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.saml.criterion.RoleDescriptorCriterion;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.security.impl.MetadataCredentialResolver;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.Encrypter;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.litsec.opensaml.core.AbstractSAMLObjectBuilder;
import se.litsec.opensaml.saml2.metadata.provider.MetadataProvider;
import se.litsec.opensaml.utils.ObjectUtils;
import se.litsec.swedisheid.opensaml.saml2.signservice.dss.EncryptedMessage;
import se.litsec.swedisheid.opensaml.saml2.signservice.dss.Message;
import se.litsec.swedisheid.opensaml.saml2.signservice.dss.SignMessage;
import se.litsec.swedisheid.opensaml.saml2.signservice.dss.SignMessageMimeTypeEnum;

/* loaded from: input_file:se/litsec/swedisheid/opensaml/saml2/signservice/SignMessageBuilder.class */
public class SignMessageBuilder extends AbstractSAMLObjectBuilder<SignMessage> {
    private Logger logger = LoggerFactory.getLogger(SignMessageBuilder.class);
    private DataEncryptionParameters dataEncryptionParameters;
    private KeyEncryptionParameters keyEncryptionParameters;

    public static SignMessageBuilder builder() {
        return new SignMessageBuilder();
    }

    @Deprecated
    public SignMessage buildEncrypted(Credential credential) throws EncryptionException {
        KeyEncryptionParameters keyEncryptionParameters;
        if (((SignMessage) object()).getMessage() == null || ((SignMessage) object()).getMessage().getValue() == null) {
            throw new EncryptionException("No message to encrypt has been installed");
        }
        String str = null;
        try {
            if (this.dataEncryptionParameters == null) {
                this.dataEncryptionParameters = new DataEncryptionParameters();
                this.dataEncryptionParameters.setAlgorithm("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
            }
            if (this.keyEncryptionParameters == null) {
                keyEncryptionParameters = new KeyEncryptionParameters();
                keyEncryptionParameters.setAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
            } else {
                str = this.keyEncryptionParameters.getAlgorithm();
                keyEncryptionParameters = this.keyEncryptionParameters;
            }
            keyEncryptionParameters.setEncryptionCredential(credential);
            Message createXMLObject = ObjectUtils.createXMLObject(Message.class, Message.DEFAULT_ELEMENT_NAME);
            createXMLObject.setValue(((SignMessage) object()).getMessage().getValue());
            EncryptedData encryptElement = new Encrypter().encryptElement(createXMLObject, this.dataEncryptionParameters, keyEncryptionParameters);
            EncryptedMessage createSamlObject = ObjectUtils.createSamlObject(EncryptedMessage.class);
            createSamlObject.setEncryptedData(encryptElement);
            ((SignMessage) object()).setMessage(null);
            ((SignMessage) object()).setEncryptedMessage(createSamlObject);
            SignMessage signMessage = (SignMessage) object();
            if (this.keyEncryptionParameters != null && str != null) {
                this.keyEncryptionParameters.setAlgorithm(str);
            }
            return signMessage;
        } catch (Throwable th) {
            if (this.keyEncryptionParameters != null && str != null) {
                this.keyEncryptionParameters.setAlgorithm(str);
            }
            throw th;
        }
    }

    @Deprecated
    public SignMessage buildEncrypted(MetadataProvider metadataProvider) throws EncryptionException {
        if (((SignMessage) object()).getDisplayEntity() == null) {
            throw new EncryptionException("The displayEntity attribute is required for encrypted messages");
        }
        String displayEntity = ((SignMessage) object()).getDisplayEntity();
        try {
            MetadataCredentialResolver metadataCredentialResolver = new MetadataCredentialResolver();
            ArrayList arrayList = new ArrayList();
            arrayList.add(new DSAKeyValueProvider());
            arrayList.add(new RSAKeyValueProvider());
            arrayList.add(new InlineX509DataProvider());
            metadataCredentialResolver.setKeyInfoCredentialResolver(new BasicProviderKeyInfoCredentialResolver(arrayList));
            Optional iDPSSODescriptor = metadataProvider.getIDPSSODescriptor(displayEntity);
            if (!iDPSSODescriptor.isPresent()) {
                String format = String.format("Failed to find metadata for IdP '%s' - can not encrypt message", displayEntity);
                this.logger.error(format);
                throw new EncryptionException(format);
            }
            Credential credential = null;
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new RoleDescriptorCriterion((RoleDescriptor) iDPSSODescriptor.get()));
            criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
            Iterator it = metadataCredentialResolver.resolve(criteriaSet).iterator();
            if (it.hasNext()) {
                credential = (Credential) it.next();
                this.logger.debug("Found encryption key of type '{}' for IdP '{}'", credential.getCredentialType().getName(), displayEntity);
            }
            if (credential == null) {
                criteriaSet.add(new UsageCriterion(UsageType.UNSPECIFIED), true);
                for (Credential credential2 : metadataCredentialResolver.resolve(criteriaSet)) {
                    if (credential2.getUsageType() == null || !credential2.getUsageType().equals(UsageType.SIGNING)) {
                        this.logger.debug("Found encryption key of type '{}' for IdP '{}'", credential2.getCredentialType().getName(), displayEntity);
                        credential = credential2;
                        break;
                    }
                }
            }
            if (credential != null) {
                return buildEncrypted(credential);
            }
            String format2 = String.format("Failed to find valid encryption key for IdP '%s'", displayEntity);
            this.logger.warn(format2);
            throw new EncryptionException(format2);
        } catch (ResolverException e) {
            String format3 = String.format("Failed to find encryption key for IdP '%s' - %s", displayEntity, e.getMessage());
            this.logger.warn(format3, e);
            throw new EncryptionException(format3);
        }
    }

    @Deprecated
    public SignMessageBuilder dataEncryptionParameters(DataEncryptionParameters dataEncryptionParameters) {
        this.dataEncryptionParameters = dataEncryptionParameters;
        return this;
    }

    @Deprecated
    public SignMessageBuilder keyEncryptionParameters(KeyEncryptionParameters keyEncryptionParameters) {
        this.keyEncryptionParameters = keyEncryptionParameters;
        return this;
    }

    public SignMessageBuilder message(String str) {
        Message createXMLObject = ObjectUtils.createXMLObject(Message.class, Message.DEFAULT_ELEMENT_NAME);
        createXMLObject.setContent(str);
        ((SignMessage) object()).setMessage(createXMLObject);
        return this;
    }

    public SignMessageBuilder displayEntity(String str) {
        ((SignMessage) object()).setDisplayEntity(str);
        return this;
    }

    public SignMessageBuilder mimeType(SignMessageMimeTypeEnum signMessageMimeTypeEnum) {
        ((SignMessage) object()).setMimeType(signMessageMimeTypeEnum);
        return this;
    }

    public SignMessageBuilder mustShow(Boolean bool) {
        ((SignMessage) object()).setMustShow(bool);
        return this;
    }

    protected Class<SignMessage> getObjectType() {
        return SignMessage.class;
    }
}
