package com.appiancorp.security.auth.saml;

import com.appiancorp.suite.cfg.SamlConfiguration;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.security.PrivateKey;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.algorithm.AlgorithmRegistry;
import org.opensaml.xmlsec.algorithm.DigestAlgorithm;
import org.opensaml.xmlsec.algorithm.SignatureAlgorithm;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;

/* loaded from: input_file:com/appiancorp/security/auth/saml/SigningParametersGenerator.class */
public class SigningParametersGenerator {
    private final SamlConfiguration samlConfig;
    private final AlgorithmRegistry algorithmRegistry;
    private final KeyInfoGenerator keyInfoGenerator;

    public SigningParametersGenerator(SamlConfiguration samlConfiguration, AlgorithmRegistry algorithmRegistry, KeyInfoGenerator keyInfoGenerator) {
        this.samlConfig = (SamlConfiguration) Preconditions.checkNotNull(samlConfiguration);
        this.algorithmRegistry = (AlgorithmRegistry) Preconditions.checkNotNull(algorithmRegistry);
        this.keyInfoGenerator = (KeyInfoGenerator) Preconditions.checkNotNull(keyInfoGenerator);
    }

    public SignatureSigningParameters create(Credential credential) {
        if (credential == null) {
            throw new IllegalStateException("Could not extract signing key from credential");
        }
        try {
            String encryptionAlgorithm = getEncryptionAlgorithm(credential);
            String spRequestSignatureHashMethod = this.samlConfig.getSpRequestSignatureHashMethod();
            String algorithmKey = SupportedSamlSignatureHash.valueOf(spRequestSignatureHashMethod).getAlgorithmKey();
            SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
            signatureSigningParameters.setSigningCredential(credential);
            signatureSigningParameters.setSignatureAlgorithm(getSignatureAlgorithmFromConfiguration(encryptionAlgorithm, spRequestSignatureHashMethod));
            DigestAlgorithm digestAlgorithm = this.algorithmRegistry.getDigestAlgorithm(algorithmKey);
            if (digestAlgorithm == null) {
                throw new IllegalStateException("Could not find digest algorithm");
            }
            signatureSigningParameters.setSignatureReferenceDigestMethod(digestAlgorithm.getURI());
            signatureSigningParameters.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            signatureSigningParameters.setKeyInfoGenerator(this.keyInfoGenerator);
            return signatureSigningParameters;
        } catch (IllegalStateException e) {
            throw e;
        } catch (Exception e2) {
            throw new IllegalStateException("Could not find signature algorithm");
        }
    }

    private String getEncryptionAlgorithm(Credential credential) {
        PrivateKey privateKey = credential.getPrivateKey();
        if (privateKey == null) {
            throw new IllegalStateException("Could not extract signing key from credential");
        }
        String algorithm = privateKey.getAlgorithm();
        if (Strings.isNullOrEmpty(algorithm)) {
            throw new IllegalStateException("Could not find encryption algorithm");
        }
        return algorithm;
    }

    private String getSignatureAlgorithmFromConfiguration(String str, String str2) {
        SignatureAlgorithm signatureAlgorithm = this.algorithmRegistry.getSignatureAlgorithm(str, SupportedSamlSignatureHash.valueOf(str2).getAlgorithmKey());
        if (signatureAlgorithm == null) {
            throw new IllegalStateException("Could not find signature algorithm");
        }
        return signatureAlgorithm.getURI();
    }
}
