package org.pac4j.saml.crypto;

import java.util.ArrayList;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.saml.criterion.RoleDescriptorCriterion;
import org.opensaml.saml.saml2.metadata.SSODescriptor;
import org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver;
import org.opensaml.xmlsec.SignatureSigningConfiguration;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.config.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion;
import org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration;
import org.pac4j.saml.client.SAML2ClientConfiguration;
import org.pac4j.saml.exceptions.SAMLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-1.9.7.jar:org/pac4j/saml/crypto/DefaultSignatureSigningParametersProvider.class */
public class DefaultSignatureSigningParametersProvider implements SignatureSigningParametersProvider {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DefaultSignatureSigningParametersProvider.class);
    private final CredentialProvider credentialProvider;
    private final SAML2ClientConfiguration configuration;

    public DefaultSignatureSigningParametersProvider(CredentialProvider credentialProvider, SAML2ClientConfiguration sAML2ClientConfiguration) {
        this.credentialProvider = credentialProvider;
        this.configuration = sAML2ClientConfiguration;
    }

    @Override // org.pac4j.saml.crypto.SignatureSigningParametersProvider
    public SignatureSigningParameters build(SSODescriptor sSODescriptor) {
        try {
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new SignatureSigningConfigurationCriterion(new SignatureSigningConfiguration[]{getSignatureSigningConfiguration()}));
            criteriaSet.add(new RoleDescriptorCriterion(sSODescriptor));
            SignatureSigningParameters resolveSingle = new SAMLMetadataSignatureSigningParametersResolver().resolveSingle(criteriaSet);
            augmentSignatureSigningParameters(resolveSingle);
            if (resolveSingle == null) {
                throw new SAMLException("Could not determine the signature parameters");
            }
            logger.info("Created signature signing parameters.\nSignature algorithm: {}\nSignature canonicalization algorithm: {}\nSignature reference digest methods: {}", resolveSingle.getSignatureAlgorithm(), resolveSingle.getSignatureCanonicalizationAlgorithm(), resolveSingle.getSignatureReferenceDigestMethod());
            return resolveSingle;
        } catch (Exception e) {
            throw new SAMLException(e);
        }
    }

    protected SignatureSigningConfiguration getSignatureSigningConfiguration() {
        BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
        if (this.configuration.getBlackListedSignatureSigningAlgorithms() != null) {
            buildDefaultSignatureSigningConfiguration.setBlacklistedAlgorithms(this.configuration.getBlackListedSignatureSigningAlgorithms());
        }
        if (this.configuration.getSignatureAlgorithms() != null) {
            buildDefaultSignatureSigningConfiguration.setSignatureAlgorithms(this.configuration.getSignatureAlgorithms());
        }
        if (this.configuration.getSignatureCanonicalizationAlgorithm() != null) {
            buildDefaultSignatureSigningConfiguration.setSignatureCanonicalizationAlgorithm(this.configuration.getSignatureCanonicalizationAlgorithm());
        }
        if (this.configuration.getSignatureReferenceDigestMethods() != null) {
            buildDefaultSignatureSigningConfiguration.setSignatureReferenceDigestMethods(this.configuration.getSignatureReferenceDigestMethods());
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.credentialProvider.getCredential());
        buildDefaultSignatureSigningConfiguration.setSigningCredentials(arrayList);
        return buildDefaultSignatureSigningConfiguration;
    }

    protected SignatureSigningParameters augmentSignatureSigningParameters(SignatureSigningParameters signatureSigningParameters) {
        return signatureSigningParameters;
    }
}
