package filibuster.com.linecorp.armeria.server.saml;

import filibuster.com.linecorp.armeria.common.annotation.Nullable;
import java.io.ByteArrayInputStream;
import java.util.Objects;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.impl.SignatureBuilder;
import org.opensaml.xmlsec.signature.impl.SignatureImpl;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.opensaml.xmlsec.signature.support.Signer;
import org.w3c.dom.Element;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:filibuster/com/linecorp/armeria/server/saml/SamlMessageUtil.class */
public final class SamlMessageUtil {
    private static final XMLObjectBuilderFactory builderFactory;
    private static final KeyInfoGenerator keyInfoGenerator;
    private static final SignatureBuilder signatureBuilder;
    private static final SAMLSignatureProfileValidator signatureProfileValidator;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <T extends SAMLObject> SAMLObjectBuilder<T> builder(@Nullable QName qName) {
        SAMLObjectBuilder<T> sAMLObjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(qName);
        if ($assertionsDisabled || sAMLObjectBuilder != null) {
            return sAMLObjectBuilder;
        }
        throw new AssertionError();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <T extends SAMLObject> T build(@Nullable QName qName) {
        return (T) builder(qName).buildObject();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Element serialize(XMLObject xMLObject) {
        Objects.requireNonNull(xMLObject, "message");
        if (xMLObject.getDOM() != null) {
            return xMLObject.getDOM();
        }
        Marshaller marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(xMLObject);
        if (marshaller == null) {
            throw new SamlException("failed to serialize a SAML object into an XML document, no serializer registered for message object: " + xMLObject.getElementQName());
        }
        try {
            return marshaller.marshall(xMLObject);
        } catch (MarshallingException e) {
            throw new SamlException("failed to serialize a SAML object into an XML document", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static XMLObject deserialize(byte[] bArr) {
        Objects.requireNonNull(bArr, "bytes");
        ParserPool parserPool = XMLObjectProviderRegistrySupport.getParserPool();
        if (!$assertionsDisabled && parserPool == null) {
            throw new AssertionError();
        }
        try {
            return XMLObjectSupport.unmarshallFromInputStream(parserPool, new ByteArrayInputStream(bArr));
        } catch (XMLParserException | UnmarshallingException e) {
            throw new InvalidSamlRequestException("failed to deserialize an XML document bytes into a SAML object", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void sign(SignableSAMLObject signableSAMLObject, Credential credential, String str) {
        Objects.requireNonNull(signableSAMLObject, "signableObj");
        Objects.requireNonNull(credential, "signingCredential");
        Objects.requireNonNull(str, "signatureAlgorithm");
        SignatureImpl buildObject = signatureBuilder.buildObject();
        buildObject.setSignatureAlgorithm(str);
        buildObject.setSigningCredential(credential);
        buildObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        try {
            buildObject.setKeyInfo(keyInfoGenerator.generate(credential));
            signableSAMLObject.setSignature(buildObject);
            serialize(signableSAMLObject);
            try {
                Signer.signObject(buildObject);
            } catch (SignatureException e) {
                throw new SamlException("failed to sign a SAML object", e);
            }
        } catch (SecurityException e2) {
            throw new SamlException("failed to create a key info of signing credential", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateSignature(Credential credential, SignableSAMLObject signableSAMLObject) {
        Objects.requireNonNull(credential, "validationCredential");
        Objects.requireNonNull(signableSAMLObject, "signableObj");
        if (signableSAMLObject.isSigned()) {
            Signature signature = signableSAMLObject.getSignature();
            if (signature == null) {
                throw new InvalidSamlRequestException("failed to validate a signature because no signature exists");
            }
            try {
                signatureProfileValidator.validate(signature);
                SignatureValidator.validate(signature, credential);
            } catch (SignatureException e) {
                throw new InvalidSamlRequestException("failed to validate a signature", e);
            }
        }
    }

    private SamlMessageUtil() {
    }

    static {
        $assertionsDisabled = !SamlMessageUtil.class.desiredAssertionStatus();
        signatureBuilder = new SignatureBuilder();
        signatureProfileValidator = new SAMLSignatureProfileValidator();
        SamlInitializer.ensureAvailability();
        builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        x509KeyInfoGeneratorFactory.setEmitEntityCertificateChain(true);
        keyInfoGenerator = x509KeyInfoGeneratorFactory.newInstance();
    }
}
