package com.alfaariss.oa.util.saml2.crypto;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.engine.core.crypto.CryptoException;
import com.alfaariss.oa.engine.core.crypto.CryptoManager;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509Credential;

/* loaded from: input_file:com/alfaariss/oa/util/saml2/crypto/SAML2CryptoUtils.class */
public class SAML2CryptoUtils {
    private static Log _logger = LogFactory.getLog(SAML2CryptoUtils.class);

    public static String getXMLSignatureURI(CryptoManager cryptoManager) throws OAException {
        String str;
        Signature signature = cryptoManager.getSignature();
        if (signature == null) {
            _logger.warn("OA Signing is disabled");
            throw new OAException(1);
        }
        String algorithm = signature.getAlgorithm();
        if ("SHA1withRSA".equals(algorithm)) {
            str = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        } else if ("SHA1withDSA".equals(algorithm)) {
            str = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        } else if ("SHA256withRSA".equals(algorithm)) {
            str = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
        } else if ("SHA384withRSA".equals(algorithm)) {
            str = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
        } else if ("SHA512withRSA".equals(algorithm)) {
            str = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
        } else {
            if (!"MD5withRSA".equals(algorithm)) {
                _logger.error("Unsupported digital signature algorithm: " + algorithm);
                throw new OAException(1);
            }
            str = "http://www.w3.org/2001/04/xmldsig-more#rsa-md5";
        }
        return str;
    }

    public static X509Credential retrieveMySigningCredentials(CryptoManager cryptoManager, String str) throws OAException {
        PrivateKey privateKey = cryptoManager.getPrivateKey();
        if (privateKey == null) {
            _logger.warn("No correct private key configured, signing is disabled");
            throw new OAException(1);
        }
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        basicX509Credential.setEntityCertificate((X509Certificate) cryptoManager.getCertificate());
        basicX509Credential.setEntityId(str);
        basicX509Credential.setPrivateKey(privateKey);
        basicX509Credential.setUsageType(UsageType.SIGNING);
        return basicX509Credential;
    }

    public static X509Credential retrieveSigningCredentials(CryptoManager cryptoManager, String str) throws CryptoException {
        try {
            X509Certificate x509Certificate = (X509Certificate) cryptoManager.getCertificate(str);
            if (x509Certificate == null) {
                _logger.debug("No certificate found in OA Crypto Manager with alias: " + str);
                throw new CryptoException(35);
            }
            BasicX509Credential basicX509Credential = new BasicX509Credential();
            basicX509Credential.setEntityCertificate(x509Certificate);
            basicX509Credential.setEntityId(str);
            basicX509Credential.setUsageType(UsageType.SIGNING);
            return basicX509Credential;
        } catch (CryptoException e) {
            _logger.debug("Could not retrieve signing credentials from crypto manager's signing facility");
            throw e;
        }
    }

    public static String getXMLDigestMethodURI(MessageDigest messageDigest) throws OAException {
        String replace = messageDigest.getAlgorithm().replace("-", "");
        if (replace.equalsIgnoreCase("SHA1")) {
            return "http://www.w3.org/2000/09/xmldsig#sha1";
        }
        if (replace.equalsIgnoreCase("SHA256")) {
            return "http://www.w3.org/2001/04/xmlenc#sha256";
        }
        if (replace.equalsIgnoreCase("SHA384")) {
            return "http://www.w3.org/2001/04/xmldsig-more#sha384";
        }
        if (replace.equalsIgnoreCase("SHA512")) {
            return "http://www.w3.org/2001/04/xmlenc#sha512";
        }
        if (replace.equalsIgnoreCase("MD5")) {
            return "http://www.w3.org/2001/04/xmldsig-more#md5";
        }
        _logger.error("Unsupported message digest algorithm: " + replace);
        throw new OAException(1);
    }
}
