package org.ehealth_connector.security.crypt;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.X509Certificate;
import org.ehealth_connector.security.authentication.AuthnRequest;
import org.ehealth_connector.security.authentication.impl.AuthnRequestImpl;
import org.ehealth_connector.security.exceptions.SigningException;
import org.ehealth_connector.security.saml2.ArtifactResolve;
import org.ehealth_connector.security.saml2.impl.ArtifactResolveImpl;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.security.SecurityException;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.impl.SignatureBuilder;
import org.opensaml.xmlsec.signature.impl.SignatureImpl;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.Signer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ehealth_connector/security/crypt/SignCryptModuleImpl.class */
public class SignCryptModuleImpl implements SignCryptModule {
    private static Logger LOG = LoggerFactory.getLogger(SignCryptModuleImpl.class);
    private KeyStore keyStore;
    private String keyStorePassword;
    private KeyStore trustStore;
    private String trustStorePassword;

    private BasicX509Credential getSigningCredential(String str) throws SigningException {
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(str, new KeyStore.PasswordProtection(this.keyStorePassword.toCharArray()));
            PrivateKey privateKey = privateKeyEntry.getPrivateKey();
            X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
            LOG.debug(x509Certificate.getIssuerDN().getName());
            LOG.debug(x509Certificate.getSubjectDN().getName());
            BasicX509Credential basicX509Credential = new BasicX509Credential(x509Certificate, privateKey);
            basicX509Credential.setEntityId(str);
            return basicX509Credential;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new SigningException(e);
        }
    }

    @Override // org.ehealth_connector.security.crypt.SignCryptModule
    public void setPki(KeyStore keyStore, String str, KeyStore keyStore2, String str2) {
        this.keyStore = keyStore;
        this.keyStorePassword = str;
        this.trustStore = keyStore2;
        this.trustStorePassword = str2;
    }

    private void sign(SignableXMLObject signableXMLObject, String str) throws SigningException {
        try {
            SignatureImpl buildObject = new SignatureBuilder().buildObject(Signature.DEFAULT_ELEMENT_NAME);
            BasicX509Credential signingCredential = getSigningCredential(str);
            buildObject.setSigningCredential(signingCredential);
            buildObject.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
            buildObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
            x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
            x509KeyInfoGeneratorFactory.setX509DigestAlgorithmURI("http://www.w3.org/2000/09/xmldsig#sha1");
            if (x509KeyInfoGeneratorFactory.handles(signingCredential)) {
                buildObject.setKeyInfo(x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential));
                signableXMLObject.setSignature(buildObject);
                XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(signableXMLObject).marshall(signableXMLObject);
                Signer.signObject(buildObject);
            }
        } catch (MarshallingException | SecurityException | SignatureException e) {
            throw new SigningException(e);
        }
    }

    @Override // org.ehealth_connector.security.crypt.SignCryptModule
    public void signArtifactResolve(ArtifactResolve artifactResolve, String str) throws SigningException {
        sign(((ArtifactResolveImpl) artifactResolve).getWrappedObject(), str);
    }

    @Override // org.ehealth_connector.security.crypt.SignCryptModule
    public void signAuthnRequest(AuthnRequest authnRequest, String str) throws SigningException {
        sign(((AuthnRequestImpl) authnRequest).getWrappedObject(), str);
    }
}
