package com.ibm.ws.wssecurity.saml.security.impl;

import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.saml.common.SAML20Constants;
import com.ibm.ws.wssecurity.saml.common.SAMLAssertion;
import com.ibm.ws.wssecurity.saml.config.impl.SamlConfigUtil;
import com.ibm.ws.wssecurity.saml.saml20.assertion.Issuer;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.DOMUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.KeyStoreManager;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import java.util.ArrayList;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;

/* loaded from: input_file:com/ibm/ws/wssecurity/saml/security/impl/SamlSignatureUtils.class */
public class SamlSignatureUtils {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(SamlSignatureUtils.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    private static final String clsName = SamlSignatureUtils.class.getName();

    public static OMElement getSignedSAML(ProviderConfig providerConfig, RequesterConfig requesterConfig, SAMLAssertion sAMLAssertion) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSignedSAML(issue[" + ConfigUtil.getObjState(providerConfig) + "], requesterData[" + ConfigUtil.getObjState(requesterConfig) + "], unSignedAssertion[" + ConfigUtil.getObjState(sAMLAssertion) + "])");
        }
        KeyStoreManager.KeyInformation samlSigningKeyInformation = SamlConfigUtil.getSamlSigningKeyInformation(providerConfig);
        samlSigningKeyInformation.getPublicOrSecretKey();
        OMElement marshal = sAMLAssertion.marshal(null);
        OMElement marshal2 = new EnvelopedSignatureAssertionImpl(requesterConfig, samlSigningKeyInformation, marshal, sAMLAssertion.getSamlID()).marshal(marshal);
        if (SAML20Constants._saml2_ns.equalsIgnoreCase(sAMLAssertion.getAssertionQName().getNamespaceURI())) {
            OMElement firstChildWithName = marshal.getFirstChildWithName(Issuer.qName);
            if (firstChildWithName != null) {
                marshal2.detach();
                firstChildWithName.insertSiblingAfter(marshal2);
            } else {
                marshal.addChild(marshal2);
            }
        } else {
            marshal.addChild(marshal2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSignedSAML returns [" + ConfigUtil.getObjType(marshal) + "]");
        }
        return marshal;
    }

    public static OMElement getSignedSAML(ProviderConfig providerConfig, RequesterConfig requesterConfig, OMElement oMElement, String str) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSignedSAML(issue[" + ConfigUtil.getObjState(providerConfig) + "], requesterData[" + ConfigUtil.getObjState(requesterConfig) + "], unsignedOm[" + ConfigUtil.getObjType(oMElement) + "], samlID[" + str + "])");
        }
        KeyStoreManager.KeyInformation samlSigningKeyInformation = SamlConfigUtil.getSamlSigningKeyInformation(providerConfig);
        samlSigningKeyInformation.getPublicOrSecretKey();
        OMElement marshal = new EnvelopedSignatureAssertionImpl(requesterConfig, samlSigningKeyInformation, oMElement, str).marshal(oMElement);
        if (marshal == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "signatureEle is null");
            }
            throw new SoapSecurityException("An error occurred while creating the SAML signature element.  The signature element is null.");
        }
        oMElement.addChild(marshal);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSignedSAML returns [" + ConfigUtil.getObjType(oMElement) + "]");
        }
        return oMElement;
    }

    public static OMElement deleteSignElement(OMElement oMElement) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteSignElement(inSamlOm[" + ConfigUtil.getObjState(oMElement) + "])");
        }
        OMElement oMElement2 = null;
        if (oMElement != null) {
            oMElement2 = oMElement.cloneOMElement();
            try {
                ArrayList<OMNode> oneOrMoreElements = DOMUtil.getOneOrMoreElements(oMElement2, Constants.NS_DSIG, "Signature");
                for (int i = 0; i < oneOrMoreElements.size(); i++) {
                    ((OMElement) oneOrMoreElements.get(i)).detach();
                }
            } catch (Exception e) {
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "deleteSignElement returns [" + ConfigUtil.getObjType(oMElement2) + "]");
        }
        return oMElement2;
    }

    public static void deleteIssuerElement(OMElement oMElement) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteIssuerElement(inSamlOm[" + ConfigUtil.getObjState(oMElement) + "])");
        }
        if (oMElement != null) {
            try {
                ArrayList<OMNode> oneOrMoreElements = DOMUtil.getOneOrMoreElements(oMElement, "urn:oasis:names:tc:SAML:2.0:assertion", "Issuer");
                for (int i = 0; i < oneOrMoreElements.size(); i++) {
                    ((OMElement) oneOrMoreElements.get(i)).detach();
                }
            } catch (Exception e) {
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "deleteIssuerElement");
        }
    }
}
