package com.bssys.fk.ui.service.esia.sign;

import org.opensaml.common.SignableSAMLObject;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.MarshallerFactory;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:fk-ui-war-3.0.27.war:WEB-INF/classes/com/bssys/fk/ui/service/esia/sign/SignatureServiceImpl.class */
public class SignatureServiceImpl implements SignatureService {
    private final Logger log = LoggerFactory.getLogger(getClass());

    @Autowired
    private XMLObjectBuilderFactory builderFactory;

    @Autowired
    private Credential signCred;

    @Autowired
    private MarshallerFactory marshallerFactory;

    @Autowired
    private SAMLSignatureProfileValidator profileValidator;

    @Autowired
    private SignatureValidator signatureValidator;

    private KeyInfo getKeyInfo(Credential credential) {
        try {
            return Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager().getDefaultManager().getFactory(credential).newInstance().generate(credential);
        } catch (SecurityException e) {
            this.log.trace("Failed to get key info.", (Throwable) e);
            return null;
        }
    }

    @Override // com.bssys.fk.ui.service.esia.sign.SignatureService
    public SignableSAMLObject sign(SignableSAMLObject signableSAMLObject) {
        if (signableSAMLObject == null) {
            throw new NullPointerException("signable");
        }
        Signature signature = (Signature) this.builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
        signature.setSigningCredential(this.signCred);
        signature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        signature.setKeyInfo(getKeyInfo(this.signCred));
        signableSAMLObject.setSignature(signature);
        try {
            this.marshallerFactory.getMarshaller(signableSAMLObject.getElementQName()).marshall(signableSAMLObject);
            Signer.signObject(signature);
            return signableSAMLObject;
        } catch (MarshallingException e) {
            this.log.trace("Failed to marshall for adding signature.", (Throwable) e);
            throw new IllegalStateException(e);
        } catch (SignatureException e2) {
            this.log.trace("Signing exception.", (Throwable) e2);
            throw new IllegalStateException(e2);
        }
    }

    @Override // com.bssys.fk.ui.service.esia.sign.SignatureService
    public boolean verify(Signature signature) {
        try {
            this.profileValidator.validate(signature);
            try {
                this.signatureValidator.validate(signature);
                return true;
            } catch (ValidationException e) {
                this.log.trace("Verification failed.", (Throwable) e);
                return false;
            }
        } catch (ValidationException e2) {
            this.log.trace("Signature is invalid.", (Throwable) e2);
            return false;
        }
    }
}
