package org.opensaml.saml.common;

import com.google.common.base.Strings;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.annotation.constraint.Live;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.collection.LazyList;
import net.shibboleth.utilities.java.support.collection.LazySet;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
import org.opensaml.core.xml.NamespaceManager;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.xmlsec.signature.support.ConfigurableContentReference;
import org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-saml-api-4.2.0.jar:org/opensaml/saml/common/SAMLObjectContentReference.class */
public class SAMLObjectContentReference implements ConfigurableContentReference, TransformsConfigurableContentReference {

    @Nonnull
    private final SignableSAMLObject signableObject;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) SAMLObjectContentReference.class);

    @NonnullElements
    @Nonnull
    private List<String> transforms = new LazyList();

    @NotEmpty
    @Nonnull
    private String digestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256";

    public SAMLObjectContentReference(@Nonnull SignableSAMLObject signableSAMLObject) {
        this.signableObject = signableSAMLObject;
        this.transforms.add("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
        this.transforms.add("http://www.w3.org/2001/10/xml-exc-c14n#");
    }

    @Override // org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference
    @NonnullElements
    @Live
    @Nonnull
    public List<String> getTransforms() {
        return this.transforms;
    }

    @Override // org.opensaml.xmlsec.signature.support.ConfigurableContentReference
    @NotEmpty
    @Nonnull
    public String getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    @Override // org.opensaml.xmlsec.signature.support.ConfigurableContentReference
    public void setDigestAlgorithm(@NotEmpty @Nonnull String str) {
        this.digestAlgorithm = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Digest algorithm cannot be empty or null");
    }

    @Override // org.opensaml.xmlsec.signature.support.ContentReference
    public void createReference(@Nonnull XMLSignature xMLSignature) {
        try {
            Transforms transforms = new Transforms(xMLSignature.getDocument());
            for (int i = 0; i < this.transforms.size(); i++) {
                String str = this.transforms.get(i);
                transforms.addTransform(str);
                if (str.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments") || str.equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
                    processExclusiveTransform(xMLSignature, transforms.item(i));
                }
            }
            if (Strings.isNullOrEmpty(this.signableObject.getSignatureReferenceID())) {
                this.log.debug("SignableSAMLObject had no reference ID, signing using whole document Reference URI");
                xMLSignature.addDocument("", transforms, this.digestAlgorithm);
            } else {
                xMLSignature.addDocument("#" + this.signableObject.getSignatureReferenceID(), transforms, this.digestAlgorithm);
            }
        } catch (XMLSignatureException e) {
            this.log.error("Error adding content reference to signature", (Throwable) e);
        } catch (TransformationException e2) {
            this.log.error("Unsupported signature transformation", (Throwable) e2);
        }
    }

    private void processExclusiveTransform(@Nonnull XMLSignature xMLSignature, @Nonnull Transform transform) {
        this.log.debug("Adding list of inclusive namespaces for signature exclusive canonicalization transform");
        LazySet lazySet = new LazySet();
        populateNamespacePrefixes(lazySet, this.signableObject);
        if (lazySet == null || lazySet.size() <= 0) {
            return;
        }
        transform.getElement().appendChild(new InclusiveNamespaces(xMLSignature.getDocument(), lazySet).getElement());
    }

    private void populateNamespacePrefixes(@NonnullElements @Nonnull Set<String> set, @Nonnull XMLObject xMLObject) {
        for (String str : xMLObject.getNamespaceManager().getNonVisibleNamespacePrefixes()) {
            if (str != null) {
                if (NamespaceManager.DEFAULT_NS_TOKEN.equals(str)) {
                    set.add("xmlns");
                } else {
                    set.add(str);
                }
            }
        }
    }
}
