package org.opensaml.xmlsec.config.impl;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.security.crypto.JCAConstants;
import org.opensaml.xmlsec.agreement.impl.DigestMethod;
import org.opensaml.xmlsec.agreement.impl.KANonce;
import org.opensaml.xmlsec.derivation.impl.ConcatKDF;
import org.opensaml.xmlsec.derivation.impl.PBKDF2;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.KeyAgreementEncryptionConfiguration;
import org.opensaml.xmlsec.encryption.support.RSAOAEPParameters;
import org.opensaml.xmlsec.encryption.support.SimpleKeyInfoReferenceEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.impl.BasicDecryptionConfiguration;
import org.opensaml.xmlsec.impl.BasicEncryptionConfiguration;
import org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration;
import org.opensaml.xmlsec.impl.BasicSignatureValidationConfiguration;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager;
import org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager;
import org.opensaml.xmlsec.keyinfo.impl.BasicKeyInfoGeneratorFactory;
import org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.KeyAgreementKeyInfoGeneratorFactory;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/xmlsec/config/impl/DefaultSecurityConfigurationBootstrap.class */
public class DefaultSecurityConfigurationBootstrap {
    public static final String CONFIG_PROPERTY_ECDH_DEFAULT_KDF = "opensaml.config.ecdh.defaultKDF";
    public static final String CONCATKDF = "ConcatKDF";
    public static final String PBKDF2 = "PBKDF2";
    private static final Logger LOG = LoggerFactory.getLogger(DefaultSecurityConfigurationBootstrap.class);

    protected DefaultSecurityConfigurationBootstrap() {
    }

    @Nonnull
    public static BasicEncryptionConfiguration buildDefaultEncryptionConfiguration() {
        BasicEncryptionConfiguration basicEncryptionConfiguration = new BasicEncryptionConfiguration();
        basicEncryptionConfiguration.setExcludedAlgorithms(Collections.singletonList(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15));
        basicEncryptionConfiguration.setDataEncryptionAlgorithms(List.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES));
        basicEncryptionConfiguration.setKeyTransportEncryptionAlgorithms(List.of(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP, EncryptionConstants.ALGO_ID_KEYWRAP_AES128, EncryptionConstants.ALGO_ID_KEYWRAP_AES192, EncryptionConstants.ALGO_ID_KEYWRAP_AES256, EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES));
        basicEncryptionConfiguration.setRSAOAEPParameters(new RSAOAEPParameters(SignatureConstants.ALGO_ID_DIGEST_SHA1, EncryptionConstants.ALGO_ID_MGF1_SHA1, null));
        basicEncryptionConfiguration.setKeyAgreementConfigurations(buildKeyAgreementConfigurations());
        basicEncryptionConfiguration.setDataKeyInfoGeneratorManager(buildDataEncryptionKeyInfoGeneratorManager());
        basicEncryptionConfiguration.setKeyTransportKeyInfoGeneratorManager(buildKeyTransportEncryptionKeyInfoGeneratorManager());
        return basicEncryptionConfiguration;
    }

    @Nonnull
    protected static Map<String, KeyAgreementEncryptionConfiguration> buildKeyAgreementConfigurations() {
        HashMap hashMap = new HashMap();
        try {
            Properties configurationProperties = ConfigurationService.getConfigurationProperties();
            KeyAgreementEncryptionConfiguration keyAgreementEncryptionConfiguration = new KeyAgreementEncryptionConfiguration();
            keyAgreementEncryptionConfiguration.setAlgorithm(EncryptionConstants.ALGO_ID_KEYAGREEMENT_ECDH_ES);
            String property = configurationProperties != null ? configurationProperties.getProperty(CONFIG_PROPERTY_ECDH_DEFAULT_KDF, CONCATKDF) : CONCATKDF;
            if (CONCATKDF.equals(property)) {
                ConcatKDF concatKDF = new ConcatKDF();
                concatKDF.setAlgorithmID("00");
                concatKDF.setPartyUInfo("00");
                concatKDF.setPartyVInfo("00");
                concatKDF.initialize();
                keyAgreementEncryptionConfiguration.setParameters(Set.of(concatKDF));
            } else if (PBKDF2.equals(property)) {
                PBKDF2 pbkdf2 = new PBKDF2();
                pbkdf2.initialize();
                keyAgreementEncryptionConfiguration.setParameters(Set.of(pbkdf2));
            } else {
                LOG.warn("Saw unknown value for ECDH KDF '{}', omitting global ECDH KDF configuration", property);
                keyAgreementEncryptionConfiguration.setParameters(Collections.emptySet());
            }
            hashMap.put(JCAConstants.KEY_ALGO_EC, keyAgreementEncryptionConfiguration);
            KeyAgreementEncryptionConfiguration keyAgreementEncryptionConfiguration2 = new KeyAgreementEncryptionConfiguration();
            keyAgreementEncryptionConfiguration2.setAlgorithm(EncryptionConstants.ALGO_ID_KEYAGREEMENT_DH);
            DigestMethod digestMethod = new DigestMethod();
            digestMethod.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
            digestMethod.initialize();
            KANonce kANonce = new KANonce();
            kANonce.initialize();
            keyAgreementEncryptionConfiguration2.setParameters(Set.of(digestMethod, kANonce));
            hashMap.put(JCAConstants.KEY_ALGO_DH, keyAgreementEncryptionConfiguration2);
        } catch (ComponentInitializationException e) {
            LOG.error("Initialization failure on global key agreement encryption configuration, will be unusable", e);
        }
        return hashMap;
    }

    @Nonnull
    public static BasicDecryptionConfiguration buildDefaultDecryptionConfiguration() {
        BasicDecryptionConfiguration basicDecryptionConfiguration = new BasicDecryptionConfiguration();
        basicDecryptionConfiguration.setExcludedAlgorithms(Collections.singletonList(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15));
        basicDecryptionConfiguration.setEncryptedKeyResolver(buildBasicEncryptedKeyResolver());
        return basicDecryptionConfiguration;
    }

    @Nonnull
    public static BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration() {
        BasicSignatureSigningConfiguration basicSignatureSigningConfiguration = new BasicSignatureSigningConfiguration();
        basicSignatureSigningConfiguration.setExcludedAlgorithms(List.of(SignatureConstants.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5, SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5, SignatureConstants.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5));
        basicSignatureSigningConfiguration.setSignatureAlgorithms(List.of((Object[]) new String[]{SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256, SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA384, SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512, "http://www.w3.org/2000/09/xmldsig#rsa-sha1", SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA384, SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1, "http://www.w3.org/2000/09/xmldsig#dsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", SignatureConstants.ALGO_ID_MAC_HMAC_SHA384, SignatureConstants.ALGO_ID_MAC_HMAC_SHA512, SignatureConstants.ALGO_ID_MAC_HMAC_SHA1}));
        basicSignatureSigningConfiguration.setSignatureReferenceDigestMethods(List.of("http://www.w3.org/2001/04/xmlenc#sha256", SignatureConstants.ALGO_ID_DIGEST_SHA384, "http://www.w3.org/2001/04/xmlenc#sha512", SignatureConstants.ALGO_ID_DIGEST_SHA1));
        basicSignatureSigningConfiguration.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        basicSignatureSigningConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager());
        return basicSignatureSigningConfiguration;
    }

    @Nonnull
    public static BasicSignatureValidationConfiguration buildDefaultSignatureValidationConfiguration() {
        BasicSignatureValidationConfiguration basicSignatureValidationConfiguration = new BasicSignatureValidationConfiguration();
        basicSignatureValidationConfiguration.setExcludedAlgorithms(List.of(SignatureConstants.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5, SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5, SignatureConstants.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5));
        return basicSignatureValidationConfiguration;
    }

    protected static EncryptedKeyResolver buildBasicEncryptedKeyResolver() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new InlineEncryptedKeyResolver());
        arrayList.add(new SimpleRetrievalMethodEncryptedKeyResolver());
        arrayList.add(new SimpleKeyInfoReferenceEncryptedKeyResolver());
        return new ChainingEncryptedKeyResolver(arrayList);
    }

    public static KeyInfoCredentialResolver buildBasicInlineKeyInfoCredentialResolver() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new RSAKeyValueProvider());
        arrayList.add(new DSAKeyValueProvider());
        arrayList.add(new ECKeyValueProvider());
        arrayList.add(new DEREncodedKeyValueProvider());
        arrayList.add(new InlineX509DataProvider());
        return new BasicProviderKeyInfoCredentialResolver(arrayList);
    }

    protected static NamedKeyInfoGeneratorManager buildDataEncryptionKeyInfoGeneratorManager() {
        KeyAgreementKeyInfoGeneratorFactory keyAgreementKeyInfoGeneratorFactory = new KeyAgreementKeyInfoGeneratorFactory();
        NamedKeyInfoGeneratorManager buildBasicKeyInfoGeneratorManager = buildBasicKeyInfoGeneratorManager();
        buildBasicKeyInfoGeneratorManager.getDefaultManager().registerFactory(keyAgreementKeyInfoGeneratorFactory);
        return buildBasicKeyInfoGeneratorManager;
    }

    protected static NamedKeyInfoGeneratorManager buildKeyTransportEncryptionKeyInfoGeneratorManager() {
        KeyAgreementKeyInfoGeneratorFactory keyAgreementKeyInfoGeneratorFactory = new KeyAgreementKeyInfoGeneratorFactory();
        NamedKeyInfoGeneratorManager buildBasicKeyInfoGeneratorManager = buildBasicKeyInfoGeneratorManager();
        buildBasicKeyInfoGeneratorManager.getDefaultManager().registerFactory(keyAgreementKeyInfoGeneratorFactory);
        return buildBasicKeyInfoGeneratorManager;
    }

    protected static NamedKeyInfoGeneratorManager buildSignatureKeyInfoGeneratorManager() {
        NamedKeyInfoGeneratorManager namedKeyInfoGeneratorManager = new NamedKeyInfoGeneratorManager();
        namedKeyInfoGeneratorManager.setUseDefaultManager(true);
        KeyInfoGeneratorManager defaultManager = namedKeyInfoGeneratorManager.getDefaultManager();
        BasicKeyInfoGeneratorFactory basicKeyInfoGeneratorFactory = new BasicKeyInfoGeneratorFactory();
        basicKeyInfoGeneratorFactory.setEmitPublicKeyValue(true);
        basicKeyInfoGeneratorFactory.setEmitPublicDEREncodedKeyValue(true);
        basicKeyInfoGeneratorFactory.setEmitKeyNames(true);
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        x509KeyInfoGeneratorFactory.setEmitEntityCertificateChain(true);
        defaultManager.registerFactory(basicKeyInfoGeneratorFactory);
        defaultManager.registerFactory(x509KeyInfoGeneratorFactory);
        return namedKeyInfoGeneratorManager;
    }

    public static NamedKeyInfoGeneratorManager buildBasicKeyInfoGeneratorManager() {
        NamedKeyInfoGeneratorManager namedKeyInfoGeneratorManager = new NamedKeyInfoGeneratorManager();
        namedKeyInfoGeneratorManager.setUseDefaultManager(true);
        KeyInfoGeneratorManager defaultManager = namedKeyInfoGeneratorManager.getDefaultManager();
        BasicKeyInfoGeneratorFactory basicKeyInfoGeneratorFactory = new BasicKeyInfoGeneratorFactory();
        basicKeyInfoGeneratorFactory.setEmitPublicKeyValue(true);
        basicKeyInfoGeneratorFactory.setEmitPublicDEREncodedKeyValue(true);
        basicKeyInfoGeneratorFactory.setEmitKeyNames(true);
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        defaultManager.registerFactory(basicKeyInfoGeneratorFactory);
        defaultManager.registerFactory(x509KeyInfoGeneratorFactory);
        return namedKeyInfoGeneratorManager;
    }
}
