package com.mulesoft.mule.compatibility.module.saml.realms;

import com.mulesoft.mule.compatibility.module.saml.SAMLAuthenticationAdapter;
import com.mulesoft.mule.compatibility.module.saml.SAMLUtils;
import com.mulesoft.mule.compatibility.module.saml.crypto.NoSuchKeyException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.mule.runtime.api.lifecycle.Initialisable;
import org.mule.runtime.api.lifecycle.InitialisationException;

/* loaded from: input_file:repository/com/mulesoft/mule/modules/modules/mule-module-saml-ee/1.2.0/mule-module-saml-ee-1.2.0.jar:com/mulesoft/mule/compatibility/module/saml/realms/SenderVouchesRealm.class */
public final class SenderVouchesRealm extends AbstractSecurityRealm implements Initialisable {
    private static final Log logger = LogFactory.getLog(SenderVouchesRealm.class);
    private boolean resignAssertions;
    private String signKeyAlias;
    private String signKeyPassword;
    private Key issuerPK;
    private X509Certificate[] issuerCerts;

    public void initialise() throws InitialisationException {
        if (this.resignAssertions) {
            if (this.signKeyAlias == null || this.signKeyPassword == null) {
                throw new IllegalStateException("Cannot resign assertions without a sign key alias and password specified");
            }
            try {
                this.issuerPK = getKeyProvider().retrieveKey(this.signKeyAlias, this.signKeyPassword);
                this.issuerCerts = getKeyProvider().retrieveCertificateChain(this.signKeyAlias);
            } catch (NoSuchKeyException e) {
                throw new InitialisationException(e, this);
            }
        }
    }

    @Override // com.mulesoft.mule.compatibility.module.saml.realms.AbstractSecurityRealm
    protected SAMLAuthenticationAdapter createResultAuthentication(SAMLAuthenticationAdapter sAMLAuthenticationAdapter) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("Creating result assertion from " + sAMLAuthenticationAdapter);
        }
        AssertionWrapper assertionWrapper = (AssertionWrapper) sAMLAuthenticationAdapter.getCredentials();
        AssertionWrapper assertionWrapper2 = new AssertionWrapper(assertionWrapper.getElement());
        if (this.resignAssertions) {
            if (logger.isDebugEnabled()) {
                logger.debug("Creating result assertion, resigned with my private key");
            }
            SAMLUtils.sign(assertionWrapper, (PrivateKey) this.issuerPK, this.issuerCerts, false);
            if (logger.isDebugEnabled()) {
                logger.debug("Result assertion created: " + assertionWrapper2.toString());
            }
        }
        SAMLAuthenticationAdapter sAMLAuthenticationAdapter2 = new SAMLAuthenticationAdapter(assertionWrapper2, this.signKeyAlias, sAMLAuthenticationAdapter.getSecurityRealm());
        sAMLAuthenticationAdapter2.setEvent(sAMLAuthenticationAdapter.getEvent());
        if (logger.isDebugEnabled()) {
            logger.debug("Result assertion created " + sAMLAuthenticationAdapter2);
        }
        return sAMLAuthenticationAdapter2;
    }

    public String getSignKeyAlias() {
        return this.signKeyAlias;
    }

    public void setSignKeyAlias(String str) {
        this.signKeyAlias = str;
    }

    public String getSignKeyPassword() {
        return this.signKeyPassword;
    }

    public void setSignKeyPassword(String str) {
        this.signKeyPassword = str;
    }

    public boolean isResignAssertions() {
        return this.resignAssertions;
    }

    public void setResignAssertions(boolean z) {
        this.resignAssertions = z;
    }
}
