package org.elasticsearch.xpack.security.authc.saml;

import java.nio.charset.StandardCharsets;
import java.util.Set;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.security.SecurityException;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.xmlsec.crypto.XMLSigningUtil;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/saml/SigningConfiguration.class */
public class SigningConfiguration {
    private final Set<String> messageTypes;
    private final X509Credential credential;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SigningConfiguration(Set<String> set, X509Credential x509Credential) {
        this.messageTypes = set;
        this.credential = x509Credential;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean shouldSign(SAMLObject sAMLObject) {
        return shouldSign(sAMLObject.getElementQName().getLocalPart());
    }

    public boolean shouldSign(String str) {
        if (this.credential == null) {
            return false;
        }
        return this.messageTypes.contains(str) || this.messageTypes.contains("*");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] sign(String str, String str2) throws SecurityException {
        return sign(str.getBytes(StandardCharsets.UTF_8), str2);
    }

    byte[] sign(byte[] bArr, String str) throws SecurityException {
        return XMLSigningUtil.signWithURI(this.credential, str, bArr);
    }

    public X509Credential getCredential() {
        return this.credential;
    }
}
