package com.suncode.sso.authenticator.configuration.saml;

import com.coveo.saml.SamlException;
import com.coveo.saml.SamlLogoutResponse;
import com.coveo.saml.SamlResponse;
import com.coveo.saml.XMLHelper;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.RandomAccessFile;
import java.io.Reader;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.input.BOMInputStream;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.core.config.InitializationService;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.StatusMessage;
import org.opensaml.saml.saml2.core.impl.StatusCodeBuilder;
import org.opensaml.saml.saml2.core.impl.StatusMessageBuilder;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.opensaml.xmlsec.keyinfo.impl.ChainingKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.CollectionKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.X509Data;
import org.opensaml.xmlsec.signature.impl.SignatureBuilder;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:com/suncode/sso/authenticator/configuration/saml/SamlClient.class */
public class SamlClient {
    public static final String HTTP_REQ_SAML_PARAM = "SAMLRequest";
    public static final String HTTP_RESP_SAML_PARAM = "SAMLResponse";
    private final BasicParserPool domParser;
    private final String relyingPartyIdentifier;
    private final String assertionConsumerServiceUrl;
    private final String identityProviderUrl;
    private final String responseIssuer;
    private final List<Credential> credentials;
    private final SamlIdpBinding samlBinding;
    private BasicX509Credential spCredential;
    private static final Logger log = LoggerFactory.getLogger(SamlClient.class);
    private static boolean initializedOpenSaml = false;
    private final long notBeforeSkew = 0;
    private final List<Credential> additionalSpCredentials = new ArrayList();

    /* loaded from: input_file:com/suncode/sso/authenticator/configuration/saml/SamlClient$SamlIdpBinding.class */
    public enum SamlIdpBinding {
        POST,
        Redirect
    }

    public SamlClient(String str, String str2, String str3, String str4, List<X509Certificate> list, SamlIdpBinding samlIdpBinding) throws SamlException {
        ensureOpenSamlIsInitialized();
        if (str == null) {
            throw new IllegalArgumentException("relyingPartyIdentifier");
        }
        if (str3 == null) {
            throw new IllegalArgumentException("identityProviderUrl");
        }
        if (str4 == null) {
            throw new IllegalArgumentException("responseIssuer");
        }
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("certificates");
        }
        this.relyingPartyIdentifier = str;
        this.assertionConsumerServiceUrl = str2;
        this.identityProviderUrl = str3;
        this.responseIssuer = str4;
        this.credentials = (List) list.stream().map(SamlClient::getCredential).collect(Collectors.toList());
        this.samlBinding = samlIdpBinding;
        this.domParser = createDOMParser();
    }

    public SamlResponse decodeAndValidateSamlResponse(String str, String str2, String str3) throws SamlException {
        Response response = (Response) parseResponse(str, str3);
        if (!response.getInResponseTo().equals(str2)) {
            throw new SamlException("The response 'inResponseTo' value didn't match the expected value");
        }
        try {
            decodeEncryptedAssertion(response);
            ValidatorUtils.validate(response, this.responseIssuer, this.credentials, DateTime.now(), this.notBeforeSkew);
            return new SamlResponse((Assertion) response.getAssertions().get(0));
        } catch (DecryptionException e) {
            throw new SamlException("Cannot decrypt the assertion", e);
        }
    }

    public static SamlClient fromMetadata(String str, String str2, Reader reader) throws SamlException {
        return fromMetadata(str, str2, reader, SamlIdpBinding.POST);
    }

    public static SamlClient fromMetadata(String str, String str2, Reader reader, SamlIdpBinding samlIdpBinding) throws SamlException {
        return fromMetadata(str, str2, reader, samlIdpBinding, null);
    }

    public static SamlClient fromMetadata(String str, String str2, Reader reader, SamlIdpBinding samlIdpBinding, List<X509Certificate> list) throws SamlException {
        ensureOpenSamlIsInitialized();
        EntityDescriptor entityDescriptor = getEntityDescriptor(createMetadataResolver(skipBom(reader)));
        IDPSSODescriptor iDPSSODescriptor = getIDPSSODescriptor(entityDescriptor);
        SingleSignOnService singleSignOnService = null;
        if (iDPSSODescriptor.getSingleSignOnServices() != null && !iDPSSODescriptor.getSingleSignOnServices().isEmpty()) {
            singleSignOnService = getIdpBinding(iDPSSODescriptor, samlIdpBinding);
        }
        List<X509Certificate> certificates = getCertificates(iDPSSODescriptor);
        boolean contains = entityDescriptor.getEntityID().contains(".okta.com");
        if (str == null) {
            if (!contains) {
                throw new IllegalArgumentException("relyingPartyIdentifier");
            }
            str = entityDescriptor.getEntityID();
        }
        if (singleSignOnService != null && str2 == null && contains) {
            str2 = singleSignOnService.getLocation();
        }
        if (list != null) {
            certificates.addAll(list);
        }
        return new SamlClient(str, str2, singleSignOnService != null ? singleSignOnService.getLocation() : str2, entityDescriptor.getEntityID(), certificates, samlIdpBinding);
    }

    private static InputStream skipBom(Reader reader) throws SamlException {
        try {
            return new BOMInputStream(IOUtils.toInputStream(IOUtils.toString(reader), StandardCharsets.UTF_8), false);
        } catch (IOException e) {
            throw new SamlException("Couldn't read metadata", e);
        }
    }

    private static Reader decodeAndInflate(String str, String str2) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decodeBase64(str));
        return "GET".equals(str2) ? new InputStreamReader(new InflaterInputStream(byteArrayInputStream, new Inflater(true)), StandardCharsets.UTF_8) : new InputStreamReader(byteArrayInputStream, StandardCharsets.UTF_8);
    }

    private static synchronized void ensureOpenSamlIsInitialized() throws SamlException {
        if (initializedOpenSaml) {
            return;
        }
        try {
            InitializationService.initialize();
            initializedOpenSaml = true;
        } catch (Throwable th) {
            throw new SamlException("Error while initializing the Open SAML library", th);
        }
    }

    private static BasicParserPool createDOMParser() throws SamlException {
        BasicParserPool basicParserPool = new BasicParserPool();
        try {
            basicParserPool.initialize();
            return basicParserPool;
        } catch (ComponentInitializationException e) {
            throw new SamlException("Failed to create an XML parser");
        }
    }

    private static DOMMetadataResolver createMetadataResolver(InputStream inputStream) throws SamlException {
        try {
            Document parse = createDOMParser().parse(inputStream);
            if (parse.getDocumentElement() == null) {
                throw new SamlException("Id Provider Entity Descriptor is empty");
            }
            DOMMetadataResolver dOMMetadataResolver = new DOMMetadataResolver(parse.getDocumentElement());
            dOMMetadataResolver.setId("componentId");
            dOMMetadataResolver.initialize();
            return dOMMetadataResolver;
        } catch (XMLParserException | ComponentInitializationException e) {
            throw new SamlException("Cannot load identity provider metadata", e);
        }
    }

    private static EntityDescriptor getEntityDescriptor(DOMMetadataResolver dOMMetadataResolver) throws SamlException {
        ArrayList arrayList = new ArrayList();
        Objects.requireNonNull(arrayList);
        arrayList.getClass();
        dOMMetadataResolver.forEach((v1) -> {
            r1.add(v1);
        });
        if (arrayList.size() != 1) {
            throw new SamlException("Bad entity descriptor count: " + arrayList.size());
        }
        return (EntityDescriptor) arrayList.get(0);
    }

    private static IDPSSODescriptor getIDPSSODescriptor(EntityDescriptor entityDescriptor) throws SamlException {
        IDPSSODescriptor iDPSSODescriptor = entityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        if (iDPSSODescriptor == null) {
            throw new SamlException("Cannot retrieve IDP SSO descriptor");
        }
        return iDPSSODescriptor;
    }

    private static SingleSignOnService getIdpBinding(IDPSSODescriptor iDPSSODescriptor, SamlIdpBinding samlIdpBinding) throws SamlException {
        return (SingleSignOnService) iDPSSODescriptor.getSingleSignOnServices().stream().filter(singleSignOnService -> {
            return singleSignOnService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-" + samlIdpBinding.toString());
        }).findAny().orElseThrow(() -> {
            return new SamlException("Cannot find HTTP-POST SSO binding in metadata");
        });
    }

    private static List<X509Certificate> getCertificates(IDPSSODescriptor iDPSSODescriptor) throws SamlException {
        try {
            return (List) iDPSSODescriptor.getKeyDescriptors().stream().filter(keyDescriptor -> {
                return keyDescriptor.getUse() == UsageType.SIGNING;
            }).flatMap(SamlClient::getDatasWithCertificates).map(SamlClient::getFirstCertificate).collect(Collectors.toList());
        } catch (Exception e) {
            throw new SamlException("Exception in getCertificates", e);
        }
    }

    private static Stream<X509Data> getDatasWithCertificates(KeyDescriptor keyDescriptor) {
        return keyDescriptor.getKeyInfo().getX509Datas().stream().filter(x509Data -> {
            return x509Data.getX509Certificates().size() > 0;
        });
    }

    private static X509Certificate getFirstCertificate(X509Data x509Data) {
        try {
            org.opensaml.xmlsec.signature.X509Certificate x509Certificate = (org.opensaml.xmlsec.signature.X509Certificate) x509Data.getX509Certificates().stream().findFirst().orElse(null);
            if (x509Certificate != null) {
                return KeyInfoSupport.getCertificate(x509Certificate);
            }
            return null;
        } catch (CertificateException e) {
            log.error("Exception in getFirstCertificate", e);
            return null;
        }
    }

    private static Credential getCredential(X509Certificate x509Certificate) {
        BasicX509Credential basicX509Credential = new BasicX509Credential(x509Certificate);
        basicX509Credential.setCRLs(Collections.emptyList());
        return basicX509Credential;
    }

    public SamlLogoutResponse decodeAndValidateSamlLogoutResponse(String str, String str2, String str3) throws SamlException {
        LogoutResponse parseResponse = parseResponse(str, str3);
        if (!parseResponse.getInResponseTo().equals(str2)) {
            throw new SamlException("The response 'inResponseTo' value didn't match the expected value");
        }
        ValidatorUtils.validate(parseResponse, this.responseIssuer, this.credentials);
        return new SamlLogoutResponse(parseResponse.getStatus());
    }

    public void decodeAndValidateSamlLogoutRequest(String str, String str2, String str3) throws SamlException {
        ValidatorUtils.validate(parseResponse(str, str3), this.responseIssuer, this.credentials, str2);
    }

    public void setSPKeys(String str, String str2) throws SamlException {
        this.spCredential = generateBasicX509Credential(str, str2);
    }

    private BasicX509Credential generateBasicX509Credential(String str, String str2) throws SamlException {
        if (str == null || str2 == null) {
            throw new SamlException("No credentials provided");
        }
        return new BasicX509Credential(loadCertificate(str), loadPrivateKey(str2));
    }

    public void setSPKeys(X509Certificate x509Certificate, PrivateKey privateKey) throws SamlException {
        if (x509Certificate == null || privateKey == null) {
            throw new SamlException("No credentials provided");
        }
        this.spCredential = new BasicX509Credential(x509Certificate, privateKey);
    }

    private RequestAbstractType getBasicSamlRequest(QName qName) {
        RequestAbstractType buildSamlObject = buildSamlObject(qName);
        buildSamlObject.setID("z" + UUID.randomUUID().toString());
        buildSamlObject.setVersion(SAMLVersion.VERSION_20);
        buildSamlObject.setIssueInstant(DateTime.now());
        Issuer buildSamlObject2 = buildSamlObject(Issuer.DEFAULT_ELEMENT_NAME);
        buildSamlObject2.setValue(this.relyingPartyIdentifier);
        buildSamlObject.setIssuer(buildSamlObject2);
        return buildSamlObject;
    }

    private String marshallAndEncodeSamlObject(RequestAbstractType requestAbstractType) throws SamlException {
        try {
            StringWriter marshallXmlObject = marshallXmlObject(requestAbstractType);
            log.trace("Issuing SAML request: {}", marshallXmlObject.toString());
            return Base64.encodeBase64String(marshallXmlObject.toString().getBytes(StandardCharsets.UTF_8));
        } catch (MarshallingException e) {
            throw new SamlException("Error while marshalling SAML request to XML", e);
        }
    }

    public SamlRequest getSamlRequest() throws SamlException {
        AuthnRequest basicSamlRequest = getBasicSamlRequest(AuthnRequest.DEFAULT_ELEMENT_NAME);
        basicSamlRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-" + this.samlBinding.toString());
        basicSamlRequest.setDestination(this.identityProviderUrl);
        basicSamlRequest.setAssertionConsumerServiceURL(this.assertionConsumerServiceUrl);
        NameIDPolicy buildSamlObject = buildSamlObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
        buildSamlObject.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        basicSamlRequest.setNameIDPolicy(buildSamlObject);
        signSAMLObject(basicSamlRequest);
        return new SamlRequest(marshallAndEncodeSamlObject(basicSamlRequest), basicSamlRequest.getID());
    }

    public SamlRequest getLogoutRequest(String str, String str2) throws SamlException {
        LogoutRequest basicSamlRequest = getBasicSamlRequest(LogoutRequest.DEFAULT_ELEMENT_NAME);
        NameID buildSamlObject = buildSamlObject(NameID.DEFAULT_ELEMENT_NAME);
        buildSamlObject.setValue(str);
        basicSamlRequest.setNameID(buildSamlObject);
        if (StringUtils.isNotBlank(str2)) {
            SessionIndex buildObject = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject.setSessionIndex(str2);
            basicSamlRequest.getSessionIndexes().add(buildObject);
        }
        signSAMLObject(basicSamlRequest);
        return new SamlRequest(marshallAndEncodeSamlObject(basicSamlRequest), basicSamlRequest.getID());
    }

    public String getSamlLogoutResponse(String str, String str2, String str3) throws SamlException {
        LogoutResponse buildSamlObject = buildSamlObject(LogoutResponse.DEFAULT_ELEMENT_NAME);
        buildSamlObject.setID("z" + UUID.randomUUID());
        buildSamlObject.setVersion(SAMLVersion.VERSION_20);
        buildSamlObject.setIssueInstant(DateTime.now());
        buildSamlObject.setInResponseTo(str3);
        Issuer buildSamlObject2 = buildSamlObject(Issuer.DEFAULT_ELEMENT_NAME);
        buildSamlObject2.setValue(this.relyingPartyIdentifier);
        buildSamlObject.setIssuer(buildSamlObject2);
        Status buildSamlObject3 = buildSamlObject(Status.DEFAULT_ELEMENT_NAME);
        StatusCode buildObject = new StatusCodeBuilder().buildObject();
        buildObject.setValue(str);
        buildSamlObject3.setStatusCode(buildObject);
        if (str2 != null) {
            StatusMessage buildObject2 = new StatusMessageBuilder().buildObject();
            buildObject2.setMessage(str2);
            buildSamlObject3.setStatusMessage(buildObject2);
        }
        buildSamlObject.setStatus(buildSamlObject3);
        signSAMLObject(buildSamlObject);
        try {
            StringWriter marshallXmlObject = marshallXmlObject(buildSamlObject);
            log.trace("Issuing SAML Logout request: {}", marshallXmlObject);
            return Base64.encodeBase64String(marshallXmlObject.toString().getBytes(StandardCharsets.UTF_8));
        } catch (MarshallingException e) {
            throw new SamlException("Error while marshalling SAML request to XML", e);
        }
    }

    private static XMLObject buildSamlObject(QName qName) {
        return XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
    }

    private void decodeEncryptedAssertion(Response response) throws DecryptionException {
        if (response.getEncryptedAssertions().size() != 0) {
            for (EncryptedAssertion encryptedAssertion : response.getEncryptedAssertions()) {
                ArrayList arrayList = new ArrayList();
                if (this.spCredential != null) {
                    arrayList.add(new StaticKeyInfoCredentialResolver(this.spCredential));
                }
                if (!this.additionalSpCredentials.isEmpty()) {
                    arrayList.add(new CollectionKeyInfoCredentialResolver(this.additionalSpCredentials));
                }
                Decrypter decrypter = new Decrypter((KeyInfoCredentialResolver) null, new ChainingKeyInfoCredentialResolver(arrayList), new InlineEncryptedKeyResolver());
                decrypter.setRootInNewDocument(true);
                response.getAssertions().add(decrypter.decrypt(encryptedAssertion));
            }
        }
    }

    private X509Certificate loadCertificate(String str) throws SamlException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream);
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bufferedInputStream);
                    bufferedInputStream.close();
                    fileInputStream.close();
                    return x509Certificate;
                } catch (Throwable th) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (FileNotFoundException e) {
            throw new SamlException("Public key file doesn't exist", e);
        } catch (Exception e2) {
            throw new SamlException("Couldn't load public key", e2);
        }
    }

    private PrivateKey loadPrivateKey(String str) throws SamlException {
        try {
            RandomAccessFile randomAccessFile = new RandomAccessFile(str, "r");
            try {
                byte[] bArr = new byte[(int) randomAccessFile.length()];
                randomAccessFile.readFully(bArr);
                PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
                randomAccessFile.close();
                return generatePrivate;
            } finally {
            }
        } catch (FileNotFoundException e) {
            throw new SamlException("Private key file doesn't exist", e);
        } catch (Exception e2) {
            throw new SamlException("Couldn't load private key", e2);
        }
    }

    private StringWriter marshallXmlObject(XMLObject xMLObject) throws MarshallingException {
        StringWriter stringWriter = new StringWriter();
        XMLHelper.writeNode(XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject), stringWriter);
        return stringWriter;
    }

    private SAMLObject parseResponse(String str, String str2) throws SamlException {
        log.trace("Validating SAML response {}", str);
        try {
            Document parse = this.domParser.parse(decodeAndInflate(str, str2));
            return XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(parse.getDocumentElement()).unmarshall(parse.getDocumentElement());
        } catch (XMLParserException | UnmarshallingException e) {
            throw new SamlException("Cannot decode xml encoded response", e);
        }
    }

    private void signSAMLObject(SignableSAMLObject signableSAMLObject) throws SamlException {
        if (this.spCredential != null) {
            try {
                Signature buildObject = new SignatureBuilder().buildObject(Signature.DEFAULT_ELEMENT_NAME);
                buildObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
                buildObject.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
                X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
                x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
                x509KeyInfoGeneratorFactory.setEmitPublicKeyValue(true);
                KeyInfoGenerator newInstance = x509KeyInfoGeneratorFactory.newInstance();
                buildObject.setKeyInfo(newInstance.generate(this.spCredential));
                buildObject.setSigningCredential(this.spCredential);
                signableSAMLObject.setSignature(buildObject);
                SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
                signatureSigningParameters.setSigningCredential(this.spCredential);
                signatureSigningParameters.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
                signatureSigningParameters.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
                signatureSigningParameters.setKeyInfoGenerator(newInstance);
                SignatureSupport.signObject(signableSAMLObject, signatureSigningParameters);
            } catch (MarshallingException | SignatureException | SecurityException e) {
                throw new SamlException("Failed to sign request", e);
            }
        }
    }
}
