package org.springframework.security.saml2.provider.service.authentication;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.EncryptedAttribute;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.CollectionKeyInfoCredentialResolver;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/springframework/security/saml2/provider/service/authentication/OpenSamlDecryptionUtils.class */
public final class OpenSamlDecryptionUtils {
    private static final EncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(Arrays.asList(new InlineEncryptedKeyResolver(), new EncryptedElementTypeEncryptedKeyResolver(), new SimpleRetrievalMethodEncryptedKeyResolver()));

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void decryptResponseElements(Response response, RelyingPartyRegistration relyingPartyRegistration) {
        Decrypter decrypter = decrypter(relyingPartyRegistration);
        Iterator it = response.getEncryptedAssertions().iterator();
        while (it.hasNext()) {
            try {
                response.getAssertions().add(decrypter.decrypt((EncryptedAssertion) it.next()));
            } catch (Exception e) {
                throw new Saml2Exception(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void decryptAssertionElements(Assertion assertion, RelyingPartyRegistration relyingPartyRegistration) {
        Decrypter decrypter = decrypter(relyingPartyRegistration);
        for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
            Iterator it = attributeStatement.getEncryptedAttributes().iterator();
            while (it.hasNext()) {
                try {
                    attributeStatement.getAttributes().add(decrypter.decrypt((EncryptedAttribute) it.next()));
                } catch (Exception e) {
                    throw new Saml2Exception(e);
                }
            }
        }
        if (assertion.getSubject() == null || assertion.getSubject().getEncryptedID() == null) {
            return;
        }
        try {
            assertion.getSubject().setNameID(decrypter.decrypt(assertion.getSubject().getEncryptedID()));
        } catch (Exception e2) {
            throw new Saml2Exception(e2);
        }
    }

    private static Decrypter decrypter(RelyingPartyRegistration relyingPartyRegistration) {
        ArrayList arrayList = new ArrayList();
        for (Saml2X509Credential saml2X509Credential : relyingPartyRegistration.getDecryptionX509Credentials()) {
            arrayList.add(CredentialSupport.getSimpleCredential(saml2X509Credential.getCertificate(), saml2X509Credential.getPrivateKey()));
        }
        Decrypter decrypter = new Decrypter((KeyInfoCredentialResolver) null, new CollectionKeyInfoCredentialResolver(arrayList), encryptedKeyResolver);
        decrypter.setRootInNewDocument(true);
        return decrypter;
    }

    private OpenSamlDecryptionUtils() {
    }
}
