package org.opensaml.saml.saml2.encryption;

import com.google.common.base.Strings;
import java.security.Key;
import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.BaseID;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.EncryptedAttribute;
import org.opensaml.saml.saml2.core.EncryptedElementType;
import org.opensaml.saml.saml2.core.EncryptedID;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NewEncryptedID;
import org.opensaml.saml.saml2.core.NewID;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.xmlsec.encryption.CarriedKeyName;
import org.opensaml.xmlsec.encryption.DataReference;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.encryption.ReferenceList;
import org.opensaml.xmlsec.encryption.XMLEncryptionBuilder;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.KeyName;
import org.opensaml.xmlsec.signature.RetrievalMethod;
import org.opensaml.xmlsec.signature.XMLSignatureBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:lib/opensaml-saml-api-3.3.0.jar:org/opensaml/saml/saml2/encryption/Encrypter.class */
public class Encrypter extends org.opensaml.xmlsec.encryption.support.Encrypter {
    private XMLObjectBuilderFactory builderFactory;
    private XMLSignatureBuilder<KeyInfo> keyInfoBuilder;
    private XMLEncryptionBuilder<DataReference> dataReferenceBuilder;
    private XMLEncryptionBuilder<ReferenceList> referenceListBuilder;
    private XMLSignatureBuilder<RetrievalMethod> retrievalMethodBuilder;
    private XMLSignatureBuilder<KeyName> keyNameBuilder;
    private XMLEncryptionBuilder<CarriedKeyName> carriedKeyNameBuilder;
    private IdentifierGenerationStrategy idGenerator;
    private DataEncryptionParameters encParams;
    private List<KeyEncryptionParameters> kekParamsList;
    private KeyPlacement keyPlacement;
    private final Logger log = LoggerFactory.getLogger((Class<?>) Encrypter.class);

    /* loaded from: input_file:lib/opensaml-saml-api-3.3.0.jar:org/opensaml/saml/saml2/encryption/Encrypter$KeyPlacement.class */
    public enum KeyPlacement {
        PEER,
        INLINE
    }

    public Encrypter(DataEncryptionParameters dataEncryptionParameters, List<KeyEncryptionParameters> list) {
        this.encParams = dataEncryptionParameters;
        this.kekParamsList = list;
        init();
    }

    public Encrypter(DataEncryptionParameters dataEncryptionParameters, KeyEncryptionParameters keyEncryptionParameters) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(keyEncryptionParameters);
        this.encParams = dataEncryptionParameters;
        this.kekParamsList = arrayList;
        init();
    }

    public Encrypter(DataEncryptionParameters dataEncryptionParameters) {
        ArrayList arrayList = new ArrayList();
        this.encParams = dataEncryptionParameters;
        this.kekParamsList = arrayList;
        init();
    }

    private void init() {
        this.builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
        this.keyInfoBuilder = (XMLSignatureBuilder) this.builderFactory.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);
        this.dataReferenceBuilder = (XMLEncryptionBuilder) this.builderFactory.getBuilder(DataReference.DEFAULT_ELEMENT_NAME);
        this.referenceListBuilder = (XMLEncryptionBuilder) this.builderFactory.getBuilder(ReferenceList.DEFAULT_ELEMENT_NAME);
        this.retrievalMethodBuilder = (XMLSignatureBuilder) this.builderFactory.getBuilder(RetrievalMethod.DEFAULT_ELEMENT_NAME);
        this.keyNameBuilder = (XMLSignatureBuilder) this.builderFactory.getBuilder(KeyName.DEFAULT_ELEMENT_NAME);
        this.carriedKeyNameBuilder = (XMLEncryptionBuilder) this.builderFactory.getBuilder(CarriedKeyName.DEFAULT_ELEMENT_NAME);
        this.idGenerator = new RandomIdentifierGenerationStrategy();
        this.keyPlacement = KeyPlacement.PEER;
    }

    public void setIDGenerator(IdentifierGenerationStrategy identifierGenerationStrategy) {
        this.idGenerator = identifierGenerationStrategy;
    }

    public KeyPlacement getKeyPlacement() {
        return this.keyPlacement;
    }

    public void setKeyPlacement(KeyPlacement keyPlacement) {
        this.keyPlacement = keyPlacement;
    }

    public EncryptedAssertion encrypt(Assertion assertion) throws EncryptionException {
        logPreEncryption(assertion, "Assertion");
        return (EncryptedAssertion) encrypt(assertion, EncryptedAssertion.DEFAULT_ELEMENT_NAME);
    }

    public EncryptedID encryptAsID(Assertion assertion) throws EncryptionException {
        logPreEncryption(assertion, "Assertion (as EncryptedID)");
        return (EncryptedID) encrypt(assertion, EncryptedID.DEFAULT_ELEMENT_NAME);
    }

    public EncryptedAttribute encrypt(Attribute attribute) throws EncryptionException {
        logPreEncryption(attribute, "Attribute");
        return (EncryptedAttribute) encrypt(attribute, EncryptedAttribute.DEFAULT_ELEMENT_NAME);
    }

    public EncryptedID encrypt(NameID nameID) throws EncryptionException {
        logPreEncryption(nameID, NameID.DEFAULT_ELEMENT_LOCAL_NAME);
        return (EncryptedID) encrypt(nameID, EncryptedID.DEFAULT_ELEMENT_NAME);
    }

    public EncryptedID encrypt(BaseID baseID) throws EncryptionException {
        logPreEncryption(baseID, BaseID.DEFAULT_ELEMENT_LOCAL_NAME);
        return (EncryptedID) encrypt(baseID, EncryptedID.DEFAULT_ELEMENT_NAME);
    }

    public NewEncryptedID encrypt(NewID newID) throws EncryptionException {
        logPreEncryption(newID, NewID.DEFAULT_ELEMENT_LOCAL_NAME);
        return (NewEncryptedID) encrypt(newID, NewEncryptedID.DEFAULT_ELEMENT_NAME);
    }

    private void logPreEncryption(XMLObject xMLObject, String str) {
        if (this.log.isDebugEnabled()) {
            try {
                this.log.debug("{} before encryption:\n{}", str, SerializeSupport.prettyPrintXML(XMLObjectSupport.marshall(xMLObject)));
            } catch (MarshallingException e) {
                this.log.error("Unable to marshall {} for logging purposes", str, e);
            }
        }
    }

    private EncryptedElementType encrypt(XMLObject xMLObject, QName qName) throws EncryptionException {
        checkParams(this.encParams, this.kekParamsList);
        EncryptedElementType encryptedElementType = (EncryptedElementType) this.builderFactory.getBuilder(qName).buildObject(qName);
        checkAndMarshall(encryptedElementType);
        Document ownerDocument = encryptedElementType.getDOM().getOwnerDocument();
        String algorithm = this.encParams.getAlgorithm();
        Key extractEncryptionKey = CredentialSupport.extractEncryptionKey(this.encParams.getEncryptionCredential());
        if (extractEncryptionKey == null) {
            extractEncryptionKey = generateEncryptionKey(algorithm);
        }
        EncryptedData encryptElement = encryptElement(xMLObject, extractEncryptionKey, algorithm, false);
        if (this.encParams.getKeyInfoGenerator() != null) {
            KeyInfoGenerator keyInfoGenerator = this.encParams.getKeyInfoGenerator();
            this.log.debug("Dynamically generating KeyInfo from Credential for EncryptedData using generator: {}", keyInfoGenerator.getClass().getName());
            try {
                encryptElement.setKeyInfo(keyInfoGenerator.generate(this.encParams.getEncryptionCredential()));
            } catch (SecurityException e) {
                throw new EncryptionException("Error generating EncryptedData KeyInfo", e);
            }
        }
        List<EncryptedKey> arrayList = new ArrayList<>();
        if (this.kekParamsList != null && !this.kekParamsList.isEmpty()) {
            arrayList.addAll(encryptKey(extractEncryptionKey, this.kekParamsList, ownerDocument));
        }
        return processElements(encryptedElementType, encryptElement, arrayList);
    }

    protected EncryptedElementType processElements(EncryptedElementType encryptedElementType, EncryptedData encryptedData, List<EncryptedKey> list) throws EncryptionException {
        if (encryptedData.getID() == null) {
            encryptedData.setID(this.idGenerator.generateIdentifier());
        }
        if (list.isEmpty()) {
            encryptedElementType.setEncryptedData(encryptedData);
            return encryptedElementType;
        }
        if (encryptedData.getKeyInfo() == null) {
            encryptedData.setKeyInfo(this.keyInfoBuilder.buildObject());
        }
        for (EncryptedKey encryptedKey : list) {
            if (encryptedKey.getID() == null) {
                encryptedKey.setID(this.idGenerator.generateIdentifier());
            }
        }
        switch (this.keyPlacement) {
            case INLINE:
                return placeKeysInline(encryptedElementType, encryptedData, list);
            case PEER:
                return placeKeysAsPeers(encryptedElementType, encryptedData, list);
            default:
                throw new EncryptionException("Unsupported key placement option was specified: " + this.keyPlacement);
        }
    }

    protected EncryptedElementType placeKeysInline(EncryptedElementType encryptedElementType, EncryptedData encryptedData, List<EncryptedKey> list) {
        this.log.debug("Placing EncryptedKey elements inline inside EncryptedData");
        encryptedData.getKeyInfo().getEncryptedKeys().addAll(list);
        encryptedElementType.setEncryptedData(encryptedData);
        return encryptedElementType;
    }

    protected EncryptedElementType placeKeysAsPeers(EncryptedElementType encryptedElementType, EncryptedData encryptedData, List<EncryptedKey> list) {
        this.log.debug("Placing EncryptedKey elements as peers of EncryptedData in EncryptedElementType");
        for (EncryptedKey encryptedKey : list) {
            if (encryptedKey.getReferenceList() == null) {
                encryptedKey.setReferenceList(this.referenceListBuilder.buildObject());
            }
        }
        if (list.size() == 1) {
            linkSinglePeerKey(encryptedData, list.get(0));
        } else if (list.size() > 1) {
            linkMultiplePeerKeys(encryptedData, list);
        }
        encryptedElementType.setEncryptedData(encryptedData);
        encryptedElementType.getEncryptedKeys().addAll(list);
        return encryptedElementType;
    }

    protected void linkSinglePeerKey(EncryptedData encryptedData, EncryptedKey encryptedKey) {
        this.log.debug("Linking single peer EncryptedKey with RetrievalMethod and DataReference");
        RetrievalMethod buildObject = this.retrievalMethodBuilder.buildObject();
        buildObject.setURI("#" + encryptedKey.getID());
        buildObject.setType(EncryptionConstants.TYPE_ENCRYPTED_KEY);
        encryptedData.getKeyInfo().getRetrievalMethods().add(buildObject);
        DataReference buildObject2 = this.dataReferenceBuilder.buildObject();
        buildObject2.setURI("#" + encryptedData.getID());
        encryptedKey.getReferenceList().getDataReferences().add(buildObject2);
    }

    protected void linkMultiplePeerKeys(EncryptedData encryptedData, List<EncryptedKey> list) {
        String str;
        this.log.debug("Linking multiple peer EncryptedKeys with CarriedKeyName and DataReference");
        List<KeyName> keyNames = encryptedData.getKeyInfo().getKeyNames();
        if (keyNames.size() == 0 || Strings.isNullOrEmpty(keyNames.get(0).getValue())) {
            String generateIdentifier = this.idGenerator.generateIdentifier();
            this.log.debug("EncryptedData encryption key had no KeyName, generated one for use in CarriedKeyName: {}", generateIdentifier);
            KeyName keyName = keyNames.get(0);
            if (keyName == null) {
                keyName = this.keyNameBuilder.buildObject();
                keyNames.add(keyName);
            }
            keyName.setValue(generateIdentifier);
            str = generateIdentifier;
        } else {
            str = keyNames.get(0).getValue();
        }
        for (EncryptedKey encryptedKey : list) {
            if (encryptedKey.getCarriedKeyName() == null) {
                encryptedKey.setCarriedKeyName(this.carriedKeyNameBuilder.buildObject());
            }
            encryptedKey.getCarriedKeyName().setValue(str);
            DataReference buildObject = this.dataReferenceBuilder.buildObject();
            buildObject.setURI("#" + encryptedData.getID());
            encryptedKey.getReferenceList().getDataReferences().add(buildObject);
        }
    }
}
