package dk.digitalidentity.samlmodule.service.saml;

import dk.digitalidentity.samlmodule.service.DISAML_CredentialService;
import dk.digitalidentity.samlmodule.util.RequestDecodeUtil;
import dk.digitalidentity.samlmodule.util.exceptions.ExternalException;
import dk.digitalidentity.samlmodule.util.exceptions.InternalException;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:dk/digitalidentity/samlmodule/service/saml/DISAML_AssertionService.class */
public class DISAML_AssertionService {

    @Autowired
    private DISAML_CredentialService credentialService;

    public MessageContext<SAMLObject> getMessageContext(HttpServletRequest httpServletRequest) throws InternalException, ExternalException {
        return RequestDecodeUtil.getMessageContext(httpServletRequest);
    }

    public Response getResponse(MessageContext<SAMLObject> messageContext) {
        return (Response) messageContext.getMessage();
    }

    public Assertion getAssertion(Response response) throws InternalException, ExternalException {
        if (!response.getEncryptedAssertions().isEmpty()) {
            return decryptAssertion((EncryptedAssertion) response.getEncryptedAssertions().get(0));
        }
        if (response.getAssertions().isEmpty()) {
            throw new ExternalException("No assertion in SAML response!");
        }
        return (Assertion) response.getAssertions().get(0);
    }

    private Assertion decryptAssertion(EncryptedAssertion encryptedAssertion) throws InternalException, ExternalException {
        try {
            StaticKeyInfoCredentialResolver staticKeyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(this.credentialService.getBasicX509Credential());
            ArrayList arrayList = new ArrayList();
            arrayList.add(new InlineEncryptedKeyResolver());
            arrayList.add(new EncryptedElementTypeEncryptedKeyResolver());
            arrayList.add(new SimpleRetrievalMethodEncryptedKeyResolver());
            Decrypter decrypter = new Decrypter((KeyInfoCredentialResolver) null, staticKeyInfoCredentialResolver, new ChainingEncryptedKeyResolver(arrayList));
            decrypter.setRootInNewDocument(true);
            return decrypter.decrypt(encryptedAssertion);
        } catch (DecryptionException e) {
            throw new ExternalException("Could not decrypt provided EncryptedAssertion", e);
        }
    }
}
