package se.litsec.eidas.opensaml.xmlsec;

import java.util.ArrayList;
import java.util.Arrays;
import org.opensaml.xmlsec.DecryptionConfiguration;
import org.opensaml.xmlsec.EncryptionConfiguration;
import org.opensaml.xmlsec.SignatureSigningConfiguration;
import org.opensaml.xmlsec.SignatureValidationConfiguration;
import org.opensaml.xmlsec.WhitelistBlacklistConfiguration;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.encryption.support.RSAOAEPParameters;
import org.opensaml.xmlsec.impl.BasicDecryptionConfiguration;
import org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration;
import org.opensaml.xmlsec.impl.BasicSignatureValidationConfiguration;
import se.litsec.eidas.opensaml.common.EidasConstants;
import se.swedenconnect.opensaml.xmlsec.BasicExtendedEncryptionConfiguration;
import se.swedenconnect.opensaml.xmlsec.config.AbstractSecurityConfiguration;
import se.swedenconnect.opensaml.xmlsec.config.ExtendedDefaultSecurityConfigurationBootstrap;

/* loaded from: input_file:se/litsec/eidas/opensaml/xmlsec/EidasSecurityConfiguration.class */
public class EidasSecurityConfiguration extends AbstractSecurityConfiguration {
    public String getProfileName() {
        return EidasConstants.EIDAS_PREFIX;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EncryptionConfiguration createDefaultEncryptionConfiguration() {
        BasicExtendedEncryptionConfiguration buildDefaultEncryptionConfiguration = ExtendedDefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration();
        buildDefaultEncryptionConfiguration.setDataEncryptionAlgorithms(Arrays.asList("http://www.w3.org/2009/xmlenc11#aes256-gcm", "http://www.w3.org/2009/xmlenc11#aes192-gcm", "http://www.w3.org/2009/xmlenc11#aes128-gcm"));
        buildDefaultEncryptionConfiguration.setKeyTransportEncryptionAlgorithms(Arrays.asList("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmlenc#kw-aes256", "http://www.w3.org/2001/04/xmlenc#kw-aes128"));
        buildDefaultEncryptionConfiguration.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2009/xmlenc11#mgf1sha1", (String) null));
        return buildDefaultEncryptionConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DecryptionConfiguration createDefaultDecryptionConfiguration() {
        BasicDecryptionConfiguration buildDefaultDecryptionConfiguration = DefaultSecurityConfigurationBootstrap.buildDefaultDecryptionConfiguration();
        buildDefaultDecryptionConfiguration.setWhitelistBlacklistPrecedence(WhitelistBlacklistConfiguration.Precedence.WHITELIST);
        buildDefaultDecryptionConfiguration.setWhitelistedAlgorithms(Arrays.asList("http://www.w3.org/2009/xmlenc11#aes256-gcm", "http://www.w3.org/2009/xmlenc11#aes192-gcm", "http://www.w3.org/2009/xmlenc11#aes128-gcm", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmlenc#kw-aes256", "http://www.w3.org/2001/04/xmlenc#kw-aes128", "http://www.w3.org/2009/xmlenc11#ECDH-ES"));
        return buildDefaultDecryptionConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SignatureSigningConfiguration createDefaultSignatureSigningConfiguration() {
        BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
        ArrayList arrayList = new ArrayList(buildDefaultSignatureSigningConfiguration.getBlacklistedAlgorithms());
        arrayList.addAll(Arrays.asList("http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2001/04/xmldsig-more#sha224", "http://www.w3.org/2001/04/xmlenc#ripemd160"));
        buildDefaultSignatureSigningConfiguration.setBlacklistedAlgorithms(arrayList);
        buildDefaultSignatureSigningConfiguration.setSignatureAlgorithms(Arrays.asList("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1", "http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1", "http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"));
        buildDefaultSignatureSigningConfiguration.setSignatureReferenceDigestMethods(Arrays.asList("http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha512"));
        return buildDefaultSignatureSigningConfiguration;
    }

    protected SignatureValidationConfiguration createDefaultSignatureValidationConfiguration() {
        BasicSignatureValidationConfiguration buildDefaultSignatureValidationConfiguration = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureValidationConfiguration();
        buildDefaultSignatureValidationConfiguration.setWhitelistBlacklistPrecedence(WhitelistBlacklistConfiguration.Precedence.WHITELIST);
        buildDefaultSignatureValidationConfiguration.setWhitelistedAlgorithms(Arrays.asList("http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2001/04/xmlenc#sha512", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1", "http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1", "http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"));
        return buildDefaultSignatureValidationConfiguration;
    }
}
