package se.litsec.opensaml.xmlsec;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.saml2.core.EncryptedElementType;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.DecryptionConfiguration;
import org.opensaml.xmlsec.DecryptionParameters;
import org.opensaml.xmlsec.encryption.support.Decrypter;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;

/* loaded from: input_file:se/litsec/opensaml/xmlsec/SAMLObjectDecrypter.class */
public class SAMLObjectDecrypter {
    private Decrypter decrypter;
    private DecryptionParameters parameters;

    public SAMLObjectDecrypter(Credential credential) {
        this((List<Credential>) Collections.singletonList(credential));
    }

    public SAMLObjectDecrypter(List<Credential> list) {
        this.parameters = new DecryptionParameters();
        this.parameters.setKEKKeyInfoCredentialResolver(new StaticKeyInfoCredentialResolver(list));
        this.parameters.setEncryptedKeyResolver(new InlineEncryptedKeyResolver());
    }

    public SAMLObjectDecrypter(DecryptionParameters decryptionParameters) {
        this.parameters = new DecryptionParameters();
        this.parameters.setDataKeyInfoCredentialResolver(decryptionParameters.getDataKeyInfoCredentialResolver());
        this.parameters.setKEKKeyInfoCredentialResolver(decryptionParameters.getKEKKeyInfoCredentialResolver());
        this.parameters.setEncryptedKeyResolver(decryptionParameters.getEncryptedKeyResolver());
        this.parameters.setBlacklistedAlgorithms(decryptionParameters.getBlacklistedAlgorithms());
        this.parameters.setWhitelistedAlgorithms(decryptionParameters.getWhitelistedAlgorithms());
    }

    public SAMLObjectDecrypter(DecryptionConfiguration decryptionConfiguration) {
        this.parameters = new DecryptionParameters();
        this.parameters.setDataKeyInfoCredentialResolver(decryptionConfiguration.getDataKeyInfoCredentialResolver());
        this.parameters.setKEKKeyInfoCredentialResolver(decryptionConfiguration.getKEKKeyInfoCredentialResolver());
        this.parameters.setEncryptedKeyResolver(decryptionConfiguration.getEncryptedKeyResolver());
        this.parameters.setBlacklistedAlgorithms(decryptionConfiguration.getBlacklistedAlgorithms());
        this.parameters.setWhitelistedAlgorithms(decryptionConfiguration.getWhitelistedAlgorithms());
    }

    public <T extends XMLObject, E extends EncryptedElementType> T decrypt(E e, Class<T> cls) throws DecryptionException {
        if (e.getEncryptedData() == null) {
            throw new DecryptionException("Object contains no encrypted data");
        }
        XMLObject decryptData = getDecrypter().decryptData(e.getEncryptedData());
        if (cls.isInstance(decryptData)) {
            return cls.cast(decryptData);
        }
        throw new DecryptionException(String.format("Decrypted object can not be cast to %s - is %s", cls.getSimpleName(), decryptData.getClass().getSimpleName()));
    }

    private synchronized Decrypter getDecrypter() {
        if (this.decrypter == null) {
            this.decrypter = new Decrypter(this.parameters);
        }
        return this.decrypter;
    }

    public void setBlacklistedAlgorithms(Collection<String> collection) {
        if (this.decrypter != null) {
            throw new IllegalStateException("Object has already been initialized");
        }
        this.parameters.setBlacklistedAlgorithms(collection);
    }

    public void setWhitelistedAlgorithms(Collection<String> collection) {
        if (this.decrypter != null) {
            throw new IllegalStateException("Object has already been initialized");
        }
        this.parameters.setWhitelistedAlgorithms(collection);
    }
}
