package uk.gov.ida.saml.security.validators.encryptedelementtype;

import com.google.common.collect.ImmutableSet;
import java.util.Set;
import org.opensaml.saml.saml2.core.EncryptedElementType;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.encryption.EncryptionMethod;
import uk.gov.ida.saml.core.validation.SamlTransformationErrorException;
import uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure;
import uk.gov.ida.saml.security.errors.SamlTransformationErrorFactory;

/* loaded from: input_file:uk/gov/ida/saml/security/validators/encryptedelementtype/EncryptionAlgorithmValidator.class */
public class EncryptionAlgorithmValidator {
    private final Set<String> algorithmWhitelist;
    private final Set<String> keyTransportAlgorithmWhitelist;

    public EncryptionAlgorithmValidator() {
        this.algorithmWhitelist = ImmutableSet.of("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        this.keyTransportAlgorithmWhitelist = ImmutableSet.of("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
    }

    public EncryptionAlgorithmValidator(Set<String> set, Set<String> set2) {
        this.algorithmWhitelist = set;
        this.keyTransportAlgorithmWhitelist = set2;
    }

    public void validate(EncryptedElementType encryptedElementType) {
        EncryptionMethod encryptionMethod;
        String algorithm = encryptedElementType.getEncryptedData().getEncryptionMethod().getAlgorithm();
        if (!this.algorithmWhitelist.contains(algorithm)) {
            SamlValidationSpecificationFailure unsupportedEncryptionAlgortithm = SamlTransformationErrorFactory.unsupportedEncryptionAlgortithm(algorithm);
            throw new SamlTransformationErrorException(unsupportedEncryptionAlgortithm.getErrorMessage(), unsupportedEncryptionAlgortithm.getLogLevel());
        }
        if (encryptedElementType.getEncryptedKeys().size() != 0) {
            encryptionMethod = ((EncryptedKey) encryptedElementType.getEncryptedKeys().get(0)).getEncryptionMethod();
        } else {
            if (encryptedElementType.getEncryptedData().getKeyInfo().getEncryptedKeys().size() == 0) {
                SamlValidationSpecificationFailure unableToLocateEncryptedKey = SamlTransformationErrorFactory.unableToLocateEncryptedKey();
                throw new SamlTransformationErrorException(unableToLocateEncryptedKey.getErrorMessage(), unableToLocateEncryptedKey.getLogLevel());
            }
            encryptionMethod = ((EncryptedKey) encryptedElementType.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0)).getEncryptionMethod();
        }
        String algorithm2 = encryptionMethod.getAlgorithm();
        if (this.keyTransportAlgorithmWhitelist.contains(algorithm2)) {
            return;
        }
        SamlValidationSpecificationFailure unsupportedKeyEncryptionAlgorithm = SamlTransformationErrorFactory.unsupportedKeyEncryptionAlgorithm(algorithm2);
        throw new SamlTransformationErrorException(unsupportedKeyEncryptionAlgorithm.getErrorMessage(), unsupportedKeyEncryptionAlgorithm.getLogLevel());
    }
}
