package uk.gov.ida.saml.security;

import com.google.common.collect.ImmutableList;
import java.security.Key;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.EncryptedElementType;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import uk.gov.ida.saml.security.errors.SamlTransformationErrorFactory;
import uk.gov.ida.saml.security.exception.SamlFailedToDecryptException;
import uk.gov.ida.saml.security.validators.ValidatedEncryptedAssertionContainer;
import uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator;

/* loaded from: input_file:uk/gov/ida/saml/security/AssertionDecrypter.class */
public class AssertionDecrypter {
    protected final EncryptionAlgorithmValidator encryptionAlgorithmValidator;
    private Decrypter decrypter;

    public AssertionDecrypter(EncryptionAlgorithmValidator encryptionAlgorithmValidator, Decrypter decrypter) {
        this.encryptionAlgorithmValidator = encryptionAlgorithmValidator;
        this.decrypter = decrypter;
    }

    public List<Assertion> decryptAssertions(ValidatedEncryptedAssertionContainer validatedEncryptedAssertionContainer) {
        List<EncryptedAssertion> encryptedAssertions = validatedEncryptedAssertionContainer.getEncryptedAssertions();
        ImmutableList.Builder builder = ImmutableList.builder();
        if (encryptedAssertions.isEmpty()) {
            return builder.build();
        }
        this.decrypter.setRootInNewDocument(true);
        Iterator<EncryptedAssertion> it = encryptedAssertions.iterator();
        while (it.hasNext()) {
            EncryptedElementType encryptedElementType = (EncryptedAssertion) it.next();
            try {
                this.encryptionAlgorithmValidator.validate(encryptedElementType);
                builder.add(this.decrypter.decrypt(encryptedElementType));
            } catch (DecryptionException e) {
                throw new SamlFailedToDecryptException(SamlTransformationErrorFactory.unableToDecrypt("Problem decrypting assertion " + encryptedElementType + "."), (Exception) e);
            }
        }
        return builder.build();
    }

    public List<String> getReEncryptedKeys(ValidatedEncryptedAssertionContainer validatedEncryptedAssertionContainer, SecretKeyEncrypter secretKeyEncrypter, String str) {
        Iterator it;
        ArrayList arrayList = new ArrayList();
        String str2 = "";
        for (EncryptedAssertion encryptedAssertion : validatedEncryptedAssertionContainer.getEncryptedAssertions()) {
            if (encryptedAssertion.getEncryptedKeys().size() > 0) {
                it = encryptedAssertion.getEncryptedKeys().iterator();
            } else {
                if (encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().size() <= 0) {
                    throw new SamlFailedToDecryptException(SamlTransformationErrorFactory.unableToLocateEncryptedKey());
                }
                it = encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().iterator();
            }
            Key key = null;
            while (it.hasNext() && key == null) {
                try {
                    EncryptedKey encryptedKey = (EncryptedKey) it.next();
                    str2 = encryptedKey.getEncryptionMethod().getAlgorithm();
                    key = this.decrypter.decryptKey(encryptedKey, str2);
                    arrayList.add(secretKeyEncrypter.encryptKeyForEntity(key, str));
                } catch (DecryptionException e) {
                    if (!it.hasNext()) {
                        throw new SamlFailedToDecryptException(SamlTransformationErrorFactory.unableToDecryptXMLEncryptionKey(str2), (Exception) e);
                    }
                }
            }
        }
        return arrayList;
    }
}
