package dk.gov.oio.saml.service;

import dk.gov.oio.saml.util.ExternalException;
import dk.gov.oio.saml.util.InternalException;
import java.util.ArrayList;
import org.apache.log4j.Logger;
import org.opensaml.core.config.InitializationException;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;

/* loaded from: input_file:dk/gov/oio/saml/service/AssertionService.class */
public class AssertionService {
    private static final Logger log = Logger.getLogger(AssertionService.class);

    public Assertion getAssertion(Response response) throws InternalException, ExternalException {
        if (response.getEncryptedAssertions().size() > 0) {
            return decryptAssertion((EncryptedAssertion) response.getEncryptedAssertions().get(0));
        }
        if (response.getAssertions().size() > 0) {
            return (Assertion) response.getAssertions().get(0);
        }
        throw new ExternalException("No assertion in SAML response!");
    }

    private Assertion decryptAssertion(EncryptedAssertion encryptedAssertion) throws InternalException, ExternalException {
        if (log.isDebugEnabled()) {
            log.debug("Decrypting Assertion");
        }
        try {
            try {
                CredentialService credentialService = CredentialService.getInstance();
                ArrayList arrayList = new ArrayList();
                arrayList.add(credentialService.getPrimaryBasicX509Credential());
                BasicX509Credential secondaryBasicX509Credential = credentialService.getSecondaryBasicX509Credential();
                if (secondaryBasicX509Credential != null) {
                    arrayList.add(secondaryBasicX509Credential);
                }
                StaticKeyInfoCredentialResolver staticKeyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(arrayList);
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(new InlineEncryptedKeyResolver());
                arrayList2.add(new EncryptedElementTypeEncryptedKeyResolver());
                arrayList2.add(new SimpleRetrievalMethodEncryptedKeyResolver());
                Decrypter decrypter = new Decrypter((KeyInfoCredentialResolver) null, staticKeyInfoCredentialResolver, new ChainingEncryptedKeyResolver(arrayList2));
                decrypter.setRootInNewDocument(true);
                return decrypter.decrypt(encryptedAssertion);
            } catch (InitializationException e) {
                throw new InternalException("CredentialService was not initialized", e);
            }
        } catch (DecryptionException e2) {
            throw new ExternalException("Could not decrypt provided EncryptedAssertion", e2);
        }
    }
}
