package dk.itst.oiosaml.sp.model;

import dk.itst.oiosaml.helper.DeveloperHelper;
import dk.itst.oiosaml.logging.Logger;
import dk.itst.oiosaml.logging.LoggerFactory;
import dk.itst.oiosaml.sp.model.validation.ValidationException;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.encryption.Decrypter;
import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver;
import org.opensaml.xml.encryption.DecryptionException;
import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;

/* loaded from: input_file:dk/itst/oiosaml/sp/model/OIOEncryptedAssertion.class */
public class OIOEncryptedAssertion {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OIOEncryptedAssertion.class);
    private final EncryptedAssertion encrypted;

    public OIOEncryptedAssertion(EncryptedAssertion encryptedAssertion) {
        this.encrypted = encryptedAssertion;
        if (encryptedAssertion.getEncryptedData().getType() == null) {
            encryptedAssertion.getEncryptedData().setType("http://www.w3.org/2001/04/xmlenc#Element");
        }
    }

    public OIOAssertion decryptAssertion(Credential credential) {
        StaticKeyInfoCredentialResolver staticKeyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(credential);
        ChainingEncryptedKeyResolver chainingEncryptedKeyResolver = new ChainingEncryptedKeyResolver();
        chainingEncryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver());
        chainingEncryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver());
        chainingEncryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver());
        try {
            if (log.isDebugEnabled()) {
                log.debug("Assertion encrypted: " + this.encrypted);
            }
            Decrypter decrypter = new Decrypter((KeyInfoCredentialResolver) null, staticKeyInfoCredentialResolver, chainingEncryptedKeyResolver);
            decrypter.setRootInNewDocument(true);
            Assertion decrypt = decrypter.decrypt(this.encrypted);
            if (log.isDebugEnabled()) {
                log.debug("Decrypted assertion: " + new OIOAssertion(decrypt).toXML());
            }
            return new OIOAssertion(decrypt);
        } catch (DecryptionException e) {
            DeveloperHelper.log("Unable to decrypt assertion - this might be caused by using Oracle Java without installing the \"Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files\".");
            throw new ValidationException((Exception) e);
        }
    }
}
