package org.opensaml.saml.security.impl;

import com.google.common.base.Function;
import com.google.common.collect.Iterables;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.xmlsec.EncryptionConfiguration;
import org.opensaml.xmlsec.EncryptionParameters;
import org.opensaml.xmlsec.EncryptionParametersResolver;
import org.opensaml.xmlsec.SecurityConfigurationSupport;
import org.opensaml.xmlsec.criterion.EncryptionConfigurationCriterion;
import org.opensaml.xmlsec.impl.BasicEncryptionConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-saml-impl-3.3.1.jar:org/opensaml/saml/security/impl/InlineSelfEncryptionParametersStrategy.class */
public class InlineSelfEncryptionParametersStrategy implements Function<Pair<ProfileRequestContext, EncryptionParameters>, List<EncryptionParameters>> {
    private Logger log;

    @Nonnull
    private CredentialResolver credentialResolver;

    @Nonnull
    private EncryptionParametersResolver encParamsresolver;

    @Nullable
    private Function<ProfileRequestContext, List<EncryptionConfiguration>> configurationLookupStrategy;

    public InlineSelfEncryptionParametersStrategy(@Nonnull CredentialResolver credentialResolver, @Nonnull EncryptionParametersResolver encryptionParametersResolver) {
        this(credentialResolver, encryptionParametersResolver, null);
    }

    public InlineSelfEncryptionParametersStrategy(@Nonnull CredentialResolver credentialResolver, @Nonnull EncryptionParametersResolver encryptionParametersResolver, @Nullable Function<ProfileRequestContext, List<EncryptionConfiguration>> function) {
        this.log = LoggerFactory.getLogger(InlineSelfEncryptionParametersStrategy.class);
        this.credentialResolver = (CredentialResolver) Constraint.isNotNull(credentialResolver, "CredentialResolver was null");
        this.encParamsresolver = (EncryptionParametersResolver) Constraint.isNotNull(encryptionParametersResolver, "EncryptionParametersResolver was null");
        this.configurationLookupStrategy = function;
    }

    @Override // com.google.common.base.Function, java.util.function.Function
    @Nullable
    public List<EncryptionParameters> apply(@Nullable Pair<ProfileRequestContext, EncryptionParameters> pair) {
        if (pair == null || pair.getFirst() == null) {
            this.log.debug("Input Pair or ProfileRequestContext was null, skipping");
            return Collections.emptyList();
        }
        List<Credential> resolveCredentials = resolveCredentials(pair.getFirst());
        if (resolveCredentials.isEmpty()) {
            this.log.debug("No self-encryption credentials were resolved, skipping further processing");
            return Collections.emptyList();
        }
        this.log.debug("Resolved {} self-encryption credentials", Integer.valueOf(resolveCredentials.size()));
        List<EncryptionConfiguration> resolveBaseConfigurations = resolveBaseConfigurations(pair.getFirst());
        this.log.debug("Resolved {} base EncryptionConfigurations", Integer.valueOf(resolveBaseConfigurations.size()));
        ArrayList arrayList = new ArrayList();
        for (Credential credential : resolveCredentials) {
            BasicEncryptionConfiguration basicEncryptionConfiguration = new BasicEncryptionConfiguration();
            basicEncryptionConfiguration.setKeyTransportEncryptionCredentials(Collections.singletonList(credential));
            if (pair.getSecond() != null && pair.getSecond().getDataEncryptionAlgorithm() != null) {
                basicEncryptionConfiguration.setDataEncryptionAlgorithms(Collections.singletonList(pair.getSecond().getDataEncryptionAlgorithm()));
            }
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(basicEncryptionConfiguration);
            arrayList2.addAll(resolveBaseConfigurations);
            try {
                Iterables.addAll(arrayList, this.encParamsresolver.resolve(new CriteriaSet(new EncryptionConfigurationCriterion(arrayList2))));
            } catch (ResolverException e) {
                this.log.error("Error resolving self-encryption parameters for Credential '{}', params from other Credentials may still succeed", credential, e);
            }
        }
        this.log.debug("Resolved {} self-encryption EncryptionParameters", Integer.valueOf(arrayList.size()));
        return arrayList;
    }

    @Nonnull
    protected List<Credential> resolveCredentials(@Nonnull ProfileRequestContext profileRequestContext) {
        try {
            ArrayList arrayList = new ArrayList();
            Iterables.addAll(arrayList, this.credentialResolver.resolve(new CriteriaSet(new UsageCriterion(UsageType.ENCRYPTION))));
            return arrayList;
        } catch (ResolverException e) {
            this.log.error("Error resolving IdP encryption credentials", (Throwable) e);
            return Collections.emptyList();
        }
    }

    @Nonnull
    protected List<EncryptionConfiguration> resolveBaseConfigurations(@Nonnull ProfileRequestContext profileRequestContext) {
        List<EncryptionConfiguration> list = null;
        if (this.configurationLookupStrategy != null) {
            this.log.debug("Self-encryption EncryptionConfiguration lookup strategy was non-null");
            list = this.configurationLookupStrategy.apply(profileRequestContext);
        } else {
            this.log.debug("Self-encryption EncryptionConfiguration lookup strategy was null");
        }
        if (list != null) {
            return list;
        }
        this.log.debug("No self-encryption EncryptionConfigurations were resolved, returning global configuration");
        return Collections.singletonList(SecurityConfigurationSupport.getGlobalEncryptionConfiguration());
    }
}
