package org.opensaml.xmlsec.encryption.support;

import com.google.common.base.Strings;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.signature.RetrievalMethod;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-343-04.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-xmlsec-api-3.1.1.jar:org/opensaml/xmlsec/encryption/support/SimpleRetrievalMethodEncryptedKeyResolver.class */
public class SimpleRetrievalMethodEncryptedKeyResolver extends AbstractEncryptedKeyResolver {
    private final Logger log;

    public SimpleRetrievalMethodEncryptedKeyResolver() {
        this.log = LoggerFactory.getLogger(SimpleRetrievalMethodEncryptedKeyResolver.class);
    }

    public SimpleRetrievalMethodEncryptedKeyResolver(@Nullable Set<String> set) {
        super(set);
        this.log = LoggerFactory.getLogger(SimpleRetrievalMethodEncryptedKeyResolver.class);
    }

    public SimpleRetrievalMethodEncryptedKeyResolver(@Nullable String str) {
        this((Set<String>) Collections.singleton(str));
    }

    @Override // org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver
    @Nonnull
    public Iterable<EncryptedKey> resolve(@Nonnull EncryptedData encryptedData) {
        Constraint.isNotNull(encryptedData, "EncryptedData cannot be null");
        ArrayList arrayList = new ArrayList();
        if (encryptedData.getKeyInfo() == null) {
            return arrayList;
        }
        for (RetrievalMethod retrievalMethod : encryptedData.getKeyInfo().getRetrievalMethods()) {
            if (Objects.equals(retrievalMethod.getType(), EncryptionConstants.TYPE_ENCRYPTED_KEY)) {
                if (retrievalMethod.getTransforms() != null) {
                    this.log.warn("EncryptedKey RetrievalMethod has transforms, cannot process");
                } else {
                    EncryptedKey dereferenceURI = dereferenceURI(retrievalMethod);
                    if (dereferenceURI != null && matchRecipient(dereferenceURI.getRecipient())) {
                        arrayList.add(dereferenceURI);
                    }
                }
            }
        }
        return arrayList;
    }

    @Nullable
    protected EncryptedKey dereferenceURI(@Nonnull RetrievalMethod retrievalMethod) {
        String uri = retrievalMethod.getURI();
        if (Strings.isNullOrEmpty(uri) || !uri.startsWith("#")) {
            this.log.warn("EncryptedKey RetrievalMethod did not contain a same-document URI reference, cannot process");
            return null;
        }
        XMLObject resolveIDFromRoot = retrievalMethod.resolveIDFromRoot(uri.substring(1));
        if (resolveIDFromRoot == null) {
            this.log.warn("EncryptedKey RetrievalMethod URI could not be dereferenced");
            return null;
        }
        if (resolveIDFromRoot instanceof EncryptedKey) {
            return (EncryptedKey) resolveIDFromRoot;
        }
        this.log.warn("The product of dereferencing the EncryptedKey RetrievalMethod was not an EncryptedKey");
        return null;
    }
}
