package org.opensaml.saml.saml2.profile.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import java.util.ArrayList;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.opensaml.saml.saml2.core.ArtifactResponse;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusResponseType;
import org.opensaml.saml.saml2.profile.context.EncryptionContext;
import org.opensaml.xmlsec.EncryptionParameters;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-410.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-saml-impl-3.1.1.jar:org/opensaml/saml/saml2/profile/impl/EncryptAttributes.class */
public class EncryptAttributes extends AbstractEncryptAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(EncryptAttributes.class);

    @Nonnull
    private Function<ProfileRequestContext, StatusResponseType> responseLookupStrategy = Functions.compose(new MessageLookup(StatusResponseType.class), new OutboundMessageContextLookup());

    @Nullable
    private Response response;

    public void setResponseLookupStrategy(@Nonnull Function<ProfileRequestContext, StatusResponseType> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.responseLookupStrategy = (Function) Constraint.isNotNull(function, "Response lookup strategy cannot be null");
    }

    @Override // org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction
    @Nullable
    protected EncryptionParameters getApplicableParameters(@Nullable EncryptionContext encryptionContext) {
        if (encryptionContext != null) {
            return encryptionContext.getAttributeEncryptionParameters();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction, org.opensaml.profile.action.AbstractConditionalProfileAction, org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        StatusResponseType apply = this.responseLookupStrategy.apply(profileRequestContext);
        if (apply != null) {
            if (apply instanceof Response) {
                this.response = (Response) apply;
            } else if ((apply instanceof ArtifactResponse) && (((ArtifactResponse) apply).getMessage() instanceof Response)) {
                this.response = (Response) ((ArtifactResponse) apply).getMessage();
            }
        }
        if (this.response != null && !this.response.getAssertions().isEmpty()) {
            return super.doPreExecute(profileRequestContext);
        }
        this.log.debug("{} Response was not present or contained no assertions, nothing to do", getLogPrefix());
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        Iterator<Assertion> it = this.response.getAssertions().iterator();
        while (it.hasNext()) {
            for (AttributeStatement attributeStatement : it.next().getAttributeStatements()) {
                ArrayList arrayList = new ArrayList(attributeStatement.getAttributes().size());
                for (Attribute attribute : attributeStatement.getAttributes()) {
                    try {
                        if (this.log.isDebugEnabled()) {
                            try {
                                this.log.debug("{} Attribute before encryption:\n{}", getLogPrefix(), SerializeSupport.prettyPrintXML(XMLObjectSupport.marshall(attribute)));
                            } catch (MarshallingException e) {
                                this.log.error("{} Unable to marshall Attribute for logging purposes", getLogPrefix(), e);
                            }
                        }
                        arrayList.add(getEncrypter().encrypt(attribute));
                    } catch (EncryptionException e2) {
                        this.log.warn("{} Error encrypting attribute", getLogPrefix(), e2);
                        ActionSupport.buildEvent(profileRequestContext, EventIds.UNABLE_TO_ENCRYPT);
                        return;
                    }
                }
                attributeStatement.getEncryptedAttributes().addAll(arrayList);
                attributeStatement.getAttributes().clear();
            }
        }
    }
}
