package org.opensaml.xmlsec.impl;

import java.util.Collections;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.xmlsec.DecryptionConfiguration;
import org.opensaml.xmlsec.DecryptionParameters;
import org.opensaml.xmlsec.DecryptionParametersResolver;
import org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-464.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-xmlsec-impl-3.1.1.jar:org/opensaml/xmlsec/impl/BasicDecryptionParametersResolver.class */
public class BasicDecryptionParametersResolver extends AbstractSecurityParametersResolver<DecryptionParameters> implements DecryptionParametersResolver {
    private Logger log = LoggerFactory.getLogger(BasicDecryptionParametersResolver.class);

    @Nonnull
    public Iterable<DecryptionParameters> resolve(@Nonnull CriteriaSet criteriaSet) throws ResolverException {
        DecryptionParameters resolveSingle = resolveSingle(criteriaSet);
        return resolveSingle != null ? Collections.singletonList(resolveSingle) : Collections.emptyList();
    }

    @Nullable
    public DecryptionParameters resolveSingle(@Nonnull CriteriaSet criteriaSet) throws ResolverException {
        Constraint.isNotNull(criteriaSet, "CriteriaSet was null");
        Constraint.isNotNull(criteriaSet.get(DecryptionConfigurationCriterion.class), "Resolver requires an instance of DecryptionConfigurationCriterion");
        DecryptionParameters decryptionParameters = new DecryptionParameters();
        resolveAndPopulateWhiteAndBlacklists(decryptionParameters, criteriaSet, ((DecryptionConfigurationCriterion) criteriaSet.get(DecryptionConfigurationCriterion.class)).getConfigurations());
        decryptionParameters.setDataKeyInfoCredentialResolver(resolveDataKeyInfoCredentialResolver(criteriaSet));
        decryptionParameters.setKEKKeyInfoCredentialResolver(resolveKEKKeyInfoCredentialResolver(criteriaSet));
        decryptionParameters.setEncryptedKeyResolver(resolveEncryptedKeyResolver(criteriaSet));
        logResult(decryptionParameters);
        return decryptionParameters;
    }

    protected void logResult(@Nonnull DecryptionParameters decryptionParameters) {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Resolved DecryptionParameters:");
            this.log.debug("\tAlgorithm whitelist: {}", decryptionParameters.getWhitelistedAlgorithms());
            this.log.debug("\tAlgorithm blacklist: {}", decryptionParameters.getBlacklistedAlgorithms());
            this.log.debug("\tData KeyInfoCredentialResolver: {}", decryptionParameters.getDataKeyInfoCredentialResolver() != null ? "present" : "null");
            this.log.debug("\tKEK KeyInfoCredentialResolver: {}", decryptionParameters.getKEKKeyInfoCredentialResolver() != null ? "present" : "null");
            this.log.debug("\tEncryptedKeyResolver: {}", decryptionParameters.getEncryptedKeyResolver() != null ? "present" : "null");
        }
    }

    @Nullable
    protected EncryptedKeyResolver resolveEncryptedKeyResolver(@Nonnull CriteriaSet criteriaSet) {
        for (DecryptionConfiguration decryptionConfiguration : ((DecryptionConfigurationCriterion) criteriaSet.get(DecryptionConfigurationCriterion.class)).getConfigurations()) {
            if (decryptionConfiguration.getEncryptedKeyResolver() != null) {
                return decryptionConfiguration.getEncryptedKeyResolver();
            }
        }
        return null;
    }

    @Nullable
    protected KeyInfoCredentialResolver resolveKEKKeyInfoCredentialResolver(@Nonnull CriteriaSet criteriaSet) {
        for (DecryptionConfiguration decryptionConfiguration : ((DecryptionConfigurationCriterion) criteriaSet.get(DecryptionConfigurationCriterion.class)).getConfigurations()) {
            if (decryptionConfiguration.getKEKKeyInfoCredentialResolver() != null) {
                return decryptionConfiguration.getKEKKeyInfoCredentialResolver();
            }
        }
        return null;
    }

    @Nullable
    protected KeyInfoCredentialResolver resolveDataKeyInfoCredentialResolver(@Nonnull CriteriaSet criteriaSet) {
        for (DecryptionConfiguration decryptionConfiguration : ((DecryptionConfigurationCriterion) criteriaSet.get(DecryptionConfigurationCriterion.class)).getConfigurations()) {
            if (decryptionConfiguration.getDataKeyInfoCredentialResolver() != null) {
                return decryptionConfiguration.getDataKeyInfoCredentialResolver();
            }
        }
        return null;
    }
}
