package pl.edu.icm.yadda.aas.oblig.analyzer.module.impl;

import java.security.Key;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.util.Collection;
import javax.crypto.SecretKey;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.encryption.Decrypter;
import org.opensaml.lite.encryption.Encrypter;
import org.opensaml.lite.encryption.exc.DecryptionException;
import org.opensaml.lite.encryption.exc.EncryptionException;
import org.opensaml.lite.encryption.impl.DataReferenceImpl;
import org.opensaml.lite.encryption.impl.EncryptedKeyImpl;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.saml2.core.EncryptedAssertion;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.security.impl.CredentialImpl;
import org.opensaml.lite.security.keyinfo.impl.KeyInfoHelper;
import org.opensaml.lite.xml.signature.KeyInfo;
import org.opensaml.lite.xml.signature.RSAKeyValue;
import org.opensaml.lite.xml.signature.X509Certificate;
import org.opensaml.lite.xml.signature.X509Data;
import org.opensaml.lite.xml.signature.impl.KeyInfoImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.keystore.IKeyStore;
import pl.edu.icm.yadda.aas.keystore.KeyQueryRequest;
import pl.edu.icm.yadda.aas.keystore.KeyQueryResponse;
import pl.edu.icm.yadda.aas.keystore.KeyStoreException;
import pl.edu.icm.yadda.aas.oblig.analyzer.AnalyzerResultObject;
import pl.edu.icm.yadda.aas.oblig.analyzer.InternalObligationAnalyzerException;
import pl.edu.icm.yadda.aas.oblig.analyzer.module.IInternalObligationAnalyzerModule;
import pl.edu.icm.yadda.aas.oblig.analyzer.module.ObligationAnalyzerModuleRequest;
import pl.edu.icm.yadda.aas.utils.SecurityUtils;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-1.12.1.jar:pl/edu/icm/yadda/aas/oblig/analyzer/module/impl/EncrypterObligationAnalyzerModule.class */
public class EncrypterObligationAnalyzerModule implements IInternalObligationAnalyzerModule {
    public static final String SUPPORTED_KEY_IS_ENC_OPTIONAL = "Optional";
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private boolean optionalDefault = false;
    private String symmetricKeyAlgName = "AES";
    private int symmetricKeySize = 128;
    private Decrypter decrypter;
    private IKeyStore<Credential> keyStore;

    @Override // pl.edu.icm.yadda.aas.oblig.analyzer.module.IInternalObligationAnalyzerModule
    public boolean performAtPostprocessing() {
        return true;
    }

    protected KeyInfo getKeyInfoElement(Collection<SAMLObject> collection) {
        if (collection == null || collection.size() == 0) {
            return null;
        }
        for (SAMLObject sAMLObject : collection) {
            if (sAMLObject instanceof KeyInfo) {
                return (KeyInfo) sAMLObject;
            }
        }
        return null;
    }

    protected SecretKey getSecretKey(KeyInfo keyInfo) throws InternalObligationAnalyzerException {
        if (keyInfo == null || keyInfo.getEncryptedKeys() == null || keyInfo.getEncryptedKeys().size() <= 0) {
            try {
                this.log.debug("secret key not found in KeyInfo element, generating...");
                return SecurityUtils.generateSecretKey(this.symmetricKeyAlgName, this.symmetricKeySize);
            } catch (NoSuchAlgorithmException e) {
                throw new InternalObligationAnalyzerException("Problem occured when generating secret key!", e);
            }
        }
        this.log.debug("retrieving secret key from KeyInfo element...");
        try {
            if (keyInfo.getEncryptedKeys().size() > 1) {
                this.log.warn("found " + keyInfo.getEncryptedKeys().size() + " encrypted keys, expected one! Only the first key will be used!");
            }
            Key decryptKey = this.decrypter.decryptKey(keyInfo.getEncryptedKeys().get(0), 1);
            if (decryptKey instanceof SecretKey) {
                return (SecretKey) decryptKey;
            }
            throw new InternalObligationAnalyzerException("Only SecretKeys are supported for Assertion encryption!");
        } catch (DecryptionException e2) {
            throw new InternalObligationAnalyzerException("Problem occured when decrypting secret key!", e2);
        }
    }

    protected PublicKey getPublicKey(KeyInfo keyInfo) throws InternalObligationAnalyzerException {
        if (keyInfo == null) {
            return null;
        }
        try {
            X509Certificate x509Certificate = getX509Certificate(keyInfo);
            if (x509Certificate != null) {
                this.log.debug("Found Certificate in KeyInfo element, exctracting PublicKey...");
                return KeyInfoHelper.getCertificate(x509Certificate).getPublicKey();
            }
            RSAKeyValue rSAKeyValue = getRSAKeyValue(keyInfo);
            if (rSAKeyValue != null) {
                this.log.debug("Found RSAKeyValue in KeyInfo element, building PublicKey...");
                return KeyInfoHelper.getRSAKey(rSAKeyValue);
            }
            String keyName = getKeyName(keyInfo);
            if (keyName == null) {
                return null;
            }
            KeyQueryResponse<Credential> queryKeys = this.keyStore.queryKeys(new KeyQueryRequest(keyName));
            if (queryKeys.getCredential() != null) {
                return queryKeys.getCredential().getPublicKey();
            }
            return null;
        } catch (KeyException e) {
            throw new InternalObligationAnalyzerException("Exception occured when building RSA public key!", e);
        } catch (CertificateException e2) {
            throw new InternalObligationAnalyzerException("Exception occured when building X509Cetrificate!", e2);
        } catch (KeyStoreException e3) {
            throw new InternalObligationAnalyzerException("Exception occured when retrieving " + ((String) null) + " key from key store!", e3);
        }
    }

    protected X509Certificate getX509Certificate(KeyInfo keyInfo) throws InternalObligationAnalyzerException {
        if (keyInfo.getX509Datas() == null || keyInfo.getX509Datas().size() <= 0) {
            return null;
        }
        if (keyInfo.getX509Datas().size() > 1) {
            this.log.warn("Expected 1 X509Data, got " + keyInfo.getX509Datas().size() + ", only first will be processed!");
        }
        X509Data x509Data = keyInfo.getX509Datas().get(0);
        if (x509Data.getX509Certificates() == null || x509Data.getX509Certificates().size() <= 0) {
            return null;
        }
        if (x509Data.getX509Certificates().size() > 1) {
            this.log.warn("Expected 1 X509Cetrificate, got" + x509Data.getX509Certificates().size() + ", only first will be processed!");
        }
        return x509Data.getX509Certificates().get(0);
    }

    protected RSAKeyValue getRSAKeyValue(KeyInfo keyInfo) throws InternalObligationAnalyzerException {
        if (keyInfo.getKeyValues() == null || keyInfo.getKeyValues().size() <= 0) {
            return null;
        }
        if (keyInfo.getKeyValues().size() > 1) {
            this.log.warn("Expected 1 KeyValue, got " + keyInfo.getKeyValues().size() + ", only first will be processed!");
        }
        return keyInfo.getKeyValues().get(0).getRSAKeyValue();
    }

    protected String getKeyName(KeyInfo keyInfo) throws InternalObligationAnalyzerException {
        if (keyInfo.getKeyNames() == null || keyInfo.getKeyNames().size() <= 0) {
            return null;
        }
        if (keyInfo.getKeyNames().size() > 1) {
            this.log.warn("Expected 1 key name, got " + keyInfo.getKeyNames().size() + ", only first will be processed!");
        }
        return keyInfo.getKeyNames().get(0).getValue();
    }

    private boolean isOptional(String str) {
        return str == null ? isOptionalDefault() : str.equalsIgnoreCase("true") || str.equalsIgnoreCase("yes");
    }

    @Override // pl.edu.icm.yadda.aas.oblig.analyzer.module.IInternalObligationAnalyzerModule
    public AnalyzerResultObject maintain(ObligationAnalyzerModuleRequest obligationAnalyzerModuleRequest) throws InternalObligationAnalyzerException {
        if (obligationAnalyzerModuleRequest.getCurrentSAMLObject() == null) {
            throw new InternalObligationAnalyzerException("No assertion found! Cannot perform encryption!");
        }
        KeyInfo keyInfoElement = getKeyInfoElement(obligationAnalyzerModuleRequest.getSourceSAMLObjects());
        if (keyInfoElement == null) {
            if (isOptional((String) obligationAnalyzerModuleRequest.getObligProperties().get(SUPPORTED_KEY_IS_ENC_OPTIONAL))) {
                return new AnalyzerResultObject(obligationAnalyzerModuleRequest.getCurrentSAMLObject());
            }
            throw new InternalObligationAnalyzerException("Couldn't find KeyInfo element in request, Encryption will not be possible!");
        }
        PublicKey publicKey = getPublicKey(keyInfoElement);
        if (publicKey == null) {
            throw new InternalObligationAnalyzerException("Couldn't find PublicKey in KeyInfo element in request, Encryption will not be possible!");
        }
        SecretKey secretKey = getSecretKey(keyInfoElement);
        if (secretKey == null) {
            throw new InternalObligationAnalyzerException("Couldn't find valid SecretKey in KeyInfo element in request, Encryption will not be possible!");
        }
        if (obligationAnalyzerModuleRequest.getCurrentSAMLObject() instanceof Assertion) {
            return new AnalyzerResultObject(prepareEncryptedAssertion((Assertion) obligationAnalyzerModuleRequest.getCurrentSAMLObject(), secretKey, publicKey));
        }
        throw new InternalObligationAnalyzerException("Encrypting " + obligationAnalyzerModuleRequest.getCurrentSAMLObject().getClass().getName() + " is currently unsupported!");
    }

    protected EncryptedAssertion prepareEncryptedAssertion(Assertion assertion, SecretKey secretKey, PublicKey publicKey) throws InternalObligationAnalyzerException {
        try {
            EncryptedAssertion encrypt = new Encrypter(secretKey.getAlgorithm(), new CredentialImpl((String) null, secretKey), null).encrypt(assertion);
            Encrypter encrypter = new Encrypter(publicKey.getAlgorithm(), new CredentialImpl((String) null, publicKey), null);
            EncryptedKeyImpl encryptedKeyImpl = new EncryptedKeyImpl();
            encryptedKeyImpl.setEncryptedObject(encrypter.encryptKeyData(secretKey));
            DataReferenceImpl dataReferenceImpl = new DataReferenceImpl();
            encryptedKeyImpl.getReferenceList().getReferences().add(dataReferenceImpl);
            dataReferenceImpl.setReferencedObject(encrypt.getEncryptedData());
            KeyInfoImpl keyInfoImpl = new KeyInfoImpl();
            encrypt.getEncryptedData().setKeyInfo(keyInfoImpl);
            keyInfoImpl.getEncryptedKeys().add(encryptedKeyImpl);
            return encrypt;
        } catch (EncryptionException e) {
            throw new InternalObligationAnalyzerException("Exception occured when encrypting assertion: " + assertion.getID(), e);
        }
    }

    public boolean isOptionalDefault() {
        return this.optionalDefault;
    }

    public void setOptionalDefault(boolean z) {
        this.optionalDefault = z;
    }

    public void setDecrypter(Decrypter decrypter) {
        this.decrypter = decrypter;
    }

    public void setSymmetricKeyAlgName(String str) {
        this.symmetricKeyAlgName = str;
    }

    public void setSymmetricKeySize(int i) {
        this.symmetricKeySize = i;
    }

    public void setKeyStore(IKeyStore<Credential> iKeyStore) {
        this.keyStore = iKeyStore;
    }
}
