package de.governikus.panstar.sdk.utils.saml;

import de.governikus.panstar.sdk.utils.exception.SAMLInternalErrorException;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.schema.impl.XSAnyUnmarshaller;
import org.opensaml.saml.saml2.encryption.Encrypter;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.EncryptionConfiguration;
import org.opensaml.xmlsec.SecurityConfigurationSupport;
import org.opensaml.xmlsec.agreement.KeyAgreementException;
import org.opensaml.xmlsec.agreement.KeyAgreementParameters;
import org.opensaml.xmlsec.agreement.KeyAgreementSupport;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.encryption.support.KeyAgreementEncryptionConfiguration;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.RSAOAEPParameters;
import org.opensaml.xmlsec.keyinfo.impl.KeyAgreementKeyInfoGeneratorFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:de/governikus/panstar/sdk/utils/saml/SamlEncrypterUtils.class */
public final class SamlEncrypterUtils {
    private SamlEncrypterUtils() {
    }

    public static EncryptedData getEncryptedData(Document document, X509Certificate x509Certificate) throws SAMLInternalErrorException {
        DataEncryptionParameters createDataEncryptionParameters = createDataEncryptionParameters();
        KeyEncryptionParameters keyEncryptionParameters = getKeyEncryptionParameters(x509Certificate, false);
        try {
            return setupEncrypter(createDataEncryptionParameters, keyEncryptionParameters).encryptElement(new XSAnyUnmarshaller().unmarshall(document.getDocumentElement()), createDataEncryptionParameters, keyEncryptionParameters);
        } catch (EncryptionException e) {
            throw new SAMLInternalErrorException("Could not encrypt xml object.", e);
        } catch (UnmarshallingException e2) {
            throw new SAMLInternalErrorException("Could not unmarshall xml object.", e2);
        }
    }

    public static Encrypter setupEncrypter(X509Certificate x509Certificate) throws SAMLInternalErrorException {
        return setupEncrypter(createDataEncryptionParameters(), getKeyEncryptionParameters(x509Certificate, false));
    }

    public static Encrypter setupEncrypter(X509Certificate x509Certificate, boolean z) throws SAMLInternalErrorException {
        return setupEncrypter(createDataEncryptionParameters(), getKeyEncryptionParameters(x509Certificate, z));
    }

    private static Encrypter setupEncrypter(DataEncryptionParameters dataEncryptionParameters, KeyEncryptionParameters keyEncryptionParameters) {
        Encrypter encrypter = new Encrypter(dataEncryptionParameters, keyEncryptionParameters);
        encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);
        return encrypter;
    }

    private static KeyEncryptionParameters getKeyEncryptionParameters(X509Certificate x509Certificate, boolean z) throws SAMLInternalErrorException {
        KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
        if ("EC".equals(x509Certificate.getPublicKey().getAlgorithm())) {
            keyEncryptionParameters.setAlgorithm("http://www.w3.org/2001/04/xmlenc#kw-aes256");
            keyEncryptionParameters.setEncryptionCredential(getKeyAgreementCredential(CredentialSupport.getSimpleCredential(x509Certificate, (PrivateKey) null)));
            keyEncryptionParameters.setKeyInfoGenerator(new KeyAgreementKeyInfoGeneratorFactory().newInstance());
            return keyEncryptionParameters;
        }
        if (!"RSA".equals(x509Certificate.getPublicKey().getAlgorithm())) {
            throw new SAMLInternalErrorException("Not supported or unknown standard algorithm name: " + x509Certificate.getPublicKey().getAlgorithm());
        }
        keyEncryptionParameters.setAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        keyEncryptionParameters.setEncryptionCredential(CredentialSupport.getSimpleCredential(x509Certificate, (PrivateKey) null));
        keyEncryptionParameters.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2001/04/xmlenc#sha256", (String) null, (String) null));
        if (z) {
            keyEncryptionParameters.setKeyInfoGenerator(((EncryptionConfiguration) ConfigurationService.get(EncryptionConfiguration.class)).getKeyTransportKeyInfoGeneratorManager().getDefaultManager().getFactory(new BasicX509Credential(x509Certificate)).newInstance());
        }
        return keyEncryptionParameters;
    }

    static Credential getKeyAgreementCredential(Credential credential) throws SAMLInternalErrorException {
        try {
            Collection parameters = ((KeyAgreementEncryptionConfiguration) SecurityConfigurationSupport.getGlobalEncryptionConfiguration().getKeyAgreementConfigurations().get("EC")).getParameters();
            if (parameters == null) {
                throw new SAMLInternalErrorException("Key agreement parameters are null");
            }
            return KeyAgreementSupport.getProcessor("http://www.w3.org/2009/xmlenc11#ECDH-ES").execute(credential, "http://www.w3.org/2001/04/xmlenc#kw-aes256", new KeyAgreementParameters(parameters));
        } catch (KeyAgreementException e) {
            throw new SAMLInternalErrorException("Could not generate key agreement credentials", e);
        }
    }

    private static DataEncryptionParameters createDataEncryptionParameters() throws SAMLInternalErrorException {
        try {
            Credential generateSymmetricKeyAndCredential = AlgorithmSupport.generateSymmetricKeyAndCredential("http://www.w3.org/2009/xmlenc11#aes256-gcm");
            DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters();
            dataEncryptionParameters.setAlgorithm("http://www.w3.org/2009/xmlenc11#aes256-gcm");
            dataEncryptionParameters.setEncryptionCredential(generateSymmetricKeyAndCredential);
            return dataEncryptionParameters;
        } catch (KeyException | NoSuchAlgorithmException e) {
            throw new SAMLInternalErrorException("Could not generate symmetric key.", e);
        }
    }
}
