package com.liferay.saml.opensaml.integration.internal.decryption;

import com.liferay.portal.kernel.util.HashMapDictionary;
import com.liferay.saml.opensaml.integration.metadata.MetadataManager;
import com.liferay.saml.runtime.SamlException;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import java.util.Collections;
import java.util.Dictionary;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.DecryptionParameters;
import org.opensaml.xmlsec.SecurityConfigurationSupport;
import org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion;
import org.opensaml.xmlsec.impl.BasicDecryptionParametersResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.osgi.framework.BundleContext;
import org.osgi.framework.Constants;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, service = {})
/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/decryption/DecrypterRegistrator.class */
public class DecrypterRegistrator {
    private ServiceRegistration<Decrypter> _decrypterServiceRegistration;

    @Reference
    private MetadataManager _metadataManager;

    @Reference
    private ParserPool _parserPool;

    @Reference
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;

    /* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/decryption/DecrypterRegistrator$CustomParserPoolDecrypter.class */
    private class CustomParserPoolDecrypter extends Decrypter {
        public CustomParserPoolDecrypter(DecryptionParameters decryptionParameters) {
            super(decryptionParameters);
        }

        @Override // org.opensaml.xmlsec.encryption.support.Decrypter
        protected ParserPool buildParserPool() {
            return DecrypterRegistrator.this._parserPool;
        }
    }

    /* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/decryption/DecrypterRegistrator$DefaultKeyInfoCredentialResolver.class */
    private class DefaultKeyInfoCredentialResolver implements KeyInfoCredentialResolver {
        private DefaultKeyInfoCredentialResolver() {
        }

        @Override // net.shibboleth.utilities.java.support.resolver.Resolver
        public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws ResolverException {
            return Collections.singletonList(resolveSingle(criteriaSet));
        }

        @Override // net.shibboleth.utilities.java.support.resolver.Resolver
        public Credential resolveSingle(CriteriaSet criteriaSet) throws ResolverException {
            try {
                return DecrypterRegistrator.this._metadataManager.getEncryptionCredential();
            } catch (SamlException e) {
                throw new ResolverException(e);
            }
        }
    }

    @Activate
    protected void activate(BundleContext bundleContext) throws ResolverException {
        DecryptionParameters resolveSingle = new BasicDecryptionParametersResolver().resolveSingle((BasicDecryptionParametersResolver) new CriteriaSet(new DecryptionConfigurationCriterion(SecurityConfigurationSupport.getGlobalDecryptionConfiguration())));
        if (resolveSingle == null) {
            throw new ResolverException("Unable to resolve decryption parameters from the configuration");
        }
        resolveSingle.setKEKKeyInfoCredentialResolver(new DefaultKeyInfoCredentialResolver());
        CustomParserPoolDecrypter customParserPoolDecrypter = new CustomParserPoolDecrypter(resolveSingle);
        customParserPoolDecrypter.setRootInNewDocument(true);
        this._decrypterServiceRegistration = bundleContext.registerService((Class<Class>) Decrypter.class, (Class) customParserPoolDecrypter, (Dictionary<String, ?>) new HashMapDictionary<String, Object>() { // from class: com.liferay.saml.opensaml.integration.internal.decryption.DecrypterRegistrator.1
            {
                put(Constants.SERVICE_RANKING, Integer.MIN_VALUE);
            }
        });
    }

    @Deactivate
    protected void deactivate() {
        this._decrypterServiceRegistration.unregister();
    }
}
