package com.adobe.granite.auth.saml.util;

import java.security.Key;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.xml.namespace.NamespaceContext;
import javax.xml.namespace.QName;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import javax.xml.xpath.XPathVariableResolver;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
import org.apache.xml.security.keys.storage.StorageResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/adobe/granite/auth/saml/util/RetrievalMethodEncryptedKeyResolver.class */
public class RetrievalMethodEncryptedKeyResolver extends KeyResolverSpi {
    private static Logger log = LoggerFactory.getLogger((Class<?>) RetrievalMethodEncryptedKeyResolver.class);
    private static final String ATTR_RETRIEVAL_METHOD = "ds:RetrievalMethod";
    private static final String TYPE_ENCRYPTED_KEY = "http://www.w3.org/2001/04/xmlenc#EncryptedKey";
    private static final String NS_PREFIX_XENC = "xenc";
    private static final String NS_URI_XENC = "http://www.w3.org/2001/04/xmlenc#";
    private final String algorithm;
    private Key decryptionKey;

    /* loaded from: input_file:com/adobe/granite/auth/saml/util/RetrievalMethodEncryptedKeyResolver$SimpleVariableResolver.class */
    private class SimpleVariableResolver implements XPathVariableResolver {
        private final Map<QName, Object> vars;

        private SimpleVariableResolver() {
            this.vars = new HashMap();
        }

        public void addVariable(QName qName, Object obj) {
            this.vars.put(qName, obj);
        }

        @Override // javax.xml.xpath.XPathVariableResolver
        public Object resolveVariable(QName qName) {
            return this.vars.get(qName);
        }
    }

    public RetrievalMethodEncryptedKeyResolver(String str, Key key) {
        this.algorithm = str;
        this.decryptionKey = key;
    }

    public boolean engineCanResolve(Element element, String str, StorageResolver storageResolver) {
        return ATTR_RETRIEVAL_METHOD.equals(element.getLocalName()) && TYPE_ENCRYPTED_KEY.equals(element.getAttributeNS(null, "Type"));
    }

    public SecretKey engineLookupAndResolveSecretKey(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        log.debug("Lookup and resolve secret key: ", element, str);
        String attributeNS = element.getAttributeNS(null, "URI");
        if (attributeNS == null || attributeNS.isEmpty()) {
            return null;
        }
        XPath newXPath = XPathFactory.newInstance().newXPath();
        newXPath.setNamespaceContext(new NamespaceContext() { // from class: com.adobe.granite.auth.saml.util.RetrievalMethodEncryptedKeyResolver.1
            HashMap<String, String> namespaceMap = new HashMap<String, String>() { // from class: com.adobe.granite.auth.saml.util.RetrievalMethodEncryptedKeyResolver.1.1
                {
                    put(RetrievalMethodEncryptedKeyResolver.NS_PREFIX_XENC, RetrievalMethodEncryptedKeyResolver.NS_URI_XENC);
                }
            };
            HashMap<String, String> prefixMap = new HashMap<String, String>() { // from class: com.adobe.granite.auth.saml.util.RetrievalMethodEncryptedKeyResolver.1.2
                {
                    put(RetrievalMethodEncryptedKeyResolver.NS_URI_XENC, RetrievalMethodEncryptedKeyResolver.NS_PREFIX_XENC);
                }
            };

            @Override // javax.xml.namespace.NamespaceContext
            public String getNamespaceURI(String str2) {
                return this.namespaceMap.get(str2);
            }

            @Override // javax.xml.namespace.NamespaceContext
            public String getPrefix(String str2) {
                return this.prefixMap.get(str2);
            }

            @Override // javax.xml.namespace.NamespaceContext
            public Iterator getPrefixes(String str2) {
                return null;
            }
        });
        try {
            SimpleVariableResolver simpleVariableResolver = new SimpleVariableResolver();
            simpleVariableResolver.addVariable(new QName("Id"), attributeNS.substring(1));
            newXPath.setXPathVariableResolver(simpleVariableResolver);
            Element element2 = (Element) newXPath.evaluate("//xenc:EncryptedKey[@Id=$Id]", element.getOwnerDocument(), XPathConstants.NODE);
            XMLCipher xMLCipher = XMLCipher.getInstance();
            xMLCipher.init(4, this.decryptionKey);
            SecretKey secretKey = (SecretKey) xMLCipher.decryptKey(xMLCipher.loadEncryptedKey(element2), this.algorithm);
            log.debug("Got secret key: " + secretKey);
            return secretKey;
        } catch (XPathExpressionException e) {
            log.error("Error retrieving secret key: ", (Throwable) e);
            return null;
        } catch (XMLEncryptionException e2) {
            e2.printStackTrace();
            return null;
        }
    }
}
