package org.springframework.security.saml2.provider.service.authentication.logout;

import java.util.ArrayList;
import java.util.Arrays;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.EncryptedID;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.impl.CollectionKeyInfoCredentialResolver;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.3.7.jar:org/springframework/security/saml2/provider/service/authentication/logout/LogoutRequestEncryptedIdUtils.class */
public final class LogoutRequestEncryptedIdUtils {
    private static final EncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(Arrays.asList(new InlineEncryptedKeyResolver(), new EncryptedElementTypeEncryptedKeyResolver(), new SimpleRetrievalMethodEncryptedKeyResolver()));

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SAMLObject decryptEncryptedId(EncryptedID encryptedID, RelyingPartyRegistration relyingPartyRegistration) {
        try {
            return decrypter(relyingPartyRegistration).decrypt(encryptedID);
        } catch (Exception e) {
            throw new Saml2Exception(e);
        }
    }

    private static Decrypter decrypter(RelyingPartyRegistration relyingPartyRegistration) {
        ArrayList arrayList = new ArrayList();
        for (Saml2X509Credential saml2X509Credential : relyingPartyRegistration.getDecryptionX509Credentials()) {
            arrayList.add(CredentialSupport.getSimpleCredential(saml2X509Credential.getCertificate(), saml2X509Credential.getPrivateKey()));
        }
        Decrypter decrypter = new Decrypter(null, new CollectionKeyInfoCredentialResolver(arrayList), encryptedKeyResolver);
        decrypter.setRootInNewDocument(true);
        return decrypter;
    }

    private LogoutRequestEncryptedIdUtils() {
    }
}
