package org.springframework.security.saml2.provider.service.registration;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.Criterion;
import net.shibboleth.shared.xml.SerializeSupport;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.Unmarshaller;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.saml.ext.saml2delrestrict.Delegate;
import org.opensaml.saml.ext.saml2delrestrict.DelegationRestrictionType;
import org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.Condition;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.EncryptedAttribute;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusResponseType;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver;
import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.credential.criteria.impl.EvaluableEntityIDCredentialCriterion;
import org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion;
import org.opensaml.security.credential.impl.CollectionCredentialResolver;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion;
import org.opensaml.xmlsec.crypto.XMLSigningUtil;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration;
import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager;
import org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager;
import org.opensaml.xmlsec.keyinfo.impl.CollectionKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureSupport;
import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.Saml2Error;
import org.springframework.security.saml2.core.Saml2ErrorCodes;
import org.springframework.security.saml2.core.Saml2ParameterNames;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.OpenSamlOperations;
import org.springframework.util.Assert;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;
import org.w3c.dom.Element;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.4.5.jar:org/springframework/security/saml2/provider/service/registration/OpenSaml5Template.class */
public final class OpenSaml5Template implements OpenSamlOperations {
    private static final Log logger = LogFactory.getLog((Class<?>) OpenSaml5Template.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.4.5.jar:org/springframework/security/saml2/provider/service/registration/OpenSaml5Template$OpenSaml5DecryptionConfigurer.class */
    public static final class OpenSaml5DecryptionConfigurer implements OpenSamlOperations.DecryptionConfigurer {
        private static final EncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(Arrays.asList(new InlineEncryptedKeyResolver(), new EncryptedElementTypeEncryptedKeyResolver(), new SimpleRetrievalMethodEncryptedKeyResolver()));
        private final Decrypter decrypter;

        OpenSaml5DecryptionConfigurer(Collection<Saml2X509Credential> collection) {
            this.decrypter = decrypter(collection);
        }

        private static Decrypter decrypter(Collection<Saml2X509Credential> collection) {
            ArrayList arrayList = new ArrayList();
            for (Saml2X509Credential saml2X509Credential : collection) {
                arrayList.add(CredentialSupport.getSimpleCredential(saml2X509Credential.getCertificate(), saml2X509Credential.getPrivateKey()));
            }
            Decrypter decrypter = new Decrypter(null, new CollectionKeyInfoCredentialResolver(arrayList), encryptedKeyResolver);
            decrypter.setRootInNewDocument(true);
            return decrypter;
        }

        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.DecryptionConfigurer
        public void decrypt(XMLObject xMLObject) {
            if (xMLObject instanceof Response) {
                decryptResponse((Response) xMLObject);
                return;
            }
            if (xMLObject instanceof Assertion) {
                decryptAssertion((Assertion) xMLObject);
            }
            if (xMLObject instanceof LogoutRequest) {
                decryptLogoutRequest((LogoutRequest) xMLObject);
            }
        }

        private void decryptResponse(Response response) {
            ArrayList arrayList = new ArrayList();
            int i = 0;
            int size = response.getEncryptedAssertions().size();
            for (EncryptedAssertion encryptedAssertion : response.getEncryptedAssertions()) {
                OpenSaml5Template.logger.trace(String.format("Decrypting EncryptedAssertion (%d/%d) in Response [%s]", Integer.valueOf(i), Integer.valueOf(size), response.getID()));
                try {
                    Assertion decrypt = this.decrypter.decrypt(encryptedAssertion);
                    if (decrypt != null) {
                        arrayList.add(decrypt);
                    }
                    i++;
                } catch (DecryptionException e) {
                    throw new Saml2Exception(e);
                }
            }
            response.getAssertions().addAll(arrayList);
            if (arrayList.isEmpty()) {
                return;
            }
            try {
                XMLObjectSupport.marshall(response);
            } catch (MarshallingException e2) {
                throw new Saml2Exception(e2);
            }
        }

        private void decryptAssertion(Assertion assertion) {
            Iterator<AttributeStatement> it = assertion.getAttributeStatements().iterator();
            while (it.hasNext()) {
                decryptAttributes(it.next());
            }
            decryptSubject(assertion.getSubject());
            if (assertion.getConditions() != null) {
                for (Condition condition : assertion.getConditions().getConditions()) {
                    if (condition instanceof DelegationRestrictionType) {
                        for (Delegate delegate : ((DelegationRestrictionType) condition).getDelegates()) {
                            if (delegate.getEncryptedID() != null) {
                                try {
                                    NameID nameID = (NameID) this.decrypter.decrypt(delegate.getEncryptedID());
                                    if (nameID != null) {
                                        delegate.setNameID(nameID);
                                    }
                                } catch (DecryptionException e) {
                                    throw new Saml2Exception(e);
                                }
                            }
                        }
                    }
                }
            }
        }

        private void decryptAttributes(AttributeStatement attributeStatement) {
            ArrayList arrayList = new ArrayList();
            Iterator<EncryptedAttribute> it = attributeStatement.getEncryptedAttributes().iterator();
            while (it.hasNext()) {
                try {
                    Attribute decrypt = this.decrypter.decrypt(it.next());
                    if (decrypt != null) {
                        arrayList.add(decrypt);
                    }
                } catch (Exception e) {
                    throw new Saml2Exception(e);
                }
            }
            attributeStatement.getAttributes().addAll(arrayList);
        }

        private void decryptSubject(Subject subject) {
            if (subject != null) {
                if (subject.getEncryptedID() != null) {
                    try {
                        NameID nameID = (NameID) this.decrypter.decrypt(subject.getEncryptedID());
                        if (nameID != null) {
                            subject.setNameID(nameID);
                        }
                    } catch (DecryptionException e) {
                        throw new Saml2Exception(e);
                    }
                }
                for (SubjectConfirmation subjectConfirmation : subject.getSubjectConfirmations()) {
                    if (subjectConfirmation.getEncryptedID() != null) {
                        try {
                            NameID nameID2 = (NameID) this.decrypter.decrypt(subjectConfirmation.getEncryptedID());
                            if (nameID2 != null) {
                                subjectConfirmation.setNameID(nameID2);
                            }
                        } catch (DecryptionException e2) {
                            throw new Saml2Exception(e2);
                        }
                    }
                }
            }
        }

        private void decryptLogoutRequest(LogoutRequest logoutRequest) {
            if (logoutRequest.getEncryptedID() != null) {
                try {
                    NameID nameID = (NameID) this.decrypter.decrypt(logoutRequest.getEncryptedID());
                    if (nameID != null) {
                        logoutRequest.setNameID(nameID);
                    }
                } catch (DecryptionException e) {
                    throw new Saml2Exception(e);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.4.5.jar:org/springframework/security/saml2/provider/service/registration/OpenSaml5Template$OpenSaml5SerializationConfigurer.class */
    public static final class OpenSaml5SerializationConfigurer implements OpenSamlOperations.SerializationConfigurer<OpenSaml5SerializationConfigurer> {
        private final Element element;
        boolean pretty;

        OpenSaml5SerializationConfigurer(Element element) {
            this.element = element;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.SerializationConfigurer
        public OpenSaml5SerializationConfigurer prettyPrint(boolean z) {
            this.pretty = z;
            return this;
        }

        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.SerializationConfigurer
        public String serialize() {
            return this.pretty ? SerializeSupport.prettyPrintXML(this.element) : SerializeSupport.nodeToString(this.element);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.4.5.jar:org/springframework/security/saml2/provider/service/registration/OpenSaml5Template$OpenSaml5SignatureConfigurer.class */
    public static final class OpenSaml5SignatureConfigurer implements OpenSamlOperations.SignatureConfigurer<OpenSaml5SignatureConfigurer> {
        private final Collection<Saml2X509Credential> credentials;
        private final Map<String, String> components = new LinkedHashMap();
        private List<String> algs = List.of("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

        OpenSaml5SignatureConfigurer(Collection<Saml2X509Credential> collection) {
            this.credentials = collection;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.SignatureConfigurer
        public OpenSaml5SignatureConfigurer algorithms(List<String> list) {
            this.algs = list;
            return this;
        }

        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.SignatureConfigurer
        public <O extends SignableXMLObject> O sign(O o) {
            try {
                SignatureSupport.signObject(o, resolveSigningParameters());
                return o;
            } catch (Exception e) {
                throw new Saml2Exception(e);
            }
        }

        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.SignatureConfigurer
        public Map<String, String> sign(Map<String, String> map) {
            SignatureSigningParameters resolveSigningParameters = resolveSigningParameters();
            this.components.putAll(map);
            Credential signingCredential = resolveSigningParameters.getSigningCredential();
            String signatureAlgorithm = resolveSigningParameters.getSignatureAlgorithm();
            this.components.put(Saml2ParameterNames.SIG_ALG, signatureAlgorithm);
            UriComponentsBuilder newInstance = UriComponentsBuilder.newInstance();
            for (Map.Entry<String, String> entry : this.components.entrySet()) {
                newInstance.queryParam(entry.getKey(), UriUtils.encode(entry.getValue(), StandardCharsets.ISO_8859_1));
            }
            try {
                this.components.put("Signature", Saml2Utils.samlEncode(XMLSigningUtil.signWithURI(signingCredential, signatureAlgorithm, newInstance.build(true).toString().substring(1).getBytes(StandardCharsets.UTF_8))));
                return this.components;
            } catch (SecurityException e) {
                throw new Saml2Exception(e);
            }
        }

        private SignatureSigningParameters resolveSigningParameters() {
            List<Credential> resolveSigningCredentials = resolveSigningCredentials();
            List<String> singletonList = Collections.singletonList("http://www.w3.org/2001/04/xmlenc#sha256");
            SAMLMetadataSignatureSigningParametersResolver sAMLMetadataSignatureSigningParametersResolver = new SAMLMetadataSignatureSigningParametersResolver();
            BasicSignatureSigningConfiguration basicSignatureSigningConfiguration = new BasicSignatureSigningConfiguration();
            basicSignatureSigningConfiguration.setSigningCredentials(resolveSigningCredentials);
            basicSignatureSigningConfiguration.setSignatureAlgorithms(this.algs);
            basicSignatureSigningConfiguration.setSignatureReferenceDigestMethods(singletonList);
            basicSignatureSigningConfiguration.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            basicSignatureSigningConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager());
            try {
                SignatureSigningParameters resolveSingle = sAMLMetadataSignatureSigningParametersResolver.resolveSingle((SAMLMetadataSignatureSigningParametersResolver) new CriteriaSet(new Criterion[]{new SignatureSigningConfigurationCriterion(basicSignatureSigningConfiguration)}));
                Assert.notNull(resolveSingle, "Failed to resolve any signing credential");
                return resolveSingle;
            } catch (Exception e) {
                throw new Saml2Exception(e);
            }
        }

        private NamedKeyInfoGeneratorManager buildSignatureKeyInfoGeneratorManager() {
            NamedKeyInfoGeneratorManager namedKeyInfoGeneratorManager = new NamedKeyInfoGeneratorManager();
            namedKeyInfoGeneratorManager.setUseDefaultManager(true);
            KeyInfoGeneratorManager defaultManager = namedKeyInfoGeneratorManager.getDefaultManager();
            X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
            x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
            x509KeyInfoGeneratorFactory.setEmitEntityCertificateChain(true);
            defaultManager.registerFactory(x509KeyInfoGeneratorFactory);
            return namedKeyInfoGeneratorManager;
        }

        private List<Credential> resolveSigningCredentials() {
            ArrayList arrayList = new ArrayList();
            for (Saml2X509Credential saml2X509Credential : this.credentials) {
                BasicX509Credential simpleCredential = CredentialSupport.getSimpleCredential(saml2X509Credential.getCertificate(), saml2X509Credential.getPrivateKey());
                simpleCredential.setUsageType(UsageType.SIGNING);
                arrayList.add(simpleCredential);
            }
            return arrayList;
        }

        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.SignatureConfigurer
        public /* bridge */ /* synthetic */ OpenSaml5SignatureConfigurer algorithms(List list) {
            return algorithms((List<String>) list);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.4.5.jar:org/springframework/security/saml2/provider/service/registration/OpenSaml5Template$OpenSaml5VerificationConfigurer.class */
    public static final class OpenSaml5VerificationConfigurer implements OpenSamlOperations.VerificationConfigurer {
        private final Collection<Saml2X509Credential> credentials;
        private String entityId;

        OpenSaml5VerificationConfigurer(Collection<Saml2X509Credential> collection) {
            this.credentials = collection;
        }

        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.VerificationConfigurer
        public OpenSamlOperations.VerificationConfigurer entityId(String str) {
            this.entityId = str;
            return this;
        }

        private SignatureTrustEngine trustEngine(Collection<Saml2X509Credential> collection) {
            HashSet hashSet = new HashSet();
            Iterator<Saml2X509Credential> it = collection.iterator();
            while (it.hasNext()) {
                BasicX509Credential basicX509Credential = new BasicX509Credential(it.next().getCertificate());
                basicX509Credential.setUsageType(UsageType.SIGNING);
                basicX509Credential.setEntityId(this.entityId);
                hashSet.add(basicX509Credential);
            }
            return new ExplicitKeySignatureTrustEngine(new CollectionCredentialResolver(hashSet), DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
        }

        private CriteriaSet verificationCriteria(Issuer issuer) {
            return new CriteriaSet(new Criterion[]{new EvaluableEntityIDCredentialCriterion(new EntityIdCriterion(issuer.getValue())), new EvaluableProtocolRoleDescriptorCriterion(new ProtocolCriterion(SAMLConstants.SAML20P_NS)), new EvaluableUsageCredentialCriterion(new UsageCriterion(UsageType.SIGNING))});
        }

        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.VerificationConfigurer
        public Collection<Saml2Error> verify(SignableXMLObject signableXMLObject) {
            if (signableXMLObject instanceof StatusResponseType) {
                StatusResponseType statusResponseType = (StatusResponseType) signableXMLObject;
                return verifySignature(statusResponseType.getID(), statusResponseType.getIssuer(), statusResponseType.getSignature());
            }
            if (signableXMLObject instanceof RequestAbstractType) {
                RequestAbstractType requestAbstractType = (RequestAbstractType) signableXMLObject;
                return verifySignature(requestAbstractType.getID(), requestAbstractType.getIssuer(), requestAbstractType.getSignature());
            }
            if (!(signableXMLObject instanceof Assertion)) {
                throw new Saml2Exception("Unsupported object of type: " + signableXMLObject.getClass().getName());
            }
            Assertion assertion = (Assertion) signableXMLObject;
            return verifySignature(assertion.getID(), assertion.getIssuer(), assertion.getSignature());
        }

        private Collection<Saml2Error> verifySignature(String str, Issuer issuer, Signature signature) {
            SignatureTrustEngine trustEngine = trustEngine(this.credentials);
            CriteriaSet verificationCriteria = verificationCriteria(issuer);
            ArrayList arrayList = new ArrayList();
            try {
                new SAMLSignatureProfileValidator().validate(signature);
            } catch (Exception e) {
                arrayList.add(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE, "Invalid signature for object [" + str + "]: "));
            }
            try {
                if (!trustEngine.validate(signature, verificationCriteria)) {
                    arrayList.add(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE, "Invalid signature for object [" + str + "]"));
                }
            } catch (Exception e2) {
                arrayList.add(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE, "Invalid signature for object [" + str + "]: "));
            }
            return arrayList;
        }

        @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations.VerificationConfigurer
        public Collection<Saml2Error> verify(OpenSamlOperations.VerificationConfigurer.RedirectParameters redirectParameters) {
            SignatureTrustEngine trustEngine = trustEngine(this.credentials);
            CriteriaSet verificationCriteria = verificationCriteria(redirectParameters.getIssuer());
            if (redirectParameters.getAlgorithm() == null) {
                return Collections.singletonList(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE, "Missing signature algorithm for object [" + redirectParameters.getId() + "]"));
            }
            if (!redirectParameters.hasSignature()) {
                return Collections.singletonList(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE, "Missing signature for object [" + redirectParameters.getId() + "]"));
            }
            ArrayList arrayList = new ArrayList();
            try {
                if (!trustEngine.validate(redirectParameters.getSignature(), redirectParameters.getContent(), redirectParameters.getAlgorithm(), verificationCriteria, (Credential) null)) {
                    arrayList.add(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE, "Invalid signature for object [" + redirectParameters.getId() + "]"));
                }
            } catch (Exception e) {
                arrayList.add(new Saml2Error(Saml2ErrorCodes.INVALID_SIGNATURE, "Invalid signature for object [" + redirectParameters.getId() + "]: "));
            }
            return arrayList;
        }
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public <T extends XMLObject> T build(QName qName) {
        XMLObjectBuilder<?> builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new Saml2Exception("Unable to resolve Builder for " + String.valueOf(qName));
        }
        return (T) builder.buildObject(qName);
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public <T extends XMLObject> T deserialize(String str) {
        return (T) deserialize(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public <T extends XMLObject> T deserialize(InputStream inputStream) {
        try {
            Element documentElement = XMLObjectProviderRegistrySupport.getParserPool().parse(inputStream).getDocumentElement();
            Unmarshaller unmarshaller = XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(documentElement);
            if (unmarshaller == null) {
                throw new Saml2Exception("Unsupported element of type " + documentElement.getTagName());
            }
            return (T) unmarshaller.unmarshall(documentElement);
        } catch (Saml2Exception e) {
            throw e;
        } catch (Exception e2) {
            throw new Saml2Exception("Failed to deserialize payload", e2);
        }
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public OpenSaml5SerializationConfigurer serialize(XMLObject xMLObject) {
        try {
            return serialize(XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject));
        } catch (MarshallingException e) {
            throw new Saml2Exception(e);
        }
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public OpenSaml5SerializationConfigurer serialize(Element element) {
        return new OpenSaml5SerializationConfigurer(element);
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public OpenSaml5SignatureConfigurer withSigningKeys(Collection<Saml2X509Credential> collection) {
        return new OpenSaml5SignatureConfigurer(collection);
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public OpenSaml5VerificationConfigurer withVerificationKeys(Collection<Saml2X509Credential> collection) {
        return new OpenSaml5VerificationConfigurer(collection);
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public OpenSaml5DecryptionConfigurer withDecryptionKeys(Collection<Saml2X509Credential> collection) {
        return new OpenSaml5DecryptionConfigurer(collection);
    }

    OpenSaml5Template() {
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public /* bridge */ /* synthetic */ OpenSamlOperations.DecryptionConfigurer withDecryptionKeys(Collection collection) {
        return withDecryptionKeys((Collection<Saml2X509Credential>) collection);
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public /* bridge */ /* synthetic */ OpenSamlOperations.VerificationConfigurer withVerificationKeys(Collection collection) {
        return withVerificationKeys((Collection<Saml2X509Credential>) collection);
    }

    @Override // org.springframework.security.saml2.provider.service.registration.OpenSamlOperations
    public /* bridge */ /* synthetic */ OpenSamlOperations.SignatureConfigurer withSigningKeys(Collection collection) {
        return withSigningKeys((Collection<Saml2X509Credential>) collection);
    }
}
