package cat.gencat.ctti.canigo.arch.security.saml.authentication.credentials;

import cat.gencat.ctti.canigo.arch.security.saml.validation.credentials.SAMLCredentials;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.opensaml.Configuration;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.MetadataManager;

/* loaded from: input_file:cat/gencat/ctti/canigo/arch/security/saml/authentication/credentials/SAMLIdPMetadataManagerCredentials.class */
public class SAMLIdPMetadataManagerCredentials implements SAMLCredentials {
    private String idpEntityId;
    private MetadataProvider metadataProvider;

    public SAMLIdPMetadataManagerCredentials(String str) {
        this.idpEntityId = str;
    }

    public void init(MetadataManager metadataManager) throws MetadataProviderException {
        this.metadataProvider = getMetadataProvider(metadataManager);
    }

    private MetadataProvider getMetadataProvider(MetadataManager metadataManager) throws MetadataProviderException {
        Iterator it = metadataManager.getAvailableProviders().iterator();
        while (it.hasNext()) {
            MetadataProvider delegate = ((ExtendedMetadataDelegate) it.next()).getDelegate();
            EntityDescriptor entityDescriptor = delegate.getEntityDescriptor(this.idpEntityId);
            if (entityDescriptor != null && entityDescriptor.isValid()) {
                return delegate;
            }
        }
        return null;
    }

    public Credential getSigningCredential() throws SecurityException {
        return certificateCredential(UsageType.SIGNING);
    }

    public Credential getEncryptionCredential() throws SecurityException {
        return certificateCredential(UsageType.ENCRYPTION);
    }

    private BasicX509Credential certificateCredential(UsageType usageType) throws SecurityException {
        KeyInfoCredentialResolver defaultKeyInfoCredentialResolver = Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver();
        MetadataCredentialResolver metadataCredentialResolver = new MetadataCredentialResolver(this.metadataProvider);
        metadataCredentialResolver.setKeyInfoCredentialResolver(defaultKeyInfoCredentialResolver);
        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIDCriteria(this.idpEntityId));
        criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, "urn:oasis:names:tc:SAML:2.0:protocol"));
        criteriaSet.add(new UsageCriteria(usageType));
        X509Certificate entityCertificate = metadataCredentialResolver.resolveSingle(criteriaSet).getEntityCertificate();
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        basicX509Credential.setEntityCertificate(entityCertificate);
        return basicX509Credential;
    }
}
