package cat.gencat.ctti.canigo.arch.security.saml.validation.metadata;

import java.security.cert.X509Certificate;
import org.opensaml.Configuration;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.security.x509.X509Credential;

/* loaded from: input_file:cat/gencat/ctti/canigo/arch/security/saml/validation/metadata/AbstractSAMLIdPMetadata.class */
public abstract class AbstractSAMLIdPMetadata implements SAMLIdPMetadata {
    protected static final long DEFAULT_MAX_REFRESH = 600000;
    protected static final long DEFAULT_MIN_REFRESH = 300000;
    protected String entityId;
    private Long maxRefreshDelay;
    private Long minRefreshDelay;
    protected MetadataProvider idpMetadataResolver;

    @Override // cat.gencat.ctti.canigo.arch.security.saml.validation.metadata.SAMLIdPMetadata
    public void init(String str) {
        this.entityId = str;
    }

    protected X509Credential getX509Credential(UsageType usageType) throws SecurityException {
        KeyInfoCredentialResolver defaultKeyInfoCredentialResolver = Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver();
        MetadataCredentialResolver metadataCredentialResolver = new MetadataCredentialResolver(this.idpMetadataResolver);
        metadataCredentialResolver.setKeyInfoCredentialResolver(defaultKeyInfoCredentialResolver);
        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIDCriteria(this.entityId));
        criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, "urn:oasis:names:tc:SAML:2.0:protocol"));
        criteriaSet.add(new UsageCriteria(usageType));
        return metadataCredentialResolver.resolveSingle(criteriaSet);
    }

    protected X509Certificate getCertificate(UsageType usageType) throws SecurityException {
        return getX509Credential(usageType).getEntityCertificate();
    }

    @Override // cat.gencat.ctti.canigo.arch.security.saml.validation.metadata.SAMLIdPMetadata
    public X509Certificate getSigningCertificate() throws SecurityException {
        return getCertificate(UsageType.SIGNING);
    }

    @Override // cat.gencat.ctti.canigo.arch.security.saml.validation.metadata.SAMLIdPMetadata
    public X509Certificate getEncryptionCertificate() throws SecurityException {
        return getCertificate(UsageType.ENCRYPTION);
    }

    @Override // cat.gencat.ctti.canigo.arch.security.saml.validation.metadata.SAMLIdPMetadata
    public MetadataProvider retrieveMetadata(String str) throws MetadataProviderException {
        AbstractReloadingMetadataProvider metadataResolver = getMetadataResolver(str);
        metadataResolver.setMaxRefreshDelay(getMaxRefreshDelay().longValue());
        metadataResolver.setMinRefreshDelay(getMinRefreshDelay().intValue());
        metadataResolver.setRequireValidMetadata(true);
        metadataResolver.setParserPool(new BasicParserPool());
        metadataResolver.initialize();
        this.idpMetadataResolver = metadataResolver;
        return metadataResolver;
    }

    public Long getMaxRefreshDelay() {
        return this.maxRefreshDelay == null ? Long.valueOf(DEFAULT_MAX_REFRESH) : this.maxRefreshDelay;
    }

    public void setMaxRefreshDelay(Long l) {
        this.maxRefreshDelay = l;
    }

    public Long getMinRefreshDelay() {
        return this.minRefreshDelay == null ? Long.valueOf(DEFAULT_MIN_REFRESH) : this.minRefreshDelay;
    }

    public void setMinRefreshDelay(Long l) {
        this.minRefreshDelay = l;
    }

    protected abstract AbstractReloadingMetadataProvider getMetadataResolver(String str) throws MetadataProviderException;

    @Override // cat.gencat.ctti.canigo.arch.security.saml.validation.metadata.SAMLIdPMetadata
    public void setRefreshDelays(long j, long j2) {
        if (j > 0) {
            setMinRefreshDelay(Long.valueOf(j));
        }
        if (j2 > 0) {
            setMaxRefreshDelay(Long.valueOf(j2));
        }
    }
}
