package org.springframework.security.saml2.provider.service.registration;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.function.Consumer;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resource.Resource;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter;
import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.impl.CollectionCredentialResolver;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.core.io.ResourceLoader;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.OpenSamlInitializationService;
import org.springframework.security.saml2.provider.service.registration.BaseOpenSamlAssertingPartyMetadataRepository;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/OpenSaml4AssertingPartyMetadataRepository.class */
public final class OpenSaml4AssertingPartyMetadataRepository implements AssertingPartyMetadataRepository {
    private final BaseOpenSamlAssertingPartyMetadataRepository delegate;

    /* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/OpenSaml4AssertingPartyMetadataRepository$CriteriaSetResolverWrapper.class */
    private static final class CriteriaSetResolverWrapper extends BaseOpenSamlAssertingPartyMetadataRepository.MetadataResolverAdapter {
        CriteriaSetResolverWrapper(MetadataResolver metadataResolver) {
            super(metadataResolver);
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.saml2.provider.service.registration.BaseOpenSamlAssertingPartyMetadataRepository.MetadataResolverAdapter
        EntityDescriptor resolveSingle(EntityIdCriterion entityIdCriterion) throws Exception {
            return (EntityDescriptor) this.metadataResolver.resolveSingle(new CriteriaSet(new Criterion[]{entityIdCriterion}));
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.saml2.provider.service.registration.BaseOpenSamlAssertingPartyMetadataRepository.MetadataResolverAdapter
        Iterable<EntityDescriptor> resolve(EntityRoleCriterion entityRoleCriterion) throws Exception {
            return this.metadataResolver.resolve(new CriteriaSet(new Criterion[]{entityRoleCriterion}));
        }
    }

    /* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/OpenSaml4AssertingPartyMetadataRepository$MetadataLocationRepositoryBuilder.class */
    public static final class MetadataLocationRepositoryBuilder {
        private final String metadataLocation;
        private final boolean requireVerificationCredentials;
        private final Collection<Credential> verificationCredentials = new ArrayList();
        private ResourceLoader resourceLoader = new DefaultResourceLoader();

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/OpenSaml4AssertingPartyMetadataRepository$MetadataLocationRepositoryBuilder$SpringResource.class */
        public static final class SpringResource implements Resource {
            private final org.springframework.core.io.Resource resource;

            SpringResource(org.springframework.core.io.Resource resource) {
                this.resource = resource;
            }

            public boolean exists() {
                return this.resource.exists();
            }

            public boolean isReadable() {
                return this.resource.isReadable();
            }

            public boolean isOpen() {
                return this.resource.isOpen();
            }

            public URL getURL() throws IOException {
                return this.resource.getURL();
            }

            public URI getURI() throws IOException {
                return this.resource.getURI();
            }

            public File getFile() throws IOException {
                return this.resource.getFile();
            }

            @NonNull
            public InputStream getInputStream() throws IOException {
                return this.resource.getInputStream();
            }

            public long contentLength() throws IOException {
                return this.resource.contentLength();
            }

            public long lastModified() throws IOException {
                return this.resource.lastModified();
            }

            public Resource createRelativeResource(String str) throws IOException {
                return new SpringResource(this.resource.createRelative(str));
            }

            public String getFilename() {
                return this.resource.getFilename();
            }

            public String getDescription() {
                return this.resource.getDescription();
            }
        }

        MetadataLocationRepositoryBuilder(String str, boolean z) {
            this.metadataLocation = str;
            this.requireVerificationCredentials = !z;
        }

        public MetadataLocationRepositoryBuilder verificationCredentials(Consumer<Collection<Credential>> consumer) {
            consumer.accept(this.verificationCredentials);
            return this;
        }

        public MetadataLocationRepositoryBuilder resourceLoader(ResourceLoader resourceLoader) {
            this.resourceLoader = resourceLoader;
            return this;
        }

        public OpenSaml4AssertingPartyMetadataRepository build() {
            return new OpenSaml4AssertingPartyMetadataRepository(metadataResolver());
        }

        private MetadataResolver metadataResolver() {
            ResourceBackedMetadataResolver resourceBackedMetadataResolver = resourceBackedMetadataResolver();
            Assert.isTrue(!(this.requireVerificationCredentials && this.verificationCredentials.isEmpty()), "Verification credentials are required");
            return initialize(resourceBackedMetadataResolver);
        }

        private ResourceBackedMetadataResolver resourceBackedMetadataResolver() {
            try {
                ResourceBackedMetadataResolver resourceBackedMetadataResolver = new ResourceBackedMetadataResolver(new SpringResource(this.resourceLoader.getResource(this.metadataLocation)));
                if (this.verificationCredentials.isEmpty()) {
                    return resourceBackedMetadataResolver;
                }
                SignatureValidationFilter signatureValidationFilter = new SignatureValidationFilter(new ExplicitKeySignatureTrustEngine(new CollectionCredentialResolver(this.verificationCredentials), DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver()));
                signatureValidationFilter.setRequireSignedRoot(true);
                resourceBackedMetadataResolver.setMetadataFilter(signatureValidationFilter);
                return resourceBackedMetadataResolver;
            } catch (Exception e) {
                throw new Saml2Exception(e);
            }
        }

        private MetadataResolver initialize(ResourceBackedMetadataResolver resourceBackedMetadataResolver) {
            resourceBackedMetadataResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
            return BaseOpenSamlAssertingPartyMetadataRepository.initialize(resourceBackedMetadataResolver);
        }
    }

    public OpenSaml4AssertingPartyMetadataRepository(MetadataResolver metadataResolver) {
        Assert.notNull(metadataResolver, "metadataResolver cannot be null");
        this.delegate = new BaseOpenSamlAssertingPartyMetadataRepository(new CriteriaSetResolverWrapper(metadataResolver));
    }

    @Override // java.lang.Iterable
    @NonNull
    public Iterator<AssertingPartyMetadata> iterator() {
        return this.delegate.iterator();
    }

    @Override // org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadataRepository
    @Nullable
    public AssertingPartyMetadata findByEntityId(String str) {
        return this.delegate.findByEntityId(str);
    }

    public static MetadataLocationRepositoryBuilder withTrustedMetadataLocation(String str) {
        return new MetadataLocationRepositoryBuilder(str, true);
    }

    public static MetadataLocationRepositoryBuilder withMetadataLocation(String str) {
        return new MetadataLocationRepositoryBuilder(str, false);
    }

    static {
        OpenSamlInitializationService.initialize();
    }
}
