package org.springframework.security.saml2.core;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-service-provider-5.6.0.jar:org/springframework/security/saml2/core/Saml2X509Credential.class */
public final class Saml2X509Credential {
    private final PrivateKey privateKey;
    private final X509Certificate certificate;
    private final Set<Saml2X509CredentialType> credentialTypes;

    /* loaded from: input_file:WEB-INF/lib/spring-security-saml2-service-provider-5.6.0.jar:org/springframework/security/saml2/core/Saml2X509Credential$Saml2X509CredentialType.class */
    public enum Saml2X509CredentialType {
        VERIFICATION,
        ENCRYPTION,
        SIGNING,
        DECRYPTION
    }

    public Saml2X509Credential(X509Certificate x509Certificate, Saml2X509CredentialType... saml2X509CredentialTypeArr) {
        this(null, false, x509Certificate, saml2X509CredentialTypeArr);
        validateUsages(saml2X509CredentialTypeArr, Saml2X509CredentialType.VERIFICATION, Saml2X509CredentialType.ENCRYPTION);
    }

    public Saml2X509Credential(PrivateKey privateKey, X509Certificate x509Certificate, Saml2X509CredentialType... saml2X509CredentialTypeArr) {
        this(privateKey, true, x509Certificate, saml2X509CredentialTypeArr);
        validateUsages(saml2X509CredentialTypeArr, Saml2X509CredentialType.SIGNING, Saml2X509CredentialType.DECRYPTION);
    }

    public Saml2X509Credential(PrivateKey privateKey, X509Certificate x509Certificate, Set<Saml2X509CredentialType> set) {
        Assert.notNull(x509Certificate, "certificate cannot be null");
        Assert.notNull(set, "credentialTypes cannot be null");
        this.privateKey = privateKey;
        this.certificate = x509Certificate;
        this.credentialTypes = set;
    }

    public static Saml2X509Credential encryption(X509Certificate x509Certificate) {
        return new Saml2X509Credential(x509Certificate, Saml2X509CredentialType.ENCRYPTION);
    }

    public static Saml2X509Credential verification(X509Certificate x509Certificate) {
        return new Saml2X509Credential(x509Certificate, Saml2X509CredentialType.VERIFICATION);
    }

    public static Saml2X509Credential decryption(PrivateKey privateKey, X509Certificate x509Certificate) {
        return new Saml2X509Credential(privateKey, x509Certificate, Saml2X509CredentialType.DECRYPTION);
    }

    public static Saml2X509Credential signing(PrivateKey privateKey, X509Certificate x509Certificate) {
        return new Saml2X509Credential(privateKey, x509Certificate, Saml2X509CredentialType.SIGNING);
    }

    private Saml2X509Credential(PrivateKey privateKey, boolean z, X509Certificate x509Certificate, Saml2X509CredentialType... saml2X509CredentialTypeArr) {
        Assert.notNull(x509Certificate, "certificate cannot be null");
        Assert.notEmpty(saml2X509CredentialTypeArr, "credentials types cannot be empty");
        if (z) {
            Assert.notNull(privateKey, "privateKey cannot be null");
        }
        this.privateKey = privateKey;
        this.certificate = x509Certificate;
        this.credentialTypes = new LinkedHashSet(Arrays.asList(saml2X509CredentialTypeArr));
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public boolean isSigningCredential() {
        return getCredentialTypes().contains(Saml2X509CredentialType.SIGNING);
    }

    public boolean isDecryptionCredential() {
        return getCredentialTypes().contains(Saml2X509CredentialType.DECRYPTION);
    }

    public boolean isVerificationCredential() {
        return getCredentialTypes().contains(Saml2X509CredentialType.VERIFICATION);
    }

    public boolean isEncryptionCredential() {
        return getCredentialTypes().contains(Saml2X509CredentialType.ENCRYPTION);
    }

    public Set<Saml2X509CredentialType> getCredentialTypes() {
        return this.credentialTypes;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        Saml2X509Credential saml2X509Credential = (Saml2X509Credential) obj;
        return Objects.equals(this.privateKey, saml2X509Credential.privateKey) && this.certificate.equals(saml2X509Credential.certificate) && this.credentialTypes.equals(saml2X509Credential.credentialTypes);
    }

    public int hashCode() {
        return Objects.hash(this.privateKey, this.certificate, this.credentialTypes);
    }

    private void validateUsages(Saml2X509CredentialType[] saml2X509CredentialTypeArr, Saml2X509CredentialType... saml2X509CredentialTypeArr2) {
        for (Saml2X509CredentialType saml2X509CredentialType : saml2X509CredentialTypeArr) {
            boolean z = false;
            int length = saml2X509CredentialTypeArr2.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (saml2X509CredentialType == saml2X509CredentialTypeArr2[i]) {
                    z = true;
                    break;
                }
                i++;
            }
            Assert.state(z, (Supplier<String>) () -> {
                return saml2X509CredentialType + " is not a valid usage for this credential";
            });
        }
    }
}
