package org.xacml4j.opensaml;

import com.google.common.base.Preconditions;
import org.opensaml.saml2.metadata.AuthzService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.PDPDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
import org.opensaml.xml.util.DatatypeHelper;

/* loaded from: input_file:org/xacml4j/opensaml/DefaultIDPConfiguration.class */
public class DefaultIDPConfiguration implements IDPConfiguration {
    private static final String SAML20_PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol";
    private final EntityDescriptor localEntity;
    private final SignatureTrustEngine trustEngine;
    private final Credential idpSigningCredential;

    public DefaultIDPConfiguration(String str, MetadataProvider metadataProvider, Credential credential) throws MetadataProviderException {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(metadataProvider);
        Preconditions.checkNotNull(credential);
        this.localEntity = metadataProvider.getEntityDescriptor(str);
        Preconditions.checkState(this.localEntity != null);
        this.trustEngine = createDefaultSignatureTrustEngine(metadataProvider);
        this.idpSigningCredential = credential;
    }

    @Override // org.xacml4j.opensaml.IDPConfiguration
    public EntityDescriptor getLocalEntity() {
        return this.localEntity;
    }

    @Override // org.xacml4j.opensaml.IDPConfiguration
    public SignatureTrustEngine getSignatureTrustEngine() {
        return this.trustEngine;
    }

    @Override // org.xacml4j.opensaml.IDPConfiguration
    public AuthzService getAuthzServiceByLocation(String str) {
        PDPDescriptor pDPDescriptor = this.localEntity.getPDPDescriptor(SAML20_PROTOCOL);
        if (pDPDescriptor == null) {
            return null;
        }
        for (AuthzService authzService : pDPDescriptor.getAuthzServices()) {
            if (DatatypeHelper.safeEquals(str, authzService.getLocation())) {
                return authzService;
            }
        }
        return null;
    }

    @Override // org.xacml4j.opensaml.IDPConfiguration
    public Credential getSigningCredential() {
        return this.idpSigningCredential;
    }

    private static SignatureTrustEngine createDefaultSignatureTrustEngine(MetadataProvider metadataProvider) {
        return new ExplicitKeySignatureTrustEngine(new MetadataCredentialResolver(metadataProvider), Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
    }
}
