package org.apereo.cas.support.wsfederation.authentication.crypto;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.Collections;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import lombok.Generated;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.Criterion;
import org.apereo.cas.support.saml.InMemoryResourceMetadataResolver;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.wsfederation.WsFederationConfiguration;
import org.apereo.cas.util.EncodingUtils;
import org.jooq.lambda.Unchecked;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:org/apereo/cas/support/wsfederation/authentication/crypto/WsFederationMetadataCertificateProvider.class */
public class WsFederationMetadataCertificateProvider implements WsFederationCertificateProvider {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(WsFederationMetadataCertificateProvider.class);
    private final Resource metadataResource;
    private final WsFederationConfiguration configuration;
    private final OpenSamlConfigBean openSamlConfigBean;

    @Override // org.apereo.cas.support.wsfederation.authentication.crypto.WsFederationCertificateProvider
    public List<Credential> getSigningCredentials() throws Exception {
        InputStream inputStream = this.metadataResource.getInputStream();
        try {
            InMemoryResourceMetadataResolver inMemoryResourceMetadataResolver = new InMemoryResourceMetadataResolver(inputStream, this.openSamlConfigBean);
            inMemoryResourceMetadataResolver.setId(UUID.randomUUID().toString());
            inMemoryResourceMetadataResolver.initialize();
            CriteriaSet criteriaSet = new CriteriaSet(new Criterion[]{new EntityIdCriterion(this.configuration.getIdentityProviderIdentifier()), new EvaluableEntityRoleEntityDescriptorCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME)});
            LOGGER.debug("Locating entity descriptor in the metadata for [{}]", this.configuration.getIdentityProviderIdentifier());
            List list = (List) ((RoleDescriptor) inMemoryResourceMetadataResolver.resolveSingle(criteriaSet).getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME).get(0)).getKeyDescriptors().stream().filter(keyDescriptor -> {
                return keyDescriptor.getUse() == UsageType.SIGNING;
            }).collect(Collectors.toList());
            Collections.reverse(list);
            List<Credential> list2 = (List) list.stream().map((v0) -> {
                return v0.getKeyInfo();
            }).map((v0) -> {
                return v0.getX509Datas();
            }).flatMap((v0) -> {
                return v0.stream();
            }).map((v0) -> {
                return v0.getX509Certificates();
            }).flatMap((v0) -> {
                return v0.stream();
            }).map(Unchecked.function(x509Certificate -> {
                LOGGER.debug("Parsing signing certificate [{}]", x509Certificate.getValue());
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(EncodingUtils.decodeBase64(x509Certificate.getValue()));
                try {
                    Credential readCredential = WsFederationCertificateProvider.readCredential(byteArrayInputStream);
                    byteArrayInputStream.close();
                    return readCredential;
                } catch (Throwable th) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            })).collect(Collectors.toList());
            if (inputStream != null) {
                inputStream.close();
            }
            return list2;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Generated
    public WsFederationMetadataCertificateProvider(Resource resource, WsFederationConfiguration wsFederationConfiguration, OpenSamlConfigBean openSamlConfigBean) {
        this.metadataResource = resource;
        this.configuration = wsFederationConfiguration;
        this.openSamlConfigBean = openSamlConfigBean;
    }
}
