package org.apereo.cas.support.wsfederation.authentication.crypto;

import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.List;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.wsfederation.WsFederationConfiguration;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.crypto.CertUtils;
import org.jooq.lambda.Unchecked;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.x509.BasicX509Credential;
import org.springframework.util.StringUtils;

@FunctionalInterface
/* loaded from: input_file:org/apereo/cas/support/wsfederation/authentication/crypto/WsFederationCertificateProvider.class */
public interface WsFederationCertificateProvider {
    static WsFederationCertificateProvider getProvider(WsFederationConfiguration wsFederationConfiguration, OpenSamlConfigBean openSamlConfigBean) {
        ChainingWsFederationCertificateProvider chainingWsFederationCertificateProvider = new ChainingWsFederationCertificateProvider();
        StringUtils.commaDelimitedListToSet(wsFederationConfiguration.getSigningCertificates()).stream().map(Unchecked.function(ResourceUtils::getRawResourceFrom)).forEach(abstractResource -> {
            if (StringUtils.hasText(abstractResource.getFilename()) && abstractResource.getFilename().endsWith(".xml")) {
                chainingWsFederationCertificateProvider.addProvider(new WsFederationMetadataCertificateProvider(abstractResource, wsFederationConfiguration, openSamlConfigBean));
            } else {
                chainingWsFederationCertificateProvider.addProvider(new WsFederationStaticCertificateProvider(abstractResource));
            }
        });
        return chainingWsFederationCertificateProvider;
    }

    static Credential readCredential(InputStream inputStream) throws Exception {
        return new BasicX509Credential((X509Certificate) CertUtils.getCertificateFactory().generateCertificate(inputStream));
    }

    List<Credential> getSigningCredentials() throws Exception;
}
