package com.appiancorp.security.auth.saml;

import com.appiancorp.suite.cfg.SamlConfiguration;
import com.google.common.collect.Maps;
import java.util.Map;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.log4j.Logger;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver;
import org.opensaml.saml.security.impl.MetadataCredentialResolver;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;

/* loaded from: input_file:com/appiancorp/security/auth/saml/AppianMetadataCredentialResolver.class */
public class AppianMetadataCredentialResolver implements CredentialResolver {
    private static final Logger LOG = Logger.getLogger(AppianMetadataCredentialResolver.class);
    private final SamlConfiguration samlConfiguration;
    private final KeyInfoCredentialResolver keyInfoCredentialResolver;
    private Map<String, CredentialResolver> credentialResolvers = Maps.newHashMap();

    public AppianMetadataCredentialResolver(SamlConfiguration samlConfiguration, KeyInfoCredentialResolver keyInfoCredentialResolver) {
        this.samlConfiguration = samlConfiguration;
        this.keyInfoCredentialResolver = keyInfoCredentialResolver;
    }

    public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws ResolverException {
        return getMetadataCredentialResolver().resolve(criteriaSet);
    }

    public Credential resolveSingle(CriteriaSet criteriaSet) throws ResolverException {
        return (Credential) getMetadataCredentialResolver().resolveSingle(criteriaSet);
    }

    private CredentialResolver getMetadataCredentialResolver() throws ResolverException {
        String idpMetadataUuid = this.samlConfiguration.getIdpMetadataUuid();
        CredentialResolver credentialResolver = this.credentialResolvers.get(idpMetadataUuid);
        if (credentialResolver == null) {
            LOG.debug("Credential Resolver not found in cache for " + idpMetadataUuid);
            try {
                credentialResolver = createMetadataCredentialResolver();
                this.credentialResolvers.put(idpMetadataUuid, credentialResolver);
            } catch (ComponentInitializationException e) {
                LOG.debug("Could not create metadata credential resolver:" + e.getMessage());
                throw new ResolverException(e);
            }
        }
        return credentialResolver;
    }

    private MetadataCredentialResolver createMetadataCredentialResolver() throws ComponentInitializationException {
        PredicateRoleDescriptorResolver predicateRoleDescriptorResolver = new PredicateRoleDescriptorResolver(getIdpMetadataResolver(this.samlConfiguration));
        predicateRoleDescriptorResolver.initialize();
        MetadataCredentialResolver metadataCredentialResolver = new MetadataCredentialResolver();
        metadataCredentialResolver.setRoleDescriptorResolver(predicateRoleDescriptorResolver);
        metadataCredentialResolver.setKeyInfoCredentialResolver(this.keyInfoCredentialResolver);
        metadataCredentialResolver.initialize();
        return metadataCredentialResolver;
    }

    private MetadataResolver getIdpMetadataResolver(SamlConfiguration samlConfiguration) {
        try {
            return samlConfiguration.getIdpMetadataResolver();
        } catch (Exception e) {
            LOG.debug("Error getting IdP metadata resolver:" + e.getMessage());
            return null;
        }
    }
}
