package com.appiancorp.security.auth.saml.builder;

import java.util.function.BooleanSupplier;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;

/* loaded from: input_file:com/appiancorp/security/auth/saml/builder/KeyDescriptorBuilder.class */
public final class KeyDescriptorBuilder {
    private final BasicX509Credential credential;
    private BooleanSupplier allowEncryptedAssertions;
    private final KeyInfoGenerator keyInfoGenerator;

    private KeyDescriptorBuilder(BasicX509Credential basicX509Credential, BooleanSupplier booleanSupplier) {
        this.credential = basicX509Credential;
        this.allowEncryptedAssertions = booleanSupplier;
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        this.keyInfoGenerator = x509KeyInfoGeneratorFactory.newInstance();
    }

    public static KeyDescriptorBuilder create(BasicX509Credential basicX509Credential, BooleanSupplier booleanSupplier) {
        return new KeyDescriptorBuilder(basicX509Credential, booleanSupplier);
    }

    public KeyDescriptor build() throws SecurityException {
        KeyDescriptor buildObject = new org.opensaml.saml.saml2.metadata.impl.KeyDescriptorBuilder().buildObject();
        buildObject.setUse(this.allowEncryptedAssertions.getAsBoolean() ? UsageType.UNSPECIFIED : UsageType.SIGNING);
        buildObject.setKeyInfo(this.keyInfoGenerator.generate(this.credential));
        return buildObject;
    }
}
