package net.shibboleth.profile.relyingparty;

import java.util.ArrayList;
import java.util.Collection;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.IdentifiableComponent;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.ResolverException;
import net.shibboleth.shared.service.ReloadableService;
import net.shibboleth.shared.service.ServiceException;
import net.shibboleth.shared.service.ServiceableComponent;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/shib-profile-api-5.0.0.jar:net/shibboleth/profile/relyingparty/RelyingPartyCredentialResolver.class */
public class RelyingPartyCredentialResolver implements CredentialResolver, IdentifiableComponent {

    @Nonnull
    private Logger log = LoggerFactory.getLogger((Class<?>) RelyingPartyCredentialResolver.class);

    @Nonnull
    private ReloadableService<RelyingPartyConfigurationResolver> service;

    @Nullable
    private String id;

    public RelyingPartyCredentialResolver(@Nonnull ReloadableService<RelyingPartyConfigurationResolver> reloadableService) {
        this.service = (ReloadableService) Constraint.isNotNull(reloadableService, "ReloadableSpringService for RelyingPartyConfigurationResolver cannot be null");
    }

    @Override // net.shibboleth.shared.component.IdentifiedComponent
    @Nullable
    public String getId() {
        return this.id;
    }

    @Override // net.shibboleth.shared.component.IdentifiableComponent
    public void setId(@Nonnull @NotEmpty String str) {
        this.id = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Component ID can not be null or empty");
    }

    @Override // net.shibboleth.shared.resolver.Resolver
    @Nullable
    public Credential resolveSingle(@Nullable CriteriaSet criteriaSet) throws ResolverException {
        Iterable<Credential> resolve = resolve(criteriaSet);
        if (resolve.iterator().hasNext()) {
            return resolve.iterator().next();
        }
        return null;
    }

    @Override // net.shibboleth.shared.resolver.Resolver
    @Nonnull
    public Iterable<Credential> resolve(@Nullable CriteriaSet criteriaSet) throws ResolverException {
        UsageCriterion usageCriterion = criteriaSet != null ? (UsageCriterion) criteriaSet.get(UsageCriterion.class) : null;
        try {
            ServiceableComponent<RelyingPartyConfigurationResolver> serviceableComponent = this.service.getServiceableComponent();
            try {
                RelyingPartyConfigurationResolver component = serviceableComponent.getComponent();
                if (usageCriterion != null) {
                    if (UsageType.SIGNING.equals(usageCriterion.getUsage())) {
                        Collection<Credential> signingCredentials = component.getSigningCredentials();
                        if (serviceableComponent != null) {
                            serviceableComponent.close();
                        }
                        return signingCredentials;
                    }
                    if (UsageType.ENCRYPTION.equals(usageCriterion.getUsage())) {
                        Collection<Credential> encryptionCredentials = component.getEncryptionCredentials();
                        if (serviceableComponent != null) {
                            serviceableComponent.close();
                        }
                        return encryptionCredentials;
                    }
                }
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(component.getSigningCredentials());
                arrayList.addAll(component.getEncryptionCredentials());
                if (serviceableComponent != null) {
                    serviceableComponent.close();
                }
                return arrayList;
            } finally {
            }
        } catch (ServiceException e) {
            this.log.error("CredentialsResolver '{}': Invalid RelyingPartyResolver configuration", getId(), e);
            return CollectionSupport.emptyList();
        }
    }
}
