package org.geant.idpextension.oidc.metadata.impl;

import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.minidev.json.JSONArray;
import net.shibboleth.idp.profile.config.SecurityConfiguration;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.logic.ConstraintViolationException;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.geant.idpextension.oidc.metadata.resolver.MetadataValueResolver;
import org.geant.security.jwk.JWKCredential;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/geant/idpextension/oidc/metadata/impl/CredentialMetadataValueResolver.class */
public class CredentialMetadataValueResolver extends AbstractIdentifiableInitializableComponent implements MetadataValueResolver {
    private final Logger log = LoggerFactory.getLogger(CredentialMetadataValueResolver.class);

    @Nonnull
    private Function<ProfileRequestContext, RelyingPartyContext> relyingPartyContextLookupStrategy = new ChildContextLookup(RelyingPartyContext.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.geant.idpextension.oidc.metadata.impl.CredentialMetadataValueResolver$1, reason: invalid class name */
    /* loaded from: input_file:org/geant/idpextension/oidc/metadata/impl/CredentialMetadataValueResolver$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$opensaml$security$credential$UsageType = new int[UsageType.values().length];

        static {
            try {
                $SwitchMap$org$opensaml$security$credential$UsageType[UsageType.SIGNING.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$opensaml$security$credential$UsageType[UsageType.ENCRYPTION.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.relyingPartyContextLookupStrategy = (Function) Constraint.isNotNull(function, "RelyingPartyContext lookup strategy cannot be null");
    }

    public JWK parseJwkCredential(@Nonnull Credential credential) {
        KeyUse keyUse;
        RSAKey build;
        Constraint.isNotNull(credential, "Credential cannot be null");
        PublicKey publicKey = credential.getPublicKey();
        String kid = credential instanceof JWKCredential ? ((JWKCredential) credential).getKid() : null;
        switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[credential.getUsageType().ordinal()]) {
            case 1:
                keyUse = KeyUse.SIGNATURE;
                break;
            case 2:
                keyUse = KeyUse.ENCRYPTION;
                break;
            default:
                keyUse = null;
                break;
        }
        if (publicKey instanceof RSAPublicKey) {
            RSAKey.Builder keyUse2 = new RSAKey.Builder((RSAPublicKey) publicKey).keyID(kid).keyUse(keyUse);
            if (credential instanceof JWKCredential) {
                keyUse2.algorithm(((JWKCredential) credential).getAlgorithm());
            }
            build = keyUse2.build();
        } else {
            if (!(publicKey instanceof ECPublicKey)) {
                this.log.warn("Unsupported public key {}", publicKey.getAlgorithm());
                throw new ConstraintViolationException("Unsupported public key algorithm");
            }
            ECKey.Builder builder = new ECKey.Builder(Curve.forECParameterSpec(((ECPublicKey) publicKey).getParams()), (ECPublicKey) publicKey);
            if (credential instanceof JWKCredential) {
                builder.algorithm(((JWKCredential) credential).getAlgorithm());
            }
            build = builder.build();
        }
        return build;
    }

    public Iterable<Object> resolve(ProfileRequestContext profileRequestContext) throws ResolverException {
        ArrayList arrayList = new ArrayList();
        RelyingPartyContext apply = this.relyingPartyContextLookupStrategy.apply(profileRequestContext);
        if (apply == null || apply.getProfileConfig() == null) {
            this.log.warn("Could not find profile configuration, nothing to do");
            return arrayList;
        }
        SecurityConfiguration securityConfiguration = apply.getProfileConfig().getSecurityConfiguration(profileRequestContext);
        if (securityConfiguration == null || securityConfiguration.getSignatureSigningConfiguration() == null) {
            this.log.warn("Could not find signing configuration, nothing to do");
            return arrayList;
        }
        List signingCredentials = securityConfiguration.getSignatureSigningConfiguration().getSigningCredentials();
        JSONArray jSONArray = new JSONArray();
        Iterator it = signingCredentials.iterator();
        while (it.hasNext()) {
            try {
                jSONArray.add(parseJwkCredential((Credential) it.next()).toJSONObject());
            } catch (ConstraintViolationException e) {
                this.log.warn("Ignoring key from the resulting list", e);
            }
        }
        arrayList.add(jSONArray);
        return arrayList;
    }

    public Object resolveSingle(@Nonnull ProfileRequestContext profileRequestContext) throws ResolverException {
        Iterator<Object> it = resolve(profileRequestContext).iterator();
        if (it.hasNext()) {
            return it.next();
        }
        return null;
    }
}
