package org.opensaml.xmlsec.keyinfo.impl;

import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.ParameterName;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.criteria.KeyNameCriterion;
import org.opensaml.security.criteria.PublicKeyCriterion;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolutionMode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/xmlsec/keyinfo/impl/LocalKeyInfoCredentialResolver.class */
public class LocalKeyInfoCredentialResolver extends BasicProviderKeyInfoCredentialResolver {
    private final Logger log;
    private final CredentialResolver localCredResolver;

    public LocalKeyInfoCredentialResolver(@Nonnull @ParameterName(name = "keyInfoProviders") List<KeyInfoProvider> list, @Nonnull @ParameterName(name = "localCredentialResolver") CredentialResolver credentialResolver) {
        super(list);
        this.log = LoggerFactory.getLogger(LocalKeyInfoCredentialResolver.class);
        this.localCredResolver = (CredentialResolver) Constraint.isNotNull(credentialResolver, "Local credential resolver cannot be null");
    }

    @Nonnull
    public CredentialResolver getLocalCredentialResolver() {
        return this.localCredResolver;
    }

    @Override // org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver
    protected void postProcess(@Nonnull KeyInfoResolutionContext keyInfoResolutionContext, @Nullable CriteriaSet criteriaSet, @Nonnull List<Credential> list) throws ResolverException {
        KeyInfoCredentialResolutionMode.Mode mode = criteriaSet.contains(KeyInfoCredentialResolutionMode.class) ? ((KeyInfoCredentialResolutionMode) criteriaSet.get(KeyInfoCredentialResolutionMode.class)).getMode() : KeyInfoCredentialResolutionMode.Mode.LOCAL;
        this.log.debug("Resolution mode in effect is: {}", mode);
        if (KeyInfoCredentialResolutionMode.Mode.PUBLIC == mode) {
            this.log.debug("Criteria indicates PUBLIC resolution mode, skipping explicit local credential resolution");
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (Credential credential : list) {
            if (isLocalCredential(credential)) {
                this.log.debug("Input credential was local, including in results");
                arrayList.add(credential);
            } else if (credential.getPublicKey() != null) {
                Collection<? extends Credential> resolveByPublicKey = resolveByPublicKey(credential.getPublicKey());
                if (!resolveByPublicKey.isEmpty()) {
                    this.log.debug("Input credential was public, resolved to local credential(s), adding to results");
                    arrayList.addAll(resolveByPublicKey);
                } else if (KeyInfoCredentialResolutionMode.Mode.BOTH == mode) {
                    this.log.debug("Input credential was public, did not resolve to local credential(s), BOTH mode in effect, including in results");
                    arrayList.add(credential);
                } else {
                    this.log.debug("Input credential was public, did not resolve to local credential(s), LOCAL mode in effect, omitting from results");
                }
            }
        }
        Iterator<String> it = keyInfoResolutionContext.getKeyNames().iterator();
        while (it.hasNext()) {
            arrayList.addAll(resolveByKeyName(it.next()));
        }
        list.clear();
        list.addAll(arrayList);
    }

    protected boolean isLocalCredential(@Nonnull Credential credential) {
        return (credential.getPrivateKey() == null && credential.getSecretKey() == null) ? false : true;
    }

    @Nonnull
    protected Collection<? extends Credential> resolveByKeyName(@Nonnull String str) throws ResolverException {
        ArrayList arrayList = new ArrayList();
        for (Credential credential : getLocalCredentialResolver().resolve(new CriteriaSet(new KeyNameCriterion(str)))) {
            if (isLocalCredential(credential)) {
                arrayList.add(credential);
            }
        }
        return arrayList;
    }

    @Nonnull
    protected Collection<? extends Credential> resolveByPublicKey(@Nonnull PublicKey publicKey) throws ResolverException {
        ArrayList arrayList = new ArrayList();
        for (Credential credential : getLocalCredentialResolver().resolve(new CriteriaSet(new PublicKeyCriterion(publicKey)))) {
            if (isLocalCredential(credential)) {
                arrayList.add(credential);
            }
        }
        return arrayList;
    }
}
