package uk.gov.ida.saml.security;

import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;

/* loaded from: input_file:uk/gov/ida/saml/security/MetadataBackedSignatureValidator.class */
public class MetadataBackedSignatureValidator extends SignatureValidator {
    private final ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine;
    private final Optional<CertificateChainEvaluableCriterion> certificateChainEvaluableCriteria;

    public static MetadataBackedSignatureValidator withoutCertificateChainValidation(ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine) {
        return new MetadataBackedSignatureValidator(explicitKeySignatureTrustEngine);
    }

    public static MetadataBackedSignatureValidator withCertificateChainValidation(ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine, CertificateChainEvaluableCriterion certificateChainEvaluableCriterion) {
        return new MetadataBackedSignatureValidator(explicitKeySignatureTrustEngine, certificateChainEvaluableCriterion);
    }

    private MetadataBackedSignatureValidator(ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine) {
        this.explicitKeySignatureTrustEngine = explicitKeySignatureTrustEngine;
        this.certificateChainEvaluableCriteria = Optional.empty();
    }

    private MetadataBackedSignatureValidator(ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine, CertificateChainEvaluableCriterion certificateChainEvaluableCriterion) {
        this.explicitKeySignatureTrustEngine = explicitKeySignatureTrustEngine;
        this.certificateChainEvaluableCriteria = Optional.of(certificateChainEvaluableCriterion);
    }

    @Override // uk.gov.ida.saml.security.SignatureValidator
    protected List<Criterion> getAdditionalCriteria(String str, QName qName) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new EntityIdCriterion(str));
        arrayList.add(new EntityRoleCriterion(qName));
        arrayList.add(new UsageCriterion(UsageType.SIGNING));
        Optional<CertificateChainEvaluableCriterion> optional = this.certificateChainEvaluableCriteria;
        Objects.requireNonNull(arrayList);
        optional.map((v1) -> {
            return r1.add(v1);
        });
        return arrayList;
    }

    @Override // uk.gov.ida.saml.security.SignatureValidator
    protected TrustEngine<Signature> getTrustEngine(String str) {
        return this.explicitKeySignatureTrustEngine;
    }
}
