package uk.gov.ida.saml.security;

import java.text.MessageFormat;
import java.util.Optional;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;

/* loaded from: input_file:uk/gov/ida/saml/security/MetadataBackedEncryptionCredentialResolver.class */
public class MetadataBackedEncryptionCredentialResolver implements EncryptionCredentialResolver {
    private CredentialResolver credentialResolver;
    private QName role;

    /* loaded from: input_file:uk/gov/ida/saml/security/MetadataBackedEncryptionCredentialResolver$CredentialMissingInMetadataException.class */
    public static class CredentialMissingInMetadataException extends RuntimeException {
        public static final String PATTERN = "No public key for entity-id: \"{0}\" could be found in the metadata. Metadata could be expired, invalid, or missing entities";

        public CredentialMissingInMetadataException(String str) {
            super(MessageFormat.format(PATTERN, str));
        }
    }

    public MetadataBackedEncryptionCredentialResolver(CredentialResolver credentialResolver, QName qName) {
        this.credentialResolver = credentialResolver;
        this.role = qName;
    }

    @Override // uk.gov.ida.saml.security.EncryptionCredentialResolver
    public Credential getEncryptingCredential(String str) {
        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIdCriterion(str));
        criteriaSet.add(new EntityRoleCriterion(this.role));
        criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
        try {
            return (Credential) Optional.ofNullable((Credential) this.credentialResolver.resolveSingle(criteriaSet)).orElseThrow(() -> {
                return new CredentialMissingInMetadataException(str);
            });
        } catch (ResolverException e) {
            throw new RuntimeException((Throwable) e);
        }
    }
}
