package uk.gov.ida.saml.metadata;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.inject.Inject;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
import org.joda.time.DateTimeUtils;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.opensaml.xmlsec.signature.X509Certificate;
import uk.gov.ida.saml.metadata.exception.CertificateConversionException;

/* loaded from: input_file:uk/gov/ida/saml/metadata/ExpiredCertificateMetadataFilter.class */
public class ExpiredCertificateMetadataFilter implements MetadataFilter {
    CertificateFactory certificateFactory;

    @Inject
    public ExpiredCertificateMetadataFilter() {
        try {
            this.certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public XMLObject filter(XMLObject xMLObject) throws FilterException {
        Iterator it = ((List) ((SignableXMLObject) xMLObject).getSignature().getKeyInfo().getX509Datas().stream().flatMap(x509Data -> {
            return x509Data.getX509Certificates().stream();
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            try {
                convertToSunCert((X509Certificate) it.next()).checkValidity(new Date(DateTimeUtils.currentTimeMillis()));
            } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                throw new FilterException(e);
            }
        }
        return xMLObject;
    }

    private java.security.cert.X509Certificate convertToSunCert(X509Certificate x509Certificate) {
        try {
            return (java.security.cert.X509Certificate) this.certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(x509Certificate.getValue())));
        } catch (Base64DecodingException | CertificateException e) {
            throw new CertificateConversionException(e);
        }
    }
}
