package uk.gov.ida.saml.metadata.transformers.decorators;

import com.google.common.base.Strings;
import org.apache.commons.lang.StringUtils;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.X509Certificate;
import org.opensaml.xmlsec.signature.X509Data;
import uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory;
import uk.gov.ida.saml.core.validation.SamlTransformationErrorException;
import uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure;

/* loaded from: input_file:uk/gov/ida/saml/metadata/transformers/decorators/SamlEntityDescriptorValidator.class */
public class SamlEntityDescriptorValidator {
    public void validate(EntityDescriptor entityDescriptor) {
        if (Strings.isNullOrEmpty(entityDescriptor.getEntityID())) {
            SamlValidationSpecificationFailure missingOrEmptyEntityID = SamlTransformationErrorFactory.missingOrEmptyEntityID();
            throw new SamlTransformationErrorException(missingOrEmptyEntityID.getErrorMessage(), missingOrEmptyEntityID.getLogLevel());
        }
        if (entityDescriptor.getCacheDuration() == null && entityDescriptor.getValidUntil() == null) {
            SamlValidationSpecificationFailure missingCacheDurationAndValidUntil = SamlTransformationErrorFactory.missingCacheDurationAndValidUntil();
            throw new SamlTransformationErrorException(missingCacheDurationAndValidUntil.getErrorMessage(), missingCacheDurationAndValidUntil.getLogLevel());
        }
        validateRoleDescriptor(entityDescriptor);
    }

    private void validateRoleDescriptor(EntityDescriptor entityDescriptor) {
        if (entityDescriptor.getRoleDescriptors().isEmpty()) {
            SamlValidationSpecificationFailure missingRoleDescriptor = SamlTransformationErrorFactory.missingRoleDescriptor();
            throw new SamlTransformationErrorException(missingRoleDescriptor.getErrorMessage(), missingRoleDescriptor.getLogLevel());
        }
        RoleDescriptor roleDescriptor = (RoleDescriptor) entityDescriptor.getRoleDescriptors().get(0);
        if (roleDescriptor.getKeyDescriptors().isEmpty()) {
            SamlValidationSpecificationFailure missingKeyDescriptor = SamlTransformationErrorFactory.missingKeyDescriptor();
            throw new SamlTransformationErrorException(missingKeyDescriptor.getErrorMessage(), missingKeyDescriptor.getLogLevel());
        }
        KeyInfo keyInfo = ((KeyDescriptor) roleDescriptor.getKeyDescriptors().get(0)).getKeyInfo();
        if (keyInfo == null) {
            SamlValidationSpecificationFailure missingKeyInfo = SamlTransformationErrorFactory.missingKeyInfo();
            throw new SamlTransformationErrorException(missingKeyInfo.getErrorMessage(), missingKeyInfo.getLogLevel());
        }
        if (keyInfo.getX509Datas().isEmpty()) {
            SamlValidationSpecificationFailure missingX509Data = SamlTransformationErrorFactory.missingX509Data();
            throw new SamlTransformationErrorException(missingX509Data.getErrorMessage(), missingX509Data.getLogLevel());
        }
        X509Data x509Data = (X509Data) keyInfo.getX509Datas().get(0);
        if (x509Data.getX509Certificates().isEmpty()) {
            SamlValidationSpecificationFailure missingX509Certificate = SamlTransformationErrorFactory.missingX509Certificate();
            throw new SamlTransformationErrorException(missingX509Certificate.getErrorMessage(), missingX509Certificate.getLogLevel());
        }
        if (StringUtils.isEmpty(((X509Certificate) x509Data.getX509Certificates().get(0)).getValue())) {
            SamlValidationSpecificationFailure emptyX509Certificiate = SamlTransformationErrorFactory.emptyX509Certificiate();
            throw new SamlTransformationErrorException(emptyX509Certificiate.getErrorMessage(), emptyX509Certificiate.getLogLevel());
        }
    }
}
