package org.pac4j.saml.crypto;

import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver;
import org.opensaml.saml.security.impl.MetadataCredentialResolver;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
import org.pac4j.saml.exceptions.SAMLException;
import org.pac4j.saml.metadata.SAML2MetadataResolver;
import org.pac4j.saml.util.SAML2Utils;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-4.5.0.jar:org/pac4j/saml/crypto/ExplicitSignatureTrustEngineProvider.class */
public class ExplicitSignatureTrustEngineProvider implements SAML2SignatureTrustEngineProvider {
    private final SAML2MetadataResolver idpMetadataResolver;
    private final SAML2MetadataResolver spMetadataResolver;

    public ExplicitSignatureTrustEngineProvider(SAML2MetadataResolver sAML2MetadataResolver, SAML2MetadataResolver sAML2MetadataResolver2) {
        this.idpMetadataResolver = sAML2MetadataResolver;
        this.spMetadataResolver = sAML2MetadataResolver2;
    }

    @Override // org.pac4j.saml.crypto.SAML2SignatureTrustEngineProvider
    public SignatureTrustEngine build() {
        MetadataCredentialResolver metadataCredentialResolver = new MetadataCredentialResolver();
        PredicateRoleDescriptorResolver predicateRoleDescriptorResolver = new PredicateRoleDescriptorResolver(SAML2Utils.buildChainingMetadataResolver(this.idpMetadataResolver, this.spMetadataResolver));
        KeyInfoCredentialResolver buildBasicInlineKeyInfoCredentialResolver = DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver();
        metadataCredentialResolver.setKeyInfoCredentialResolver(buildBasicInlineKeyInfoCredentialResolver);
        metadataCredentialResolver.setRoleDescriptorResolver(predicateRoleDescriptorResolver);
        try {
            metadataCredentialResolver.initialize();
            predicateRoleDescriptorResolver.initialize();
            return new ExplicitKeySignatureTrustEngine(metadataCredentialResolver, buildBasicInlineKeyInfoCredentialResolver);
        } catch (ComponentInitializationException e) {
            throw new SAMLException(e);
        }
    }
}
