package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;

import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.AbstractMetadataSignatureFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
import at.gv.egovernment.moa.logging.Logger;
import iaik.x509.X509Certificate;
import java.security.cert.CertificateException;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.BasicX509Credential;

/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.class */
public class MetadataSignatureFilter extends AbstractMetadataSignatureFilter {
    private String metadataURL;
    private BasicX509Credential savedCredential;

    public MetadataSignatureFilter(String str, byte[] bArr) throws CertificateException {
        this.metadataURL = str;
        X509Certificate x509Certificate = new X509Certificate(bArr);
        this.savedCredential = new BasicX509Credential();
        this.savedCredential.setEntityCertificate(x509Certificate);
    }

    protected void verify(EntityDescriptor entityDescriptor) throws PVP2MetadataException {
        try {
            EntityVerifier.verify(entityDescriptor);
        } catch (EAAFException e) {
            Logger.info("PVP2 metadata verification FAILED for entity: " + entityDescriptor.getEntityID() + " Reason: " + e.getMessage());
            throw new PVP2MetadataException("PVP2 metadata verification FAILED for entity: " + entityDescriptor.getEntityID(), (Object[]) null, e);
        }
    }

    protected void verify(EntitiesDescriptor entitiesDescriptor) throws PVP2MetadataException {
        try {
            EntityVerifier.verify(entitiesDescriptor, (Credential) this.savedCredential);
        } catch (EAAFException e) {
            Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + this.metadataURL + " Reason: " + e.getMessage());
            throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + this.metadataURL, (Object[]) null, e);
        }
    }

    protected void verify(EntityDescriptor entityDescriptor, EntitiesDescriptor entitiesDescriptor) throws PVP2MetadataException {
        try {
            if (entityDescriptor.isSigned()) {
                Logger.debug("EntityDescriptor: " + entityDescriptor.getEntityID() + " is signed. Starting signature verification ... ");
                EntityVerifier.verify(entityDescriptor);
            } else {
                Logger.debug("EntityDescriptor: " + entityDescriptor.getEntityID() + " is not signed. Verify EntitiesDescriptor by using 'Entity' certificate ...  ");
                EntityVerifier.verify(entitiesDescriptor, EntityVerifier.getSPTrustedCredential(entityDescriptor.getEntityID()));
            }
        } catch (EAAFException e) {
            Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + this.metadataURL + " Reason: " + e.getMessage());
            throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + this.metadataURL, (Object[]) null, e);
        }
    }
}
