package pl.edu.icm.unity.saml.metadata;

import eu.emi.security.authn.x509.X509Credential;
import eu.unicore.samly2.SAMLUtils;
import eu.unicore.samly2.trust.SamlTrustChecker;
import eu.unicore.security.dsig.DigSignatureUtil;
import java.util.Date;
import org.w3c.dom.Document;
import xmlbeans.org.oasis.saml2.metadata.EntityDescriptorDocument;

/* loaded from: input_file:pl/edu/icm/unity/saml/metadata/MetadataSigner.class */
public class MetadataSigner implements MetadataProvider {
    private MetadataProvider wrappedProvider;
    private X509Credential credential;
    private EntityDescriptorDocument metadata;
    private Date lastUpdate;

    public MetadataSigner(MetadataProvider metadataProvider, X509Credential x509Credential) throws Exception {
        this.wrappedProvider = metadataProvider;
        this.credential = x509Credential;
        update();
    }

    private void update() throws Exception {
        this.lastUpdate = this.wrappedProvider.getLastmodification();
        this.metadata = this.wrappedProvider.getMetadata();
        this.metadata.getEntityDescriptor().setID(SAMLUtils.genID("unity-"));
        Document document = (Document) this.metadata.getDomNode();
        new DigSignatureUtil().genEnvelopedSignature(this.credential.getKey(), this.credential.getCertificate().getPublicKey(), this.credential.getCertificateChain(), document, document.getFirstChild().getFirstChild(), SamlTrustChecker.PROTOCOL_ID_QNAME);
    }

    @Override // pl.edu.icm.unity.saml.metadata.MetadataProvider
    public EntityDescriptorDocument getMetadata() throws Exception {
        if (this.lastUpdate.before(this.wrappedProvider.getLastmodification())) {
            update();
        }
        return EntityDescriptorDocument.Factory.parse(this.metadata.xmlText());
    }

    @Override // pl.edu.icm.unity.saml.metadata.MetadataProvider
    public Date getLastmodification() {
        return this.wrappedProvider.getLastmodification();
    }

    @Override // pl.edu.icm.unity.saml.metadata.MetadataProvider
    public void stop() {
        this.wrappedProvider.stop();
    }
}
