package se.litsec.opensaml.saml2.metadata;

import java.time.Duration;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import org.joda.time.DateTime;
import org.joda.time.chrono.ISOChronology;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.saml2.common.CacheableSAMLObject;
import org.opensaml.saml.saml2.common.TimeBoundSAMLObject;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import se.litsec.opensaml.utils.ObjectUtils;
import se.litsec.opensaml.utils.SignatureUtils;

/* loaded from: input_file:se/litsec/opensaml/saml2/metadata/AbstractMetadataContainer.class */
public abstract class AbstractMetadataContainer<T extends TimeBoundSAMLObject & SignableSAMLObject & CacheableSAMLObject> implements MetadataContainer<T> {
    public static final Duration DEFAULT_VALIDITY = Duration.ofDays(7);
    public static final float DEFAULT_UPDATE_FACTOR = 0.75f;
    public static final int DEFAULT_DESCRIPTOR_ID_SIZE = 32;
    protected T descriptor;
    protected X509Credential signatureCredentials;
    private Logger logger = LoggerFactory.getLogger(AbstractMetadataContainer.class);
    protected Duration validity = DEFAULT_VALIDITY;
    protected float updateFactor = 0.75f;
    protected int idSize = 32;

    public AbstractMetadataContainer(T t, X509Credential x509Credential) {
        this.descriptor = t;
        this.signatureCredentials = x509Credential;
    }

    @Override // se.litsec.opensaml.saml2.metadata.MetadataContainer
    public T getDescriptor() {
        return this.descriptor;
    }

    @Override // se.litsec.opensaml.saml2.metadata.MetadataContainer
    public T cloneDescriptor() throws MarshallingException, UnmarshallingException {
        return (T) XMLObjectSupport.cloneXMLObject(this.descriptor);
    }

    @Override // se.litsec.opensaml.saml2.metadata.MetadataContainer
    public boolean updateRequired(boolean z) {
        if (!this.descriptor.isValid()) {
            return true;
        }
        if ((!z || this.descriptor.isSigned()) && this.descriptor.getValidUntil() != null) {
            return this.updateFactor * ((float) this.validity.toMillis()) > ((float) (this.descriptor.getValidUntil().getMillis() - new DateTime(ISOChronology.getInstanceUTC()).getMillis()));
        }
        return true;
    }

    @Override // se.litsec.opensaml.saml2.metadata.MetadataContainer
    public T update(boolean z) throws SignatureException, MarshallingException {
        this.descriptor.setSignature((Signature) null);
        assignID(this.descriptor, new RandomIdentifierGenerationStrategy(this.idSize).generateIdentifier(true));
        this.descriptor.setValidUntil(new DateTime(ISOChronology.getInstanceUTC()).plusSeconds((int) this.validity.getSeconds()));
        this.logger.debug("Descriptor '{}' was updated with ID '{}' and validUntil '{}'", new Object[]{getLogString(this.descriptor), getID(this.descriptor), this.descriptor.getValidUntil().toString()});
        return z ? sign() : this.descriptor;
    }

    @Override // se.litsec.opensaml.saml2.metadata.MetadataContainer
    public T sign() throws SignatureException, MarshallingException {
        this.logger.trace("Signing descriptor '{}' ...", getLogString(this.descriptor));
        if (getID(this.descriptor) == null || this.descriptor.getValidUntil() == null) {
            return update(true);
        }
        SignatureUtils.sign(this.descriptor, this.signatureCredentials);
        this.logger.debug("Descriptor '{}' successfully signed.", getLogString(this.descriptor));
        return this.descriptor;
    }

    @Override // se.litsec.opensaml.saml2.metadata.MetadataContainer
    public Element marshall() throws MarshallingException {
        return ObjectUtils.marshall(this.descriptor);
    }

    @Override // se.litsec.opensaml.saml2.metadata.MetadataContainer
    public Duration getValidity() {
        return this.validity;
    }

    public void setValidity(Duration duration) {
        this.validity = duration;
    }

    @Override // se.litsec.opensaml.saml2.metadata.MetadataContainer
    public float getUpdateFactor() {
        return this.updateFactor;
    }

    public void setUpdateFactor(float f) {
        if (f < 0.0f || f > 1.0f) {
            throw new IllegalArgumentException("Supplied updateFactor must be greater than 0 and equal or less than 1");
        }
        this.updateFactor = f;
    }

    public int getIdSize() {
        return this.idSize;
    }

    public void setIdSize(int i) {
        this.idSize = i;
    }

    protected abstract String getID(T t);

    protected abstract void assignID(T t, String str);

    protected abstract String getLogString(T t);
}
