package org.opensaml.saml.metadata.resolver.filter.impl;

import java.time.Duration;
import java.time.Instant;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-saml-impl-4.1.1.jar:org/opensaml/saml/metadata/resolver/filter/impl/RequiredValidUntilFilter.class */
public class RequiredValidUntilFilter implements MetadataFilter {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) RequiredValidUntilFilter.class);

    @Nullable
    private Duration maxValidityInterval = Duration.ofDays(14);

    @Nullable
    public Duration getMaxValidityInterval() {
        return this.maxValidityInterval;
    }

    public void setMaxValidityInterval(@Nullable Duration duration) {
        if (duration == null || duration.isNegative() || duration.isZero()) {
            this.maxValidityInterval = null;
        } else {
            this.maxValidityInterval = duration;
        }
    }

    @Override // org.opensaml.saml.metadata.resolver.filter.MetadataFilter
    @Nullable
    public XMLObject filter(@Nullable XMLObject xMLObject, @Nonnull MetadataFilterContext metadataFilterContext) throws FilterException {
        if (xMLObject == null) {
            return null;
        }
        Instant validUntil = getValidUntil(xMLObject);
        if (validUntil == null) {
            throw new FilterException("Metadata did not include a validUntil attribute");
        }
        Instant now = Instant.now();
        if (this.maxValidityInterval != null && validUntil.isAfter(now)) {
            long epochMilli = validUntil.toEpochMilli() - now.toEpochMilli();
            if (Duration.ofMillis(epochMilli).compareTo(this.maxValidityInterval) > 0) {
                throw new FilterException(String.format("Metadata's validity interval %s is larger than is allowed %s", Duration.ofMillis(epochMilli), this.maxValidityInterval));
            }
        }
        return xMLObject;
    }

    @Nullable
    protected Instant getValidUntil(@Nonnull XMLObject xMLObject) throws FilterException {
        if (xMLObject instanceof EntitiesDescriptor) {
            return ((EntitiesDescriptor) xMLObject).getValidUntil();
        }
        if (xMLObject instanceof EntityDescriptor) {
            return ((EntityDescriptor) xMLObject).getValidUntil();
        }
        this.log.error("Metadata root element was not an EntitiesDescriptor or EntityDescriptor it was a {}", xMLObject.getElementQName());
        throw new FilterException("Metadata root element was not an EntitiesDescriptor or EntityDescriptor");
    }
}
