package com.atlassian.crowd.sso.saml.impl.opensaml.action;

import com.atlassian.crowd.manager.sso.CrowdSamlConfigurationServiceInternal;
import com.atlassian.crowd.sso.saml.impl.opensaml.context.SecurityContext;
import com.google.common.annotations.VisibleForTesting;
import javax.annotation.Nonnull;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.security.x509.X509Credential;

/* loaded from: input_file:com/atlassian/crowd/sso/saml/impl/opensaml/action/PrepareSecurityContextAction.class */
public class PrepareSecurityContextAction extends AbstractProfileAction {
    private final CrowdSamlConfigurationServiceInternal crowdSamlConfigurationService;

    public PrepareSecurityContextAction(CrowdSamlConfigurationServiceInternal crowdSamlConfigurationServiceInternal) {
        this.crowdSamlConfigurationService = crowdSamlConfigurationServiceInternal;
    }

    @VisibleForTesting
    public X509Credential prepareCredential() {
        return (X509Credential) this.crowdSamlConfigurationService.getKeyCertificatePairToSign().map(keyCertificatePair -> {
            return new BasicX509Credential(keyCertificatePair.getCertificate(), keyCertificatePair.getPrivateKey());
        }).orElseThrow(() -> {
            return new RuntimeException("Private key/certificate pair not found");
        });
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        SecurityContext securityContext = new SecurityContext();
        securityContext.setResponseSignCredential(prepareCredential());
        profileRequestContext.addSubcontext(securityContext);
    }
}
