package org.opensaml.saml.common.binding.security.impl;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.logic.ConstraintViolationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.messaging.context.AbstractAuthenticatableSAMLEntityContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.messaging.context.SAMLProtocolContext;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.security.messaging.impl.BaseClientCertAuthSecurityHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/saml/common/binding/security/impl/SAMLMDClientCertAuthSecurityHandler.class */
public class SAMLMDClientCertAuthSecurityHandler extends BaseClientCertAuthSecurityHandler {
    private Logger log = LoggerFactory.getLogger((Class<?>) SAMLMDClientCertAuthSecurityHandler.class);
    private Class<? extends AbstractAuthenticatableSAMLEntityContext> entityContextClass = SAMLPeerEntityContext.class;

    @Nonnull
    public Class<? extends AbstractAuthenticatableSAMLEntityContext> getEntityContextClass() {
        return this.entityContextClass;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void setEntityContextClass(@Nonnull Class<? extends AbstractAuthenticatableSAMLEntityContext> cls) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.entityContextClass = (Class) Constraint.isNotNull(cls, "The SAML entity context class may not be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.security.messaging.impl.BaseClientCertAuthSecurityHandler, org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler
    @Nonnull
    public CriteriaSet buildCriteriaSet(@Nullable String str, @Nonnull MessageContext messageContext) throws MessageHandlerException {
        CriteriaSet buildCriteriaSet = super.buildCriteriaSet(str, messageContext);
        try {
            this.log.trace("Attempting to build criteria based on contents of entity contxt class of type: {}", this.entityContextClass.getName());
            AbstractAuthenticatableSAMLEntityContext abstractAuthenticatableSAMLEntityContext = (AbstractAuthenticatableSAMLEntityContext) messageContext.getSubcontext(this.entityContextClass);
            Constraint.isNotNull(abstractAuthenticatableSAMLEntityContext, "Required authenticatable SAML entity context was not present in message context: " + this.entityContextClass.getName());
            Constraint.isNotNull(abstractAuthenticatableSAMLEntityContext.getRole(), "SAML entity role was null");
            buildCriteriaSet.add(new EntityRoleCriterion(abstractAuthenticatableSAMLEntityContext.getRole()));
            SAMLProtocolContext sAMLProtocolContext = (SAMLProtocolContext) messageContext.getSubcontext(SAMLProtocolContext.class);
            Constraint.isNotNull(sAMLProtocolContext, "SAMLProtocolContext was null");
            Constraint.isNotNull(sAMLProtocolContext.getProtocol(), "SAML protocol was null");
            buildCriteriaSet.add(new ProtocolCriterion(sAMLProtocolContext.getProtocol()));
            return buildCriteriaSet;
        } catch (ConstraintViolationException e) {
            throw new MessageHandlerException(e);
        }
    }

    @Override // org.opensaml.security.messaging.impl.BaseClientCertAuthSecurityHandler
    @Nullable
    protected String getCertificatePresenterEntityID(@Nonnull MessageContext messageContext) {
        AbstractAuthenticatableSAMLEntityContext abstractAuthenticatableSAMLEntityContext = (AbstractAuthenticatableSAMLEntityContext) messageContext.getSubcontext(this.entityContextClass);
        if (abstractAuthenticatableSAMLEntityContext != null) {
            this.log.trace("Found authenticatable entityID '{}' from context: {}", abstractAuthenticatableSAMLEntityContext.getEntityId(), abstractAuthenticatableSAMLEntityContext.getClass().getName());
            return abstractAuthenticatableSAMLEntityContext.getEntityId();
        }
        this.log.trace("Authenticatable entityID context was not present: {}", abstractAuthenticatableSAMLEntityContext.getClass().getName());
        return null;
    }

    @Override // org.opensaml.security.messaging.impl.BaseClientCertAuthSecurityHandler
    protected void setAuthenticatedCertificatePresenterEntityID(@Nonnull MessageContext messageContext, @Nullable String str) {
        this.log.trace("Storing authenticatable entityID '{}' in context: {}", str, this.entityContextClass);
        ((AbstractAuthenticatableSAMLEntityContext) messageContext.getSubcontext(this.entityContextClass, true)).setEntityId(str);
    }

    @Override // org.opensaml.security.messaging.impl.BaseClientCertAuthSecurityHandler
    protected void setAuthenticatedState(@Nonnull MessageContext messageContext, boolean z) {
        this.log.trace("Storing authenticated entity state '{}' in context: {}", Boolean.valueOf(z), this.entityContextClass);
        ((AbstractAuthenticatableSAMLEntityContext) messageContext.getSubcontext(this.entityContextClass, true)).setAuthenticated(z);
    }
}
