package edu.internet2.middleware.shibboleth.common.config.security;

import edu.internet2.middleware.shibboleth.common.binding.security.ShibbolethClientCertAuthRule;
import javax.xml.namespace.QName;
import org.opensaml.ws.security.provider.CertificateNameOptions;
import org.opensaml.xml.security.x509.X509Util;
import org.opensaml.xml.util.DatatypeHelper;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.w3c.dom.Element;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/config/security/ClientCertAuthRuleBeanDefinitionParser.class */
public class ClientCertAuthRuleBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
    public static final QName SCHEMA_TYPE = new QName(SecurityNamespaceHandler.NAMESPACE, "ClientCertAuth");

    protected Class getBeanClass(Element element) {
        return ShibbolethClientCertAuthRule.class;
    }

    protected void doParse(Element element, BeanDefinitionBuilder beanDefinitionBuilder) {
        beanDefinitionBuilder.addConstructorArgReference(DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "trustEngineRef")));
        CertificateNameOptions certificateNameOptions = new CertificateNameOptions();
        certificateNameOptions.setX500SubjectDNFormat("RFC2253");
        certificateNameOptions.setEvaluateSubjectDN(false);
        certificateNameOptions.setEvaluateSubjectCommonName(true);
        certificateNameOptions.getSubjectAltNames().add(X509Util.DNS_ALT_NAME);
        certificateNameOptions.getSubjectAltNames().add(X509Util.URI_ALT_NAME);
        beanDefinitionBuilder.addConstructorArg(certificateNameOptions);
    }

    protected boolean shouldGenerateId() {
        return true;
    }
}
