package edu.internet2.middleware.shibboleth.common.binding.security;

import java.util.LinkedHashSet;
import org.opensaml.common.binding.security.SAMLMDClientCertAuthRule;
import org.opensaml.ws.security.provider.CertificateNameOptions;
import org.opensaml.xml.security.trust.TrustEngine;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.security.x509.X509Util;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/binding/security/ShibbolethClientCertAuthRule.class */
public class ShibbolethClientCertAuthRule extends SAMLMDClientCertAuthRule {
    public ShibbolethClientCertAuthRule(TrustEngine<X509Credential> trustEngine, CertificateNameOptions certificateNameOptions) {
        super(trustEngine, certificateNameOptions);
    }

    public ShibbolethClientCertAuthRule(TrustEngine<X509Credential> trustEngine) {
        super(trustEngine, new CertificateNameOptions());
        CertificateNameOptions certificateNameOptions = getCertificateNameOptions();
        certificateNameOptions.setX500SubjectDNFormat("RFC2253");
        certificateNameOptions.setEvaluateSubjectDN(true);
        certificateNameOptions.setEvaluateSubjectCommonName(true);
        LinkedHashSet subjectAltNames = certificateNameOptions.getSubjectAltNames();
        subjectAltNames.add(X509Util.DNS_ALT_NAME);
        subjectAltNames.add(X509Util.URI_ALT_NAME);
    }
}
