package org.opensaml.security.credential.criteria.impl;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.logic.AbstractTriStatePredicate;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.apache.commons.codec.binary.Hex;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.security.x509.X509DigestCriterion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-security-impl-4.3.0.jar:org/opensaml/security/credential/criteria/impl/EvaluableX509DigestCredentialCriterion.class */
public final class EvaluableX509DigestCredentialCriterion extends AbstractTriStatePredicate<Credential> implements EvaluableCredentialCriterion {
    private final Logger log = LoggerFactory.getLogger((Class<?>) EvaluableX509DigestCredentialCriterion.class);
    private final String algorithm;
    private final byte[] x509digest;

    public EvaluableX509DigestCredentialCriterion(@Nonnull X509DigestCriterion x509DigestCriterion) {
        this.algorithm = ((X509DigestCriterion) Constraint.isNotNull(x509DigestCriterion, "Criterion instance cannot be null")).getAlgorithm();
        this.x509digest = x509DigestCriterion.getDigest();
    }

    public EvaluableX509DigestCredentialCriterion(@Nonnull String str, @Nonnull byte[] bArr) {
        this.x509digest = Constraint.isNotEmpty(bArr, "X.509 digest cannot be null or empty");
        String trimOrNull = StringSupport.trimOrNull(str);
        Constraint.isNotNull(trimOrNull, "Certificate digest algorithm cannot be null or empty");
        this.algorithm = trimOrNull;
    }

    @Override // java.util.function.Predicate
    public boolean test(@Nullable Credential credential) {
        if (credential == null) {
            this.log.error("Credential target was null");
            return isNullInputSatisfies();
        }
        if (!(credential instanceof X509Credential)) {
            this.log.info("Credential is not an X509Credential, does not satisfy X.509 digest criteria");
            return false;
        }
        X509Certificate entityCertificate = ((X509Credential) credential).getEntityCertificate();
        if (entityCertificate == null) {
            this.log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
            return false;
        }
        try {
            return Arrays.equals(MessageDigest.getInstance(this.algorithm).digest(entityCertificate.getEncoded()), this.x509digest);
        } catch (NoSuchAlgorithmException e) {
            this.log.error("Unable to obtain a digest implementation for algorithm {" + this.algorithm + "}", (Throwable) e);
            return isUnevaluableSatisfies();
        } catch (CertificateEncodingException e2) {
            this.log.error("Unable to encode certificate for digest operation", (Throwable) e2);
            return isUnevaluableSatisfies();
        }
    }

    public String toString() {
        return "EvaluableX509DigestCredentialCriterion [algorithm=" + this.algorithm + ", x509digest=" + Hex.encodeHexString(this.x509digest) + "]";
    }

    public int hashCode() {
        return (((17 * 37) + this.algorithm.hashCode()) * 37) + this.x509digest.hashCode();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || !(obj instanceof EvaluableX509DigestCredentialCriterion)) {
            return false;
        }
        EvaluableX509DigestCredentialCriterion evaluableX509DigestCredentialCriterion = (EvaluableX509DigestCredentialCriterion) obj;
        return this.algorithm.equals(evaluableX509DigestCredentialCriterion.algorithm) && Arrays.equals(this.x509digest, evaluableX509DigestCredentialCriterion.x509digest);
    }
}
