package org.opensaml.ws.security.provider;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletRequest;
import org.opensaml.ws.security.SecurityPolicy;
import org.opensaml.ws.security.SecurityPolicyContext;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.security.SecurityPolicyRule;
import org.opensaml.xml.XMLObject;

/* loaded from: input_file:org/opensaml/ws/security/provider/BasicSecurityPolicy.class */
public class BasicSecurityPolicy<RequestType extends ServletRequest> implements SecurityPolicy<RequestType> {
    private boolean requireAuthenticatedIssuer;
    private String issuer;
    private Boolean issuerAuthenticated;
    private SecurityPolicyContext policyContext;
    private List<SecurityPolicyRule<RequestType>> securityRules;

    public BasicSecurityPolicy() {
        this.requireAuthenticatedIssuer = true;
        this.securityRules = new ArrayList();
        this.policyContext = createNewContext();
    }

    public BasicSecurityPolicy(boolean z) {
        this.requireAuthenticatedIssuer = z;
        this.securityRules = new ArrayList();
    }

    @Override // org.opensaml.ws.security.SecurityPolicy
    public SecurityPolicyContext getSecurityPolicyContext() {
        return this.policyContext;
    }

    @Override // org.opensaml.ws.security.SecurityPolicy
    public String getIssuer() {
        return this.issuer;
    }

    @Override // org.opensaml.ws.security.SecurityPolicy
    public Boolean isIssuerAuthenticated() {
        return this.issuerAuthenticated;
    }

    @Override // org.opensaml.ws.security.SecurityPolicy
    public List<SecurityPolicyRule<RequestType>> getPolicyRules() {
        return this.securityRules;
    }

    @Override // org.opensaml.ws.security.SecurityPolicy
    public void evaluate(RequestType requesttype, XMLObject xMLObject) throws SecurityPolicyException {
        this.policyContext = createNewContext();
        ArrayList arrayList = new ArrayList(this.securityRules.size());
        Iterator<SecurityPolicyRule<RequestType>> it = this.securityRules.iterator();
        while (it.hasNext()) {
            it.next().evaluate(requesttype, xMLObject, this.policyContext);
            arrayList.add(this.policyContext.isIssuerAuthenticated());
            if (this.issuer != null && this.policyContext.getIssuer() != null && !this.issuer.equals(this.policyContext.getIssuer())) {
                throw new SecurityPolicyException("Policy rules presented two or more, different, issuer IDs");
            }
            this.issuer = this.policyContext.getIssuer();
        }
        if (arrayList.contains(Boolean.FALSE)) {
            this.issuerAuthenticated = Boolean.FALSE;
        } else if (arrayList.contains(Boolean.TRUE)) {
            this.issuerAuthenticated = Boolean.TRUE;
        } else {
            this.issuerAuthenticated = null;
        }
        if (this.requireAuthenticatedIssuer && this.issuerAuthenticated != Boolean.TRUE) {
            throw new SecurityPolicyException("Issuer was not authenticated by security policy rules.");
        }
    }

    protected SecurityPolicyContext createNewContext() {
        return new SecurityPolicyContext();
    }
}
