package net.shibboleth.idp.cas.proxy;

import java.net.URI;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.login.FailedLoginException;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.x509.X509Credential;

/* loaded from: input_file:net/shibboleth/idp/cas/proxy/AbstractProxyAuthenticator.class */
public abstract class AbstractProxyAuthenticator implements ProxyAuthenticator<TrustEngine<X509Credential>> {
    protected static final String HTTPS_SCHEME = "https";

    @NotEmpty
    @NonnullElements
    private Set<Integer> allowedResponseCodes = Collections.singleton(200);

    public void setAllowedResponseCodes(@NotEmpty @NonnullElements Set<Integer> set) {
        Constraint.isNotEmpty(set, "Response codes cannot be null or empty.");
        Constraint.noNullItems(set.toArray(), "Response codes cannot contain null elements.");
        this.allowedResponseCodes = set;
    }

    public final void authenticate(@Nonnull URI uri, @Nullable TrustEngine<X509Credential> trustEngine) throws GeneralSecurityException {
        Constraint.isNotNull(uri, "URI to authenticate cannot be null.");
        if (!HTTPS_SCHEME.equalsIgnoreCase(uri.getScheme())) {
            throw new GeneralSecurityException(uri + " is not an https URI as required.");
        }
        int authenticateProxyCallback = authenticateProxyCallback(uri, trustEngine);
        if (!this.allowedResponseCodes.contains(Integer.valueOf(authenticateProxyCallback))) {
            throw new FailedLoginException(uri + " returned unacceptable HTTP status code " + authenticateProxyCallback);
        }
    }

    protected abstract int authenticateProxyCallback(@Nonnull URI uri, @Nullable TrustEngine<X509Credential> trustEngine) throws GeneralSecurityException;
}
