package org.opensaml.common.binding.security;

import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.ws.message.MessageContext;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.security.provider.BaseTrustEngineRule;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.security.trust.TrustEngine;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-219.zip:modules/system/layers/fuse/org/opensaml/2.6/opensaml-2.6.1.jar:org/opensaml/common/binding/security/BaseSAMLXMLSignatureSecurityPolicyRule.class */
public abstract class BaseSAMLXMLSignatureSecurityPolicyRule extends BaseTrustEngineRule<Signature> {
    private final Logger log;

    public BaseSAMLXMLSignatureSecurityPolicyRule(TrustEngine<Signature> trustEngine) {
        super(trustEngine);
        this.log = LoggerFactory.getLogger(BaseSAMLXMLSignatureSecurityPolicyRule.class);
    }

    @Override // org.opensaml.ws.security.provider.BaseTrustEngineRule
    protected CriteriaSet buildCriteriaSet(String str, MessageContext messageContext) throws SecurityPolicyException {
        if (!(messageContext instanceof SAMLMessageContext)) {
            this.log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
            throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
        }
        SAMLMessageContext sAMLMessageContext = (SAMLMessageContext) messageContext;
        CriteriaSet criteriaSet = new CriteriaSet();
        if (!DatatypeHelper.isEmpty(str)) {
            criteriaSet.add(new EntityIDCriteria(str));
        }
        criteriaSet.add(new MetadataCriteria(sAMLMessageContext.getPeerEntityRole(), sAMLMessageContext.getInboundSAMLProtocol()));
        criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        return criteriaSet;
    }
}
