package org.apache.cxf.sts.token.realm;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import org.apache.cxf.common.logging.LogUtils;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-services-sts-core-3.1.5.redhat-630310-04.jar:org/apache/cxf/sts/token/realm/CertConstraintsParser.class */
public class CertConstraintsParser {
    private static final Logger LOG = LogUtils.getL7dLogger(CertConstraintsParser.class);
    private Collection<Pattern> subjectDNPatterns = new ArrayList();

    public void setSubjectConstraints(List<String> list) {
        if (list != null) {
            this.subjectDNPatterns = new ArrayList();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                try {
                    this.subjectDNPatterns.add(Pattern.compile(it.next().trim()));
                } catch (PatternSyntaxException e) {
                    LOG.severe(e.getMessage());
                    throw e;
                }
            }
        }
    }

    public Collection<Pattern> getCompiledSubjectContraints() {
        return this.subjectDNPatterns;
    }

    public boolean matches(X509Certificate x509Certificate) {
        if (this.subjectDNPatterns.isEmpty()) {
            return true;
        }
        if (x509Certificate == null) {
            LOG.fine("The certificate is null so no constraints matching was possible");
            return false;
        }
        String name = x509Certificate.getSubjectX500Principal().getName();
        boolean z = false;
        Iterator<Pattern> it = this.subjectDNPatterns.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Pattern next = it.next();
            if (next.matcher(name).matches()) {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("Subject DN " + name + " matches with pattern " + next);
                }
                z = true;
            }
        }
        return z;
    }
}
