package org.opensaml.saml.common.binding.security.impl;

import com.google.common.base.Strings;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.messaging.context.SAMLProtocolContext;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureValidationParametersCriterion;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-441.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-saml-impl-3.1.1.jar:org/opensaml/saml/common/binding/security/impl/BaseSAMLXMLSignatureSecurityHandler.class */
public abstract class BaseSAMLXMLSignatureSecurityHandler extends BaseTrustEngineSecurityHandler<Signature> {

    @Nullable
    private SAMLPeerEntityContext peerContext;

    @Nullable
    private SAMLProtocolContext samlProtocolContext;

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public SAMLPeerEntityContext getSAMLPeerEntityContext() {
        return this.peerContext;
    }

    @Nullable
    protected SAMLProtocolContext getSAMLProtocolContext() {
        return this.samlProtocolContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler
    public boolean doPreInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException {
        if (!super.doPreInvoke(messageContext)) {
            return false;
        }
        this.peerContext = (SAMLPeerEntityContext) messageContext.getSubcontext(SAMLPeerEntityContext.class);
        if (this.peerContext == null || this.peerContext.getRole() == null) {
            throw new MessageHandlerException("SAMLPeerEntityContext was missing or unpopulated");
        }
        this.samlProtocolContext = (SAMLProtocolContext) messageContext.getSubcontext(SAMLProtocolContext.class);
        if (this.samlProtocolContext == null || this.samlProtocolContext.getProtocol() == null) {
            throw new MessageHandlerException("SAMLProtocolContext was missing or unpopulated");
        }
        return true;
    }

    @Override // org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler
    @Nullable
    protected TrustEngine<? super Signature> resolveTrustEngine(@Nonnull MessageContext messageContext) {
        SecurityParametersContext securityParametersContext = (SecurityParametersContext) messageContext.getSubcontext(SecurityParametersContext.class);
        if (securityParametersContext == null || securityParametersContext.getSignatureValidationParameters() == null) {
            return null;
        }
        return securityParametersContext.getSignatureValidationParameters().getSignatureTrustEngine();
    }

    @Override // org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler
    @Nonnull
    protected CriteriaSet buildCriteriaSet(@Nullable String str, @Nonnull MessageContext messageContext) throws MessageHandlerException {
        CriteriaSet criteriaSet = new CriteriaSet();
        if (!Strings.isNullOrEmpty(str)) {
            criteriaSet.add(new EntityIdCriterion(str));
        }
        criteriaSet.add(new EntityRoleCriterion(this.peerContext.getRole()));
        criteriaSet.add(new ProtocolCriterion(this.samlProtocolContext.getProtocol()));
        criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        SecurityParametersContext securityParametersContext = (SecurityParametersContext) messageContext.getSubcontext(SecurityParametersContext.class);
        if (securityParametersContext != null && securityParametersContext.getSignatureValidationParameters() != null) {
            criteriaSet.add(new SignatureValidationParametersCriterion(securityParametersContext.getSignatureValidationParameters()));
        }
        return criteriaSet;
    }
}
