package org.opensaml.common.binding.security;

import javax.servlet.ServletRequest;
import org.apache.log4j.Logger;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.ws.security.SecurityPolicyContext;
import org.opensaml.ws.security.SecurityPolicyRule;
import org.opensaml.ws.security.provider.ClientCertAuthRule;
import org.opensaml.ws.security.provider.ClientCertAuthRuleFactory;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.trust.TrustEngine;
import org.opensaml.xml.security.x509.X509Credential;

/* loaded from: input_file:org/opensaml/common/binding/security/SAMLMDClientCertAuthRuleFactory.class */
public class SAMLMDClientCertAuthRuleFactory extends ClientCertAuthRuleFactory {

    /* loaded from: input_file:org/opensaml/common/binding/security/SAMLMDClientCertAuthRuleFactory$SAMLMDClientCertAuthRule.class */
    public class SAMLMDClientCertAuthRule extends ClientCertAuthRule {
        private Logger log;

        public SAMLMDClientCertAuthRule(TrustEngine<X509Credential> trustEngine, ClientCertAuthRuleFactory.CertificateNameOptions certificateNameOptions) {
            super(trustEngine, certificateNameOptions);
            this.log = Logger.getLogger(SAMLMDClientCertAuthRule.class);
        }

        protected CriteriaSet buildCriteriaSet(String str, ServletRequest servletRequest, XMLObject xMLObject, SecurityPolicyContext securityPolicyContext) {
            SAMLSecurityPolicyContext sAMLSecurityPolicyContext = (SAMLSecurityPolicyContext) securityPolicyContext;
            if (sAMLSecurityPolicyContext == null) {
                this.log.error("Supplied context was not an instance of SAMLSecurityPolicyContext");
                throw new IllegalArgumentException("Supplied context was not an instance of SAMLSecurityPolicyContext");
            }
            CriteriaSet buildCriteriaSet = super.buildCriteriaSet(str, servletRequest, xMLObject, securityPolicyContext);
            buildCriteriaSet.add(new MetadataCriteria(sAMLSecurityPolicyContext.getIssuerRole(), sAMLSecurityPolicyContext.getIssuerProtocol()));
            return buildCriteriaSet;
        }
    }

    public SecurityPolicyRule<ServletRequest> createRuleInstance() {
        return new SAMLMDClientCertAuthRule(getTrustEngine(), getCertificateNameOptions());
    }
}
