package org.opensaml.common.binding.security;

import javax.servlet.ServletRequest;
import javax.xml.namespace.QName;
import org.apache.log4j.Logger;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.security.SecurityPolicyContext;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.security.provider.BasicSecurityPolicy;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.util.DatatypeHelper;

/* loaded from: input_file:org/opensaml/common/binding/security/SAMLSecurityPolicy.class */
public class SAMLSecurityPolicy extends BasicSecurityPolicy<ServletRequest> {
    private final Logger log;
    private MetadataProvider metadataProvider;
    private QName issuerRole;
    private String issuerProtocol;
    private RoleDescriptor issuerRoleMetadata;

    public SAMLSecurityPolicy(QName qName, String str) {
        super(true);
        this.log = Logger.getLogger(SAMLSecurityPolicy.class);
        this.issuerRole = qName;
        this.issuerProtocol = DatatypeHelper.safeTrimOrNullString(str);
        if (this.issuerRole == null || this.issuerProtocol == null) {
            throw new IllegalArgumentException("Issuer role and protocol may not be null");
        }
    }

    public SAMLSecurityPolicy(QName qName, String str, boolean z) {
        super(z);
        this.log = Logger.getLogger(SAMLSecurityPolicy.class);
        this.issuerRole = qName;
        this.issuerProtocol = DatatypeHelper.safeTrimOrNullString(str);
        if (this.issuerRole == null || this.issuerProtocol == null) {
            throw new IllegalArgumentException("Issuer role and protocol may not be null");
        }
    }

    public void evaluate(ServletRequest servletRequest, XMLObject xMLObject) throws SecurityPolicyException {
        super.evaluate(servletRequest, xMLObject);
        try {
            if (this.metadataProvider != null) {
                this.issuerRoleMetadata = this.metadataProvider.getRole(getIssuer(), this.issuerRole, this.issuerProtocol);
            }
        } catch (MetadataProviderException e) {
            this.log.warn("Could not look up role metadata for issuer " + getIssuer(), e);
        }
    }

    public MetadataProvider getMetadataProvider() {
        return this.metadataProvider;
    }

    public void setMetadataProvider(MetadataProvider metadataProvider) {
        this.metadataProvider = metadataProvider;
    }

    public RoleDescriptor getIssuerRoleMetadata() {
        return this.issuerRoleMetadata;
    }

    protected SecurityPolicyContext createNewContext() {
        SAMLSecurityPolicyContext sAMLSecurityPolicyContext = new SAMLSecurityPolicyContext();
        sAMLSecurityPolicyContext.setMetadataProvider(this.metadataProvider);
        sAMLSecurityPolicyContext.setIssuerProtocol(this.issuerProtocol);
        sAMLSecurityPolicyContext.setIssuerRole(this.issuerRole);
        return sAMLSecurityPolicyContext;
    }
}
