package org.opensaml.security.x509.tls.impl;

import java.util.Collections;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.security.x509.tls.CertificateNameOptions;
import org.opensaml.security.x509.tls.ClientTLSValidationConfiguration;
import org.opensaml.security.x509.tls.ClientTLSValidationConfigurationCriterion;
import org.opensaml.security.x509.tls.ClientTLSValidationParameters;
import org.opensaml.security.x509.tls.ClientTLSValidationParametersResolver;

/* loaded from: input_file:WEB-INF/lib/opensaml-security-impl-4.3.2.jar:org/opensaml/security/x509/tls/impl/BasicClientTLSValidationParametersResolver.class */
public class BasicClientTLSValidationParametersResolver implements ClientTLSValidationParametersResolver {
    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    @NonnullElements
    @Nonnull
    public Iterable<ClientTLSValidationParameters> resolve(CriteriaSet criteriaSet) throws ResolverException {
        ClientTLSValidationParameters resolveSingle = resolveSingle(criteriaSet);
        return resolveSingle != null ? Collections.singletonList(resolveSingle) : Collections.emptyList();
    }

    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    @Nonnull
    public ClientTLSValidationParameters resolveSingle(CriteriaSet criteriaSet) throws ResolverException {
        Constraint.isNotNull(criteriaSet, "CriteriaSet was null");
        Constraint.isNotNull((ClientTLSValidationConfigurationCriterion) criteriaSet.get(ClientTLSValidationConfigurationCriterion.class), "Resolver requires an instance of ClientTLSValidationConfigurationCriterion");
        ClientTLSValidationParameters clientTLSValidationParameters = new ClientTLSValidationParameters();
        clientTLSValidationParameters.setX509TrustEngine(resolveTrustEngine(criteriaSet));
        clientTLSValidationParameters.setCertificateNameOptions(resolveNameOptions(criteriaSet));
        return clientTLSValidationParameters;
    }

    @Nullable
    protected TrustEngine<? super X509Credential> resolveTrustEngine(@Nonnull CriteriaSet criteriaSet) {
        for (ClientTLSValidationConfiguration clientTLSValidationConfiguration : ((ClientTLSValidationConfigurationCriterion) criteriaSet.get(ClientTLSValidationConfigurationCriterion.class)).getConfigurations()) {
            if (clientTLSValidationConfiguration.getX509TrustEngine() != null) {
                return clientTLSValidationConfiguration.getX509TrustEngine();
            }
        }
        return null;
    }

    @Nullable
    protected CertificateNameOptions resolveNameOptions(@Nonnull CriteriaSet criteriaSet) {
        for (ClientTLSValidationConfiguration clientTLSValidationConfiguration : ((ClientTLSValidationConfigurationCriterion) criteriaSet.get(ClientTLSValidationConfigurationCriterion.class)).getConfigurations()) {
            if (clientTLSValidationConfiguration.getCertificateNameOptions() != null) {
                return clientTLSValidationConfiguration.getCertificateNameOptions();
            }
        }
        return null;
    }
}
