package org.opensaml.security.httpclient.impl;

import java.security.Key;
import java.util.Collection;
import java.util.Collections;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.ObjectSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.httpclient.HttpClientSecurityConfiguration;
import org.opensaml.security.httpclient.HttpClientSecurityConfigurationCriterion;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.security.httpclient.HttpClientSecurityParametersResolver;
import org.opensaml.security.httpclient.TLSCriteriaSetCriterion;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.x509.X509Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/opensaml-security-impl-3.4.6.jar:org/opensaml/security/httpclient/impl/BasicHttpClientSecurityParametersResolver.class */
public class BasicHttpClientSecurityParametersResolver implements HttpClientSecurityParametersResolver {
    private Logger log = LoggerFactory.getLogger(BasicHttpClientSecurityParametersResolver.class);

    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    public Iterable<HttpClientSecurityParameters> resolve(@Nonnull CriteriaSet criteriaSet) throws ResolverException {
        HttpClientSecurityParameters resolveSingle = resolveSingle(criteriaSet);
        return resolveSingle != null ? Collections.singletonList(resolveSingle) : Collections.emptyList();
    }

    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    public HttpClientSecurityParameters resolveSingle(@Nonnull CriteriaSet criteriaSet) throws ResolverException {
        Constraint.isNotNull(criteriaSet, "CriteriaSet was null");
        Constraint.isNotNull(criteriaSet.get(HttpClientSecurityConfigurationCriterion.class), "Resolver requires an instance of HttpClientSecurityConfigurationCriterion");
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        resolveAndPopulateParams(httpClientSecurityParameters, criteriaSet);
        if (!validate(httpClientSecurityParameters)) {
            return null;
        }
        logResult(httpClientSecurityParameters);
        return httpClientSecurityParameters;
    }

    protected void resolveAndPopulateParams(@Nonnull HttpClientSecurityParameters httpClientSecurityParameters, @Nonnull CriteriaSet criteriaSet) {
        for (HttpClientSecurityConfiguration httpClientSecurityConfiguration : ((HttpClientSecurityConfigurationCriterion) criteriaSet.get(HttpClientSecurityConfigurationCriterion.class)).getConfigurations()) {
            httpClientSecurityParameters.setClientTLSCredential((X509Credential) ObjectSupport.firstNonNull(httpClientSecurityParameters.getClientTLSCredential(), httpClientSecurityConfiguration.getClientTLSCredential()));
            httpClientSecurityParameters.setCredentialsProvider((CredentialsProvider) ObjectSupport.firstNonNull(httpClientSecurityParameters.getCredentialsProvider(), httpClientSecurityConfiguration.getCredentialsProvider()));
            httpClientSecurityParameters.setHostnameVerifier((X509HostnameVerifier) ObjectSupport.firstNonNull(httpClientSecurityParameters.getHostnameVerifier(), httpClientSecurityConfiguration.getHostnameVerifier()));
            httpClientSecurityParameters.setTLSCipherSuites((Collection) ObjectSupport.firstNonNull(httpClientSecurityParameters.getTLSCipherSuites(), httpClientSecurityConfiguration.getTLSCipherSuites()));
            httpClientSecurityParameters.setTLSProtocols((Collection) ObjectSupport.firstNonNull(httpClientSecurityParameters.getTLSProtocols(), httpClientSecurityConfiguration.getTLSProtocols()));
            httpClientSecurityParameters.setTLSTrustEngine((TrustEngine) ObjectSupport.firstNonNull(httpClientSecurityParameters.getTLSTrustEngine(), httpClientSecurityConfiguration.getTLSTrustEngine()));
            httpClientSecurityParameters.setServerTLSFailureFatal((Boolean) ObjectSupport.firstNonNull(httpClientSecurityParameters.isServerTLSFailureFatal(), httpClientSecurityConfiguration.isServerTLSFailureFatal()));
        }
        if (criteriaSet.contains(TLSCriteriaSetCriterion.class)) {
            httpClientSecurityParameters.setTLSCriteriaSet(((TLSCriteriaSetCriterion) criteriaSet.get(TLSCriteriaSetCriterion.class)).getCriteria());
        }
    }

    protected boolean validate(@Nonnull HttpClientSecurityParameters httpClientSecurityParameters) {
        return true;
    }

    protected void logResult(@Nonnull HttpClientSecurityParameters httpClientSecurityParameters) {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Resolved HttpClientSecurityParameters:");
            Key extractSigningKey = CredentialSupport.extractSigningKey(httpClientSecurityParameters.getClientTLSCredential());
            if (extractSigningKey != null) {
                this.log.debug("\tClient TLS credential with key algorithm: {}", extractSigningKey.getAlgorithm());
            } else {
                this.log.debug("\tClient TLS credential: null");
            }
            this.log.debug("\tHostnameVerifier: {}", httpClientSecurityParameters.getHostnameVerifier() != null ? "present" : "null");
            this.log.debug("\tTLS TrustEngine: {}", httpClientSecurityParameters.getTLSTrustEngine() != null ? "present" : "null");
            this.log.debug("\tTLS CriteriaSet: {}", httpClientSecurityParameters.getTLSCriteriaSet() != null ? "present" : "null");
            this.log.debug("\tServer TLS Failure Fatal: {}", httpClientSecurityParameters.isServerTLSFailureFatal());
            this.log.debug("\tTLS cipher suites: {}", httpClientSecurityParameters.getTLSCipherSuites());
            this.log.debug("\tTLS protocols: {}", httpClientSecurityParameters.getTLSProtocols());
            this.log.debug("\tAuthCache: {}", httpClientSecurityParameters.getAuthCache() != null ? "present" : "null");
            this.log.debug("\tCredentialsProvider: {}", httpClientSecurityParameters.getCredentialsProvider() != null ? "present" : "null");
        }
    }
}
