package org.apache.cxf.fediz.core.saml;

import java.util.ArrayList;
import java.util.Collection;
import java.util.regex.Pattern;
import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.validate.Credential;

/* loaded from: input_file:WEB-INF/lib/fediz-core-1.5.1.jar:org/apache/cxf/fediz/core/saml/SamlAssertionValidator.class */
public class SamlAssertionValidator extends org.apache.wss4j.dom.validate.SamlAssertionValidator {
    private FedizSignatureTrustValidator.TrustType signatureTrustType = FedizSignatureTrustValidator.TrustType.CHAIN_TRUST;
    private Collection<Pattern> subjectDNPatterns = new ArrayList();

    public void setSubjectConstraints(Collection<Pattern> collection) {
        if (collection != null) {
            this.subjectDNPatterns.clear();
            this.subjectDNPatterns.addAll(collection);
        }
    }

    public void setSignatureTrustType(FedizSignatureTrustValidator.TrustType trustType) {
        this.signatureTrustType = trustType;
    }

    protected Credential verifySignedAssertion(SamlAssertionWrapper samlAssertionWrapper, RequestData requestData) throws WSSecurityException {
        Credential credential = new Credential();
        SAMLKeyInfo signatureKeyInfo = samlAssertionWrapper.getSignatureKeyInfo();
        credential.setPublicKey(signatureKeyInfo.getPublicKey());
        credential.setCertificates(signatureKeyInfo.getCerts());
        FedizSignatureTrustValidator fedizSignatureTrustValidator = new FedizSignatureTrustValidator();
        fedizSignatureTrustValidator.setSignatureTrustType(this.signatureTrustType);
        fedizSignatureTrustValidator.setSubjectConstraints(this.subjectDNPatterns);
        return fedizSignatureTrustValidator.validate(credential, requestData);
    }
}
