package org.opensaml.security.credential.criteria.impl;

import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.logic.AbstractTriStatePredicate;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.apache.commons.codec.binary.Hex;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.security.x509.X509SubjectKeyIdentifierCriterion;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/security/credential/criteria/impl/EvaluableX509SubjectKeyIdentifierCredentialCriterion.class */
public class EvaluableX509SubjectKeyIdentifierCredentialCriterion extends AbstractTriStatePredicate<Credential> implements EvaluableCredentialCriterion {
    private final Logger log = LoggerFactory.getLogger(EvaluableX509SubjectKeyIdentifierCredentialCriterion.class);
    private final byte[] ski;

    public EvaluableX509SubjectKeyIdentifierCredentialCriterion(@Nonnull X509SubjectKeyIdentifierCriterion x509SubjectKeyIdentifierCriterion) {
        this.ski = ((X509SubjectKeyIdentifierCriterion) Constraint.isNotNull(x509SubjectKeyIdentifierCriterion, "Criterion instance cannot be null")).getSubjectKeyIdentifier();
    }

    public EvaluableX509SubjectKeyIdentifierCredentialCriterion(@Nonnull byte[] bArr) {
        this.ski = Constraint.isNotEmpty(bArr, "Subject key identifier cannot be null or empty");
    }

    @Nullable
    public boolean apply(@Nullable Credential credential) {
        if (credential == null) {
            this.log.error("Credential target was null");
            return isNullInputSatisfies();
        }
        if (!(credential instanceof X509Credential)) {
            this.log.info("Credential is not an X509Credential, does not satisfy subject key identifier criteria");
            return false;
        }
        X509Certificate entityCertificate = ((X509Credential) credential).getEntityCertificate();
        if (entityCertificate == null) {
            this.log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
            return false;
        }
        byte[] subjectKeyIdentifier = X509Support.getSubjectKeyIdentifier(entityCertificate);
        if (subjectKeyIdentifier != null && subjectKeyIdentifier.length != 0) {
            return Arrays.equals(this.ski, subjectKeyIdentifier);
        }
        this.log.info("Could not evaluate criteria, certificate contained no subject key identifier extension");
        return isUnevaluableSatisfies();
    }

    public String toString() {
        return "EvaluableX509SubjectKeyIdentifierCredentialCriterion [ski=" + Hex.encodeHexString(this.ski) + "]";
    }

    public int hashCode() {
        return this.ski.hashCode();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj != null && (obj instanceof EvaluableX509SubjectKeyIdentifierCredentialCriterion)) {
            return this.ski.equals(((EvaluableX509SubjectKeyIdentifierCredentialCriterion) obj).ski);
        }
        return false;
    }
}
