package org.opensaml.lite.security.credential.criteria;

import java.security.cert.X509Certificate;
import java.util.Arrays;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.security.EvaluableCredentialCriteria;
import org.opensaml.lite.security.x509.X509Credential;
import org.opensaml.lite.security.x509.X509SubjectKeyIdentifierCriteria;
import org.opensaml.lite.security.x509.X509Util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.12.13.jar:org/opensaml/lite/security/credential/criteria/EvaluableX509SubjectKeyIdentifierCredentialCriteria.class */
public class EvaluableX509SubjectKeyIdentifierCredentialCriteria implements EvaluableCredentialCriteria {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private byte[] ski;

    public EvaluableX509SubjectKeyIdentifierCredentialCriteria(X509SubjectKeyIdentifierCriteria x509SubjectKeyIdentifierCriteria) {
        if (x509SubjectKeyIdentifierCriteria == null) {
            throw new NullPointerException("Criteria instance may not be null");
        }
        this.ski = x509SubjectKeyIdentifierCriteria.getSubjectKeyIdentifier();
    }

    public EvaluableX509SubjectKeyIdentifierCredentialCriteria(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Subject key identifier may not be null or empty");
        }
        this.ski = bArr;
    }

    @Override // org.opensaml.lite.security.EvaluableCriteria
    public Boolean evaluate(Credential credential) {
        if (credential == null) {
            this.log.error("Credential target was null");
            return null;
        }
        if (!(credential instanceof X509Credential)) {
            this.log.info("Credential is not an X509Credential, does not satisfy subject key identifier criteria");
            return Boolean.FALSE;
        }
        X509Certificate entityCertificate = ((X509Credential) credential).getEntityCertificate();
        if (entityCertificate == null) {
            this.log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
            return Boolean.FALSE;
        }
        byte[] subjectKeyIdentifier = X509Util.getSubjectKeyIdentifier(entityCertificate);
        if (subjectKeyIdentifier != null && subjectKeyIdentifier.length != 0) {
            return Boolean.valueOf(Arrays.equals(this.ski, subjectKeyIdentifier));
        }
        this.log.info("Could not evaluate criteria, certificate contained no subject key identifier extension");
        return null;
    }
}
