package org.opensaml.security.trust.impl;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.trust.TrustedCredentialTrustEngine;
import org.opensaml.security.x509.X509Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:opensaml-security-impl-3.2.0.jar:org/opensaml/security/trust/impl/ExplicitX509CertificateTrustEngine.class */
public class ExplicitX509CertificateTrustEngine implements TrustedCredentialTrustEngine<X509Credential> {
    private final CredentialResolver credentialResolver;
    private final Logger log = LoggerFactory.getLogger(ExplicitX509CertificateTrustEngine.class);
    private final ExplicitX509CertificateTrustEvaluator trustEvaluator = new ExplicitX509CertificateTrustEvaluator();

    public ExplicitX509CertificateTrustEngine(@Nonnull CredentialResolver credentialResolver) {
        this.credentialResolver = (CredentialResolver) Constraint.isNotNull(credentialResolver, "Credential resolver cannot be null");
    }

    @Override // org.opensaml.security.trust.TrustedCredentialTrustEngine
    @Nonnull
    public CredentialResolver getCredentialResolver() {
        return this.credentialResolver;
    }

    @Override // org.opensaml.security.trust.TrustEngine
    public boolean validate(@Nonnull X509Credential x509Credential, @Nullable CriteriaSet criteriaSet) throws SecurityException {
        if (x509Credential == null) {
            this.log.error("X.509 credential was null, unable to perform validation");
            return false;
        }
        this.log.debug("Attempting to validate untrusted credential");
        try {
            return this.trustEvaluator.validate(x509Credential, getCredentialResolver().resolve(criteriaSet));
        } catch (ResolverException e) {
            throw new SecurityException("Error resolving trusted credentials", e);
        }
    }
}
