package eu.unicore.security.etd;

import eu.emi.security.authn.x509.ValidationResult;
import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.unicore.samly2.exceptions.SAMLValidationException;
import eu.unicore.samly2.trust.CheckingMode;
import eu.unicore.samly2.trust.DsigSamlTrustCheckerBase;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.w3.x2000.x09.xmldsig.SignatureType;

/* loaded from: input_file:eu/unicore/security/etd/ETDSamlTrustChecker.class */
public class ETDSamlTrustChecker extends DsigSamlTrustCheckerBase {
    protected X509CertChainValidator validator;
    protected X509Certificate[] expectedIssuer;

    public ETDSamlTrustChecker(X509CertChainValidator x509CertChainValidator, X509Certificate[] x509CertificateArr) {
        super(CheckingMode.REQUIRE_SIGNED_ASSERTION);
        this.validator = x509CertChainValidator;
        this.expectedIssuer = x509CertificateArr;
    }

    protected PublicKey establishKey(NameIDType nameIDType, SignatureType signatureType) throws SAMLValidationException {
        ValidationResult validate = this.validator.validate(this.expectedIssuer);
        if (validate.isValid()) {
            return this.expectedIssuer[0].getPublicKey();
        }
        throw new SAMLValidationException("Delegation signature was conducted by an untrusted entity: " + validate.toShortString());
    }
}
