package org.projecthusky.xua.validation.condition;

import java.util.Optional;
import javax.annotation.concurrent.ThreadSafe;
import javax.xml.namespace.QName;
import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.common.assertion.ValidationResult;
import org.opensaml.saml.saml2.assertion.ConditionValidator;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import org.opensaml.saml.saml2.core.Condition;
import org.projecthusky.common.utils.OptionalUtils;
import org.projecthusky.xua.validation.ChEprAssertionValidationParameters;

@ThreadSafe
/* loaded from: input_file:org/projecthusky/xua/validation/condition/ChEprAudienceRestrictionConditionValidator.class */
public class ChEprAudienceRestrictionConditionValidator implements ConditionValidator {
    public QName getServicedCondition() {
        return AudienceRestriction.DEFAULT_ELEMENT_NAME;
    }

    public ValidationResult validate(Condition condition, Assertion assertion, ValidationContext validationContext) {
        if (!(condition instanceof AudienceRestriction)) {
            return ValidationResult.INDETERMINATE;
        }
        String str = (String) Optional.ofNullable(((AudienceRestriction) condition).getAudiences()).map(OptionalUtils::getListOnlyElement).map((v0) -> {
            return v0.getURI();
        }).orElse(null);
        if (str == null) {
            validationContext.setValidationFailureMessage("The AudienceRestriction Condition doesn't contain a valid URI");
            return ValidationResult.INVALID;
        }
        validationContext.getDynamicParameters().put(ChEprAssertionValidationParameters.CH_EPR_AUDIENCE, str);
        return ValidationResult.VALID;
    }
}
