package net.shibboleth.idp.authn.impl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.resource.Resource;
import org.ldaptive.ssl.CredentialConfig;
import org.ldaptive.ssl.KeyStoreCredentialReader;
import org.ldaptive.ssl.KeyStoreSSLContextInitializer;
import org.ldaptive.ssl.SSLContextInitializer;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-4.3.2.jar:net/shibboleth/idp/authn/impl/KeystoreResourceCredentialConfig.class */
public class KeystoreResourceCredentialConfig implements CredentialConfig {
    private final KeyStoreCredentialReader keyStoreReader = new KeyStoreCredentialReader();
    private Resource truststore;
    private String truststorePassword;
    private String truststoreType;
    private String[] truststoreAliases;
    private Resource keystore;
    private String keystorePassword;
    private String keystoreType;
    private String[] keystoreAliases;

    public void setTruststore(@NotEmpty @Nonnull Resource resource) {
        this.truststore = (Resource) Constraint.isNotNull(resource, "Truststore resource cannot be null");
    }

    public void setTruststorePassword(@NotEmpty @Nonnull String str) {
        this.truststorePassword = (String) Constraint.isNotNull(str, "Truststore password cannot be null");
    }

    public void setTruststoreType(@NotEmpty @Nonnull String str) {
        this.truststoreType = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Truststore type cannot be null or empty");
    }

    public void setTruststoreAliases(@NotEmpty @Nonnull String[] strArr) {
        this.truststoreAliases = (String[]) Constraint.isNotNull(strArr, "Truststore aliases cannot be null or empty");
    }

    public void setKeystore(@NotEmpty @Nonnull Resource resource) {
        this.keystore = (Resource) Constraint.isNotNull(resource, "Keystore resource cannot be null");
    }

    public void setKeystorePassword(@NotEmpty @Nonnull String str) {
        this.keystorePassword = (String) Constraint.isNotNull(str, "Keystore password cannot be null");
    }

    public void setKeystoreType(@NotEmpty @Nonnull String str) {
        this.keystoreType = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Keystore type cannot be null or empty");
    }

    public void setKeystoreAliases(@NotEmpty @Nonnull String[] strArr) {
        this.keystoreAliases = (String[]) Constraint.isNotNull(strArr, "Keystore aliases cannot be null or empty");
    }

    @Override // org.ldaptive.ssl.CredentialConfig
    public SSLContextInitializer createSSLContextInitializer() throws GeneralSecurityException {
        KeyStoreSSLContextInitializer keyStoreSSLContextInitializer = new KeyStoreSSLContextInitializer();
        try {
            if (this.truststore != null) {
                keyStoreSSLContextInitializer.setTrustKeystore(this.keyStoreReader.read(this.truststore.getInputStream(), this.truststorePassword, this.truststoreType));
                keyStoreSSLContextInitializer.setTrustAliases(this.truststoreAliases);
            }
            if (this.keystore != null) {
                keyStoreSSLContextInitializer.setAuthenticationKeystore(this.keyStoreReader.read(this.keystore.getInputStream(), this.keystorePassword, this.keystoreType));
                keyStoreSSLContextInitializer.setAuthenticationPassword(this.keystorePassword != null ? this.keystorePassword.toCharArray() : null);
                keyStoreSSLContextInitializer.setAuthenticationAliases(this.keystoreAliases);
            }
            return keyStoreSSLContextInitializer;
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }
}
