package org.opensaml.spring.credential;

import com.google.common.io.ByteStreams;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.SecretKey;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.resource.Resource;
import org.cryptacular.util.KeyPairUtil;
import org.opensaml.security.crypto.KeySupport;
import org.slf4j.Logger;
import org.springframework.beans.factory.BeanCreationException;

/* loaded from: input_file:WEB-INF/lib/opensaml-spring-5.1.0.jar:org/opensaml/spring/credential/BasicResourceCredentialFactoryBean.class */
public class BasicResourceCredentialFactoryBean extends AbstractBasicCredentialFactoryBean {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) BasicResourceCredentialFactoryBean.class);

    @Nullable
    private Resource publicKeyInfo;

    @Nullable
    private Resource privateKeyInfo;

    @Nullable
    private Resource secretKeyInfo;

    @Nullable
    public Resource getPublicKeyInfo() {
        return this.publicKeyInfo;
    }

    public void setPublicKeyInfo(@Nullable Resource resource) {
        this.publicKeyInfo = resource;
    }

    @Nullable
    public Resource getPrivateKeyInfo() {
        return this.privateKeyInfo;
    }

    public void setPrivateKeyInfo(@Nullable Resource resource) {
        this.privateKeyInfo = resource;
    }

    @Nullable
    public Resource getSecretKeyInfo() {
        return this.secretKeyInfo;
    }

    public void setSecretKeyInfo(@Nullable Resource resource) {
        this.secretKeyInfo = resource;
    }

    @Override // org.opensaml.spring.credential.AbstractBasicCredentialFactoryBean
    @Nullable
    protected PublicKey getPublicKey() {
        Resource publicKeyInfo = getPublicKeyInfo();
        if (null == publicKeyInfo) {
            return null;
        }
        try {
            InputStream inputStream = publicKeyInfo.getInputStream();
            try {
                PublicKey readPublicKey = KeyPairUtil.readPublicKey(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                return readPublicKey;
            } finally {
            }
        } catch (IOException e) {
            this.log.error("{}: Could not decode public key: {}", getConfigDescription(), e.getMessage());
            throw new BeanCreationException("Could not decode public key", e);
        }
    }

    @Override // org.opensaml.spring.credential.AbstractBasicCredentialFactoryBean
    @Nullable
    protected PrivateKey getPrivateKey() {
        Resource privateKeyInfo = getPrivateKeyInfo();
        if (null == privateKeyInfo) {
            return null;
        }
        try {
            InputStream inputStream = privateKeyInfo.getInputStream();
            try {
                PrivateKey decodePrivateKey = KeySupport.decodePrivateKey(inputStream, getPrivateKeyPassword());
                if (inputStream != null) {
                    inputStream.close();
                }
                return decodePrivateKey;
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | KeyException e) {
            this.log.error("{}: Could not decode private key: {}", getConfigDescription(), e.getMessage());
            throw new BeanCreationException("Could not decode private key", e);
        }
    }

    @Override // org.opensaml.spring.credential.AbstractBasicCredentialFactoryBean
    @Nullable
    protected SecretKey getSecretKey() {
        Resource secretKeyInfo = getSecretKeyInfo();
        if (null == secretKeyInfo) {
            return null;
        }
        try {
            InputStream inputStream = secretKeyInfo.getInputStream();
            try {
                String secretKeyAlgorithm = getSecretKeyAlgorithm();
                if (secretKeyAlgorithm == null) {
                    throw new KeyException("Key algorithm was null");
                }
                SecretKey decodeSecretKey = KeySupport.decodeSecretKey(decodeSecretKey(ByteStreams.toByteArray(inputStream)), secretKeyAlgorithm);
                if (inputStream != null) {
                    inputStream.close();
                }
                return decodeSecretKey;
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | KeyException e) {
            this.log.error("{}: Could not decode secret key: {}", getConfigDescription(), e.getMessage());
            throw new BeanCreationException("Could not decode secret key", e);
        }
    }
}
