package net.shibboleth.idp.profile.spring.factory;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.collection.LazyList;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.FatalBeanException;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/idp-profile-spring-4.3.2.jar:net/shibboleth/idp/profile/spring/factory/BasicX509CredentialFactoryBean.class */
public class BasicX509CredentialFactoryBean extends AbstractX509CredentialFactoryBean {
    private final Logger log = LoggerFactory.getLogger((Class<?>) BasicX509CredentialFactoryBean.class);
    private Resource entityResource;
    private List<Resource> certificateResources;
    private Resource privateKeyResource;
    private List<Resource> crlResources;

    public void setEntity(@Nonnull Resource resource) {
        this.entityResource = resource;
    }

    public void setCertificates(@NotEmpty @Nullable List<Resource> list) {
        this.certificateResources = list;
    }

    public void setPrivateKey(@Nullable Resource resource) {
        this.privateKeyResource = resource;
    }

    public void setCRLs(@NotEmpty @Nullable List<Resource> list) {
        this.crlResources = list;
    }

    public void setPrivateKeyResource(@Nonnull Resource resource) {
        setPrivateKey(resource);
    }

    public void setPrivateKeyPassword(@Nullable String str) {
        setPrivateKeyPassword(str.toCharArray());
    }

    public void setCertificateResource(@Nonnull Resource resource) {
        setCertificates(Collections.singletonList(resource));
    }

    public void setEntityId(@Nullable String str) {
        setEntityID(str);
    }

    @Override // org.springframework.beans.factory.config.AbstractFactoryBean, org.springframework.beans.factory.FactoryBean
    public boolean isSingleton() {
        return true;
    }

    @Override // net.shibboleth.idp.profile.spring.factory.AbstractX509CredentialFactoryBean
    @Nullable
    protected X509Certificate getEntityCertificate() {
        if (null == this.entityResource) {
            return null;
        }
        try {
            Collection<X509Certificate> decodeCertificates = X509Support.decodeCertificates(this.entityResource.getInputStream());
            if (decodeCertificates.size() <= 1) {
                return decodeCertificates.iterator().next();
            }
            this.log.error("{}: Configuration element indicated an entityCertificate, but multiple certificates were decoded", getConfigDescription());
            throw new FatalBeanException("Configuration element indicated an entityCertificate, but multiple certificates were decoded");
        } catch (IOException | CertificateException e) {
            this.log.error("{}: Could not decode provided Entity Certificate at {}: {}", getConfigDescription(), this.entityResource.getDescription(), e.getMessage());
            throw new FatalBeanException("Could not decode provided Entity Certificate file " + this.entityResource.getDescription(), e);
        }
    }

    @Override // net.shibboleth.idp.profile.spring.factory.AbstractX509CredentialFactoryBean
    @Nonnull
    protected List<X509Certificate> getCertificates() {
        if (this.certificateResources == null) {
            return Collections.emptyList();
        }
        LazyList lazyList = new LazyList();
        for (Resource resource : this.certificateResources) {
            try {
                InputStream inputStream = resource.getInputStream();
                try {
                    lazyList.addAll(X509Support.decodeCertificates(inputStream));
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } finally {
                }
            } catch (IOException | CertificateException e) {
                this.log.error("{}: could not decode CertificateFile at {}: {}", getConfigDescription(), resource.getDescription(), e.getMessage());
                throw new FatalBeanException("Could not decode provided CertificateFile: " + resource.getDescription(), e);
            }
        }
        return lazyList;
    }

    @Override // net.shibboleth.idp.profile.spring.factory.AbstractX509CredentialFactoryBean
    @Nullable
    protected PrivateKey getPrivateKey() {
        if (null == this.privateKeyResource) {
            return null;
        }
        try {
            InputStream inputStream = this.privateKeyResource.getInputStream();
            try {
                PrivateKey decodePrivateKey = KeySupport.decodePrivateKey(inputStream, getPrivateKeyPassword());
                if (inputStream != null) {
                    inputStream.close();
                }
                return decodePrivateKey;
            } finally {
            }
        } catch (IOException | KeyException e) {
            this.log.error("{}: Could not decode KeyFile at {}: {}", getConfigDescription(), this.privateKeyResource.getDescription(), e.getMessage());
            throw new FatalBeanException("Could not decode provided KeyFile " + this.privateKeyResource.getDescription(), e);
        }
    }

    @Override // net.shibboleth.idp.profile.spring.factory.AbstractX509CredentialFactoryBean
    @Nullable
    protected List<X509CRL> getCRLs() {
        if (null == this.crlResources) {
            return null;
        }
        LazyList lazyList = new LazyList();
        for (Resource resource : this.crlResources) {
            try {
                InputStream inputStream = resource.getInputStream();
                try {
                    lazyList.addAll(X509Support.decodeCRLs(inputStream));
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } finally {
                }
            } catch (IOException | CRLException e) {
                this.log.error("{}: Could not decode CRL file at {}: {}", getConfigDescription(), resource.getDescription(), e.getMessage());
                throw new FatalBeanException("Could not decode provided CRL file " + resource.getDescription(), e);
            }
        }
        return lazyList;
    }
}
