package org.opensaml.spring.credential;

import java.io.UnsupportedEncodingException;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.SecretKey;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.crypto.KeySupport;
import org.slf4j.Logger;
import org.springframework.beans.factory.BeanCreationException;

/* loaded from: input_file:WEB-INF/lib/opensaml-spring-5.1.3.jar:org/opensaml/spring/credential/AbstractBasicCredentialFactoryBean.class */
public abstract class AbstractBasicCredentialFactoryBean extends AbstractCredentialFactoryBean<BasicCredential> {

    @Nullable
    private String secretKeyAlgorithm;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) AbstractBasicCredentialFactoryBean.class);

    @Nullable
    private SecretKeyEncoding secretKeyEncoding = SecretKeyEncoding.base64;

    /* loaded from: input_file:WEB-INF/lib/opensaml-spring-5.1.3.jar:org/opensaml/spring/credential/AbstractBasicCredentialFactoryBean$SecretKeyEncoding.class */
    public enum SecretKeyEncoding {
        binary,
        hex,
        base64
    }

    @Nonnull
    protected byte[] decodeSecretKey(String str) {
        Constraint.isNotNull(str, "SecretKey data was null");
        switch (getSecretKeyEncoding()) {
            case binary:
                try {
                    return str.getBytes("UTF-8");
                } catch (UnsupportedEncodingException e) {
                    throw new UnsupportedOperationException(e);
                }
            case hex:
                return Hex.decode(str);
            case base64:
                return Base64.decodeBase64(str);
            default:
                throw new IllegalArgumentException("Saw unsupported encoding: " + getSecretKeyEncoding());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public byte[] decodeSecretKey(byte[] bArr) {
        Constraint.isNotNull(bArr, "SecretKey data was null");
        switch (getSecretKeyEncoding()) {
            case binary:
                return bArr;
            case hex:
                return Hex.decode(bArr);
            case base64:
                return Base64.decodeBase64(bArr);
            default:
                throw new IllegalArgumentException("Saw unsupported encoding: " + getSecretKeyEncoding());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.shared.spring.factory.AbstractComponentAwareFactoryBean
    @Nonnull
    public BasicCredential doCreateInstance() throws Exception {
        BasicCredential basicCredential;
        PrivateKey privateKey = getPrivateKey();
        PublicKey publicKey = getPublicKey();
        SecretKey secretKey = getSecretKey();
        if (null != publicKey) {
            if (null == privateKey) {
                basicCredential = new BasicCredential(publicKey);
            } else {
                if (!KeySupport.matchKeyPair(publicKey, privateKey)) {
                    this.log.error("{}: Public and private keys do not match", getConfigDescription());
                    throw new BeanCreationException("Public and private keys do not match");
                }
                basicCredential = new BasicCredential(publicKey, privateKey);
            }
        } else {
            if (null == secretKey) {
                throw new BeanCreationException("Neither public key nor secret key specified");
            }
            basicCredential = new BasicCredential(secretKey);
        }
        if (null != getUsageType()) {
            basicCredential.setUsageType(UsageType.valueOf(getUsageType()));
        }
        return basicCredential;
    }

    @Override // net.shibboleth.shared.spring.factory.AbstractFactoryBean, org.springframework.beans.factory.FactoryBean
    public Class<?> getObjectType() {
        return BasicCredential.class;
    }

    @Nullable
    public String getSecretKeyAlgorithm() {
        return this.secretKeyAlgorithm;
    }

    public void setSecretKeyAlgorithm(@Nonnull String str) {
        this.secretKeyAlgorithm = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "SecretKey algorithm may not be null");
    }

    public SecretKeyEncoding getSecretKeyEncoding() {
        return this.secretKeyEncoding;
    }

    public void setSecretKeyEncoding(@Nonnull SecretKeyEncoding secretKeyEncoding) {
        this.secretKeyEncoding = (SecretKeyEncoding) Constraint.isNotNull(secretKeyEncoding, "SecretKey encoding may not be null");
    }

    @Nullable
    protected abstract PublicKey getPublicKey();

    @Nullable
    protected abstract PrivateKey getPrivateKey();

    @Nullable
    protected abstract SecretKey getSecretKey();
}
