package net.shibboleth.idp.authn.impl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.resource.Resource;
import org.ldaptive.ssl.CredentialConfig;
import org.ldaptive.ssl.SSLContextInitializer;
import org.ldaptive.ssl.X509SSLContextInitializer;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.x509.X509Support;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-5.1.3.jar:net/shibboleth/idp/authn/impl/X509ResourceCredentialConfig.class */
public class X509ResourceCredentialConfig implements CredentialConfig {

    @Nullable
    private Resource trustCertificates;

    @Nullable
    private Resource authenticationCertificate;

    @Nullable
    private Resource authenticationKey;

    @Nullable
    private String authenticationKeyPassword;

    public void setTrustCertificates(@Nonnull @NotEmpty Resource resource) {
        this.trustCertificates = (Resource) Constraint.isNotNull(resource, "Trust certificates resource cannot be null");
    }

    public void setAuthenticationCertificate(@Nonnull @NotEmpty Resource resource) {
        this.authenticationCertificate = (Resource) Constraint.isNotNull(resource, "Authentication certificate resource cannot be null");
    }

    public void setAuthenticationKey(@Nonnull @NotEmpty Resource resource) {
        this.authenticationKey = (Resource) Constraint.isNotNull(resource, "Authentication key resource cannot be null");
    }

    public void setAuthenticationKeyPassword(@Nonnull @NotEmpty String str) {
        this.authenticationKeyPassword = (String) Constraint.isNotNull(str, "Authentication key password cannot be null");
    }

    @Override // org.ldaptive.ssl.CredentialConfig
    @Nonnull
    public SSLContextInitializer createSSLContextInitializer() throws GeneralSecurityException {
        X509SSLContextInitializer x509SSLContextInitializer = new X509SSLContextInitializer();
        try {
            if (this.trustCertificates != null) {
                x509SSLContextInitializer.setTrustCertificates((X509Certificate[]) X509Support.decodeCertificates(this.trustCertificates.getFile()).toArray(new X509Certificate[0]));
            }
            if (this.authenticationCertificate != null) {
                x509SSLContextInitializer.setAuthenticationCertificate(X509Support.decodeCertificate(this.authenticationCertificate.getFile()));
            }
            if (this.authenticationKey != null) {
                x509SSLContextInitializer.setAuthenticationKey(KeySupport.decodePrivateKey(this.authenticationKey.getFile(), this.authenticationKeyPassword != null ? this.authenticationKeyPassword.toCharArray() : null));
            }
            return x509SSLContextInitializer;
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }
}
