package net.shibboleth.idp.plugin.oidc.op.profile.spring.factory;

import com.google.common.io.ByteStreams;
import com.nimbusds.jose.jwk.AsymmetricJWK;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.OctetSequenceKey;
import java.io.IOException;
import java.io.InputStream;
import java.text.ParseException;
import java.util.List;
import javax.annotation.Nonnull;
import net.shibboleth.idp.profile.spring.factory.AbstractCredentialFactoryBean;
import net.shibboleth.oidc.security.credential.BasicJWKCredential;
import net.shibboleth.oidc.security.impl.CredentialConversionUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.FatalBeanException;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.core.io.Resource;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/spring/factory/BasicJWKCredentialFactoryBean.class */
public class BasicJWKCredentialFactoryBean extends AbstractCredentialFactoryBean<BasicJWKCredential> {
    private final Logger log = LoggerFactory.getLogger(BasicJWKCredentialFactoryBean.class);
    private Resource jwkResource;

    public void setResource(@Nonnull Resource resource) {
        this.jwkResource = resource;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: doCreateInstance, reason: merged with bridge method [inline-methods] */
    public BasicJWKCredential m301doCreateInstance() throws Exception {
        if (this.jwkResource == null) {
            this.log.error("{}: No JWK credential provided", getConfigDescription());
            throw new BeanCreationException("No JWK credential provided");
        }
        try {
            InputStream inputStream = this.jwkResource.getInputStream();
            try {
                JWK parse = JWK.parse(new String(ByteStreams.toByteArray(inputStream)));
                BasicJWKCredential basicJWKCredential = new BasicJWKCredential();
                if (parse.getKeyType() == KeyType.EC || parse.getKeyType() == KeyType.RSA) {
                    if (parse.isPrivate()) {
                        basicJWKCredential.setPrivateKey(((AsymmetricJWK) parse).toPrivateKey());
                    }
                    basicJWKCredential.setPublicKey(((AsymmetricJWK) parse).toPublicKey());
                } else {
                    if (parse.getKeyType() != KeyType.OCT) {
                        throw new FatalBeanException("Unsupported KeyFile at " + this.jwkResource.getDescription());
                    }
                    basicJWKCredential.setSecretKey(((OctetSequenceKey) parse).toSecretKey());
                }
                if (inputStream != null) {
                    inputStream.close();
                }
                basicJWKCredential.setUsageType(CredentialConversionUtil.getUsageType(parse));
                basicJWKCredential.setEntityId(getEntityID());
                basicJWKCredential.setAlgorithm(parse.getAlgorithm());
                basicJWKCredential.setKid(parse.getKeyID());
                List keyNames = getKeyNames();
                if (keyNames != null) {
                    basicJWKCredential.getKeyNames().addAll(keyNames);
                }
                return basicJWKCredential;
            } finally {
            }
        } catch (IOException | ParseException e) {
            this.log.error("{}: Could not decode KeyFile at {}: {}", new Object[]{getConfigDescription(), this.jwkResource.getDescription(), e});
            throw new FatalBeanException("Could not decode provided KeyFile " + this.jwkResource.getDescription(), e);
        }
    }

    public Class<?> getObjectType() {
        return BasicJWKCredential.class;
    }
}
