package net.shibboleth.idp.profile.spring.relyingparty.security.credential;

import java.io.File;
import java.security.KeyException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.collection.LazyList;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.FatalBeanException;

/* loaded from: input_file:net/shibboleth/idp/profile/spring/relyingparty/security/credential/X509FilesystemCredentialFactoryBean.class */
public class X509FilesystemCredentialFactoryBean extends AbstractX509CredentialFactoryBean {
    private final Logger log = LoggerFactory.getLogger(X509FilesystemCredentialFactoryBean.class);
    private File entityFile;
    private List<File> certificateFiles;
    private File privateKeyFile;
    private List<File> crlFiles;

    public void setEntity(@Nonnull File file) {
        this.entityFile = file;
    }

    public void setCertificates(@NotEmpty @Nullable List<File> list) {
        this.certificateFiles = list;
    }

    public void setPrivateKey(@Nullable File file) {
        this.privateKeyFile = file;
    }

    public void setCrls(@NotEmpty @Nullable List<File> list) {
        this.crlFiles = list;
    }

    @Override // net.shibboleth.idp.profile.spring.relyingparty.security.credential.AbstractX509CredentialFactoryBean
    @Nullable
    protected X509Certificate getEntityCertificate() {
        if (null == this.entityFile) {
            return null;
        }
        try {
            Collection decodeCertificates = X509Support.decodeCertificates(this.entityFile);
            if (decodeCertificates.size() <= 1) {
                return (X509Certificate) decodeCertificates.iterator().next();
            }
            this.log.error("{}: Configuration element indicated an entityCertificate, but multiple certificates were decoded", getConfigFile());
            throw new FatalBeanException("Configuration element indicated an entityCertificate, but multiple certificates were decoded");
        } catch (CertificateException e) {
            this.log.error("{}: {}: Could not decode provided Entity Certificate: {}", new Object[]{getConfigFile(), this.entityFile.getAbsolutePath(), e});
            throw new FatalBeanException("Could not decode provided Entity Certificate file " + this.entityFile.getAbsolutePath(), e);
        }
    }

    @Override // net.shibboleth.idp.profile.spring.relyingparty.security.credential.AbstractX509CredentialFactoryBean
    @Nonnull
    protected List<X509Certificate> getCertificates() {
        LazyList lazyList = new LazyList();
        for (File file : this.certificateFiles) {
            try {
                lazyList.addAll(X509Support.decodeCertificates(file));
            } catch (CertificateException e) {
                this.log.error("{}: {}: could not decode CertificateFile: {}", new Object[]{getConfigFile(), file.getAbsolutePath(), e});
                throw new FatalBeanException("Could not decode provided CertificateFile: " + file.getAbsolutePath(), e);
            }
        }
        return lazyList;
    }

    @Override // net.shibboleth.idp.profile.spring.relyingparty.security.credential.AbstractX509CredentialFactoryBean
    @Nullable
    protected PrivateKey getPrivateKey() {
        if (null == this.privateKeyFile) {
            return null;
        }
        try {
            return KeySupport.decodePrivateKey(this.privateKeyFile, getPrivateKeyPassword());
        } catch (KeyException e) {
            this.log.error("{}: {}: Could not decode KeyFile: {}", new Object[]{getConfigFile(), this.privateKeyFile.getAbsolutePath(), e});
            throw new FatalBeanException("Could not decode provided KeyFile " + this.privateKeyFile.getAbsolutePath(), e);
        }
    }

    @Override // net.shibboleth.idp.profile.spring.relyingparty.security.credential.AbstractX509CredentialFactoryBean
    @Nullable
    protected List<X509CRL> getCrls() {
        if (null == this.crlFiles) {
            return null;
        }
        LazyList lazyList = new LazyList();
        for (File file : this.crlFiles) {
            try {
                lazyList.addAll(X509Support.decodeCRLs(file));
            } catch (CRLException e) {
                this.log.error("{}: {}: Could not decode CRL file: {}", new Object[]{getConfigFile(), file.getAbsolutePath(), e});
                throw new FatalBeanException("Could not decode provided CRL file " + file.getAbsolutePath(), e);
            }
        }
        return lazyList;
    }
}
