package net.shibboleth.idp.profile.spring.relyingparty.security.trustengine;

import java.io.IOException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nullable;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.FatalBeanException;
import org.springframework.core.io.Resource;

/* loaded from: input_file:net/shibboleth/idp/profile/spring/relyingparty/security/trustengine/PKIXResourceValidationInfoFactoryBean.class */
public class PKIXResourceValidationInfoFactoryBean extends AbstractBasicPKIXValidationInfoFactoryBean {
    private Logger log = LoggerFactory.getLogger(PKIXResourceValidationInfoFactoryBean.class);
    private List<Resource> certificateFiles;
    private List<Resource> crlFiles;

    public void setCertificates(@Nullable List<Resource> list) {
        this.certificateFiles = list;
    }

    public void setCRLs(@Nullable List<Resource> list) {
        this.crlFiles = list;
    }

    @Override // net.shibboleth.idp.profile.spring.relyingparty.security.trustengine.AbstractBasicPKIXValidationInfoFactoryBean
    @Nullable
    protected List<X509Certificate> getCertificates() {
        if (null == this.certificateFiles) {
            return null;
        }
        ArrayList arrayList = new ArrayList(this.certificateFiles.size());
        for (Resource resource : this.certificateFiles) {
            try {
                arrayList.addAll(X509Support.decodeCertificates(resource.getFile()));
            } catch (IOException | CertificateException e) {
                this.log.error("{}: Could not decode Certificate at {}", new Object[]{getConfigDescription(), resource.getDescription(), e});
                throw new FatalBeanException("Could not decode provided CertificateFile: " + resource.getDescription(), e);
            }
        }
        return arrayList;
    }

    @Override // net.shibboleth.idp.profile.spring.relyingparty.security.trustengine.AbstractBasicPKIXValidationInfoFactoryBean
    @Nullable
    protected List<X509CRL> getCRLs() {
        if (null == this.crlFiles) {
            return null;
        }
        ArrayList arrayList = new ArrayList(this.crlFiles.size());
        for (Resource resource : this.crlFiles) {
            try {
                arrayList.addAll(X509Support.decodeCRLs(resource.getFile()));
            } catch (IOException | CRLException e) {
                this.log.error("{}: Could not decode CRL file at {}: {}", new Object[]{getConfigDescription(), resource.getDescription(), e});
                throw new FatalBeanException("Could not decode provided CRL file " + resource.getDescription(), e);
            }
        }
        return arrayList;
    }
}
