package org.opensaml.spring.credential;

import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.collection.LazyList;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.cryptacular.util.KeyPairUtil;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;
import org.springframework.beans.FatalBeanException;

/* loaded from: input_file:org/opensaml/spring/credential/X509InlineCredentialFactoryBean.class */
public class X509InlineCredentialFactoryBean extends AbstractX509CredentialFactoryBean {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(X509InlineCredentialFactoryBean.class);

    @Nullable
    private String entityCertificate;

    @Nullable
    private List<String> certificates;

    @Nullable
    private byte[] privateKey;

    @Nullable
    private List<String> crls;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void setEntity(@Nonnull String str) {
        this.entityCertificate = str;
    }

    public void setCertificates(@NotEmpty @Nullable List<String> list) {
        this.certificates = list;
    }

    public void setPrivateKey(@Nullable byte[] bArr) {
        this.privateKey = bArr;
    }

    public void setCRLs(@NotEmpty @Nullable List<String> list) {
        this.crls = list;
    }

    @Override // org.opensaml.spring.credential.AbstractX509CredentialFactoryBean
    @Nullable
    protected X509Certificate getEntityCertificate() {
        if (null == this.entityCertificate) {
            return null;
        }
        try {
            if ($assertionsDisabled || this.entityCertificate != null) {
                return X509Support.decodeCertificate(this.entityCertificate);
            }
            throw new AssertionError();
        } catch (CertificateException e) {
            this.log.error("{}: Could not decode provided Entity Certificate: {}", getConfigDescription(), e.getMessage());
            throw new FatalBeanException("Could not decode provided Entity Certificate", e);
        }
    }

    @Override // org.opensaml.spring.credential.AbstractX509CredentialFactoryBean
    @Nonnull
    protected List<X509Certificate> getCertificates() {
        if (this.certificates == null) {
            return CollectionSupport.emptyList();
        }
        LazyList lazyList = new LazyList();
        if (!$assertionsDisabled && this.certificates == null) {
            throw new AssertionError();
        }
        Iterator<String> it = this.certificates.iterator();
        while (it.hasNext()) {
            try {
                lazyList.add(X509Support.decodeCertificate(it.next().trim()));
            } catch (CertificateException e) {
                this.log.error("{}: Could not decode provided Certificate: {}", getConfigDescription(), e.getMessage());
                throw new FatalBeanException("Could not decode provided Certificate", e);
            }
        }
        return lazyList;
    }

    @Override // org.opensaml.spring.credential.AbstractX509CredentialFactoryBean
    @Nullable
    protected PrivateKey getPrivateKey() {
        if (null == this.privateKey) {
            return null;
        }
        return KeyPairUtil.decodePrivateKey(this.privateKey, getPrivateKeyPassword());
    }

    @Override // org.opensaml.spring.credential.AbstractX509CredentialFactoryBean
    @Nullable
    protected List<X509CRL> getCRLs() {
        if (null == this.crls) {
            return null;
        }
        LazyList lazyList = new LazyList();
        if (!$assertionsDisabled && this.crls == null) {
            throw new AssertionError();
        }
        for (String str : this.crls) {
            try {
                if (!$assertionsDisabled && str == null) {
                    throw new AssertionError();
                }
                lazyList.add(X509Support.decodeCRL(str));
            } catch (CRLException | CertificateException e) {
                this.log.error("{}: Could not decode provided CRL: {}", getConfigDescription(), e.getMessage());
                throw new FatalBeanException("Could not decode provided CRL", e);
            }
        }
        return lazyList;
    }

    static {
        $assertionsDisabled = !X509InlineCredentialFactoryBean.class.desiredAssertionStatus();
    }
}
