package net.shibboleth.idp.profile.spring.relyingparty.security.credential;

import java.security.PrivateKey;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.spring.relyingparty.metadata.ResourceBackedMetadataProviderParser;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import org.cryptacular.util.KeyPairUtil;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.BasicX509Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanCreationException;

/* loaded from: input_file:net/shibboleth/idp/profile/spring/relyingparty/security/credential/AbstractX509CredentialFactoryBean.class */
public abstract class AbstractX509CredentialFactoryBean extends AbstractCredentialFactoryBean<BasicX509Credential> {
    private final Logger log = LoggerFactory.getLogger(ResourceBackedMetadataProviderParser.class);

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: doCreateInstance, reason: merged with bridge method [inline-methods] */
    public BasicX509Credential m43doCreateInstance() throws Exception {
        BasicX509Credential basicX509Credential;
        List<X509Certificate> certificates = getCertificates();
        if (null == certificates || certificates.isEmpty()) {
            this.log.error("{}: No Certificates provided", getConfigDescription());
            throw new BeanCreationException("No Certificates provided");
        }
        X509Certificate entityCertificate = getEntityCertificate();
        if (null == entityCertificate) {
            entityCertificate = certificates.get(0);
        }
        PrivateKey privateKey = getPrivateKey();
        if (null == privateKey) {
            basicX509Credential = new BasicX509Credential(entityCertificate);
        } else {
            basicX509Credential = new BasicX509Credential(entityCertificate, privateKey);
            if (!KeyPairUtil.isKeyPair(entityCertificate.getPublicKey(), privateKey)) {
                this.log.error("{}: Public and private keys do not match", getConfigDescription());
                throw new BeanCreationException("Public and private keys do not match");
            }
        }
        basicX509Credential.setEntityCertificateChain(certificates);
        List<X509CRL> cRLs = getCRLs();
        if (null != cRLs && !cRLs.isEmpty()) {
            basicX509Credential.setCRLs(cRLs);
        }
        if (null != getUsageType()) {
            basicX509Credential.setUsageType(UsageType.valueOf(getUsageType()));
        }
        if (null != getEntityID()) {
            basicX509Credential.setEntityId(getEntityID());
        }
        List<String> keyNames = getKeyNames();
        if (null != keyNames) {
            basicX509Credential.getKeyNames().addAll(keyNames);
        }
        return basicX509Credential;
    }

    public Class<BasicX509Credential> getObjectType() {
        return BasicX509Credential.class;
    }

    @Nullable
    protected abstract X509Certificate getEntityCertificate();

    @NotEmpty
    @Nonnull
    protected abstract List<X509Certificate> getCertificates();

    @Nullable
    protected abstract PrivateKey getPrivateKey();

    @Nullable
    protected abstract List<X509CRL> getCRLs();
}
