package net.shibboleth.idp.profile.spring.factory;

import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.ext.spring.factory.AbstractComponentAwareFactoryBean;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import org.cryptacular.EncodingException;
import org.cryptacular.StreamException;
import org.cryptacular.util.KeyPairUtil;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.impl.StaticCredentialResolver;
import org.opensaml.security.trust.impl.ExplicitKeyTrustEngine;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.FatalBeanException;
import org.springframework.core.io.Resource;

/* loaded from: input_file:net/shibboleth/idp/profile/spring/factory/StaticExplicitKeyFactoryBean.class */
public class StaticExplicitKeyFactoryBean extends AbstractComponentAwareFactoryBean<ExplicitKeyTrustEngine> {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(StaticExplicitKeyFactoryBean.class);
    private List<Resource> keyResources = Collections.emptyList();
    private List<Resource> certificateResources = Collections.emptyList();

    public void setPublicKeys(@Nullable List<Resource> list) {
        this.keyResources = list != null ? list : Collections.emptyList();
    }

    public void setCertificates(@Nullable List<Resource> list) {
        this.certificateResources = list != null ? list : Collections.emptyList();
    }

    @NonnullElements
    @Nullable
    protected List<Credential> getCredentials() {
        InputStream inputStream;
        ArrayList arrayList = new ArrayList(this.keyResources.size() + this.certificateResources.size());
        for (Resource resource : this.keyResources) {
            try {
                inputStream = resource.getInputStream();
                try {
                    arrayList.add(new BasicCredential(KeyPairUtil.readPublicKey(inputStream)));
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } finally {
                }
            } catch (EncodingException | StreamException | IOException e) {
                this.log.error("Could not decode public key from {}: {}", resource.getDescription(), e.getMessage());
                throw new FatalBeanException("Could not decode public key from " + resource.getDescription(), e);
            }
        }
        for (Resource resource2 : this.certificateResources) {
            try {
                inputStream = resource2.getInputStream();
                try {
                    Collection decodeCertificates = X509Support.decodeCertificates(inputStream);
                    if (decodeCertificates != null) {
                        decodeCertificates.forEach(x509Certificate -> {
                            if (x509Certificate != null) {
                                arrayList.add(new BasicX509Credential(x509Certificate));
                            }
                        });
                    }
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } finally {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th) {
                            th.addSuppressed(th);
                        }
                    }
                }
            } catch (IOException | CertificateException e2) {
                this.log.error("Could not decode certificate from {}: {}", resource2.getDescription(), e2.getMessage());
                throw new FatalBeanException("Could not decode certificate from " + resource2.getDescription(), e2);
            }
        }
        return arrayList;
    }

    public Class<?> getObjectType() {
        return ExplicitKeyTrustEngine.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: doCreateInstance, reason: merged with bridge method [inline-methods] */
    public ExplicitKeyTrustEngine m6doCreateInstance() throws Exception {
        return new ExplicitKeyTrustEngine(new StaticCredentialResolver(getCredentials()));
    }
}
