package net.shibboleth.oidc.security.credential;

import com.google.common.base.Enums;
import com.nimbusds.jose.Algorithm;
import java.time.Duration;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.spring.factory.AbstractCredentialFactoryBean;
import net.shibboleth.oidc.security.JWSAssemblyUtils;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.crypto.KeySupport;

/* loaded from: input_file:net/shibboleth/oidc/security/credential/BasicExpiringJWTSharedSecretCredentialFactoryBean.class */
public class BasicExpiringJWTSharedSecretCredentialFactoryBean extends AbstractCredentialFactoryBean<ExpiringJWKCredential> {

    @Nullable
    private String secret;

    @Nullable
    private Algorithm alg;

    @Nullable
    private String jcaAlg = "AES";

    @Nonnull
    private Duration credentialExpiresAt = Duration.ZERO;

    public void setCredentialExpiresAt(@Nonnull Duration duration) {
        this.credentialExpiresAt = (Duration) Constraint.isNotNull(duration, "Credential expiry can not be null");
    }

    public void setJcaAlg(@Nullable String str) {
        if (StringSupport.trimOrNull(str) != null) {
            this.jcaAlg = str;
        }
    }

    public void setAlg(@Nonnull Algorithm algorithm) {
        this.alg = (Algorithm) Constraint.isNotNull(algorithm, "Algorithm 'alg' can not be null");
    }

    public void setSecret(@NotEmpty @Nonnull String str) {
        this.secret = Constraint.isNotEmpty(str, "Secret can not be null or empty");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: doCreateInstance, reason: merged with bridge method [inline-methods] */
    public ExpiringJWKCredential m1doCreateInstance() throws Exception {
        BasicExpiringJWKCredential basicExpiringJWKCredential = new BasicExpiringJWKCredential();
        basicExpiringJWKCredential.setSecretKey(KeySupport.decodeSecretKey(JWSAssemblyUtils.getSecretBytes(this.secret), this.jcaAlg));
        basicExpiringJWKCredential.setCredentialExpiresAt(this.credentialExpiresAt);
        basicExpiringJWKCredential.setEntityId(getEntityID());
        basicExpiringJWKCredential.setAlgorithm(this.alg);
        if (getUsageType() != null) {
            basicExpiringJWKCredential.setUsageType((UsageType) Enums.getIfPresent(UsageType.class, getUsageType()).or(UsageType.UNSPECIFIED));
        } else {
            basicExpiringJWKCredential.setUsageType(UsageType.UNSPECIFIED);
        }
        List keyNames = getKeyNames();
        if (keyNames != null) {
            basicExpiringJWKCredential.getKeyNames().addAll(keyNames);
        }
        return basicExpiringJWKCredential;
    }

    public Class<?> getObjectType() {
        return BasicJWKCredential.class;
    }
}
