package net.shibboleth.shared.spring.security.factory;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.slf4j.Logger;
import org.springframework.beans.factory.FactoryBean;

/* loaded from: input_file:net/shibboleth/shared/spring/security/factory/PKCS11PrivateKeyFactoryBean.class */
public class PKCS11PrivateKeyFactoryBean implements FactoryBean<PrivateKey> {

    @Nonnull
    @NotEmpty
    private static final String UNCONFIGURED_PROVIDER_NAME = "SunPKCS11";

    @Nullable
    private static Provider provider;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(PKCS11PrivateKeyFactoryBean.class);

    @Nullable
    private String pkcs11Config;

    @Nullable
    private String keyAlias;

    @Nullable
    private String keyPassword;

    @Nullable
    private PrivateKey key;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nullable
    public String getPkcs11Config() {
        return this.pkcs11Config;
    }

    public void setPkcs11Config(@Nullable String str) {
        this.pkcs11Config = str;
    }

    @Nullable
    public String getKeyAlias() {
        return this.keyAlias;
    }

    public void setKeyAlias(@Nullable String str) {
        this.keyAlias = str;
    }

    @Nullable
    public String getKeyPassword() {
        return this.keyPassword;
    }

    public void setKeyPassword(@Nullable String str) {
        this.keyPassword = str;
    }

    @Nonnull
    private Provider getProvider() throws Exception {
        if (provider == null) {
            Provider provider2 = Security.getProvider(UNCONFIGURED_PROVIDER_NAME);
            if (provider2 == null) {
                throw new NoSuchProviderException("could not acquire PKCS#11 bridge: SunPKCS11");
            }
            provider = provider2.configure(this.pkcs11Config);
            Security.addProvider(provider);
        }
        if ($assertionsDisabled || provider != null) {
            return provider;
        }
        throw new AssertionError();
    }

    @Nonnull
    private KeyStore getKeyStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS11", getProvider());
        this.log.debug("Initializing PKCS11 keystore");
        keyStore.load(null, this.keyPassword != null ? this.keyPassword.toCharArray() : null);
        return keyStore;
    }

    @Nonnull
    /* renamed from: getObject, reason: merged with bridge method [inline-methods] */
    public PrivateKey m2getObject() throws Exception {
        if (this.key == null) {
            if (this.keyPassword == null) {
                throw new GeneralSecurityException("Key password was null");
            }
            KeyStore keyStore = getKeyStore();
            if (!$assertionsDisabled && this.keyPassword == null) {
                throw new AssertionError();
            }
            KeyStore.Entry entry = keyStore.getEntry(this.keyAlias, new KeyStore.PasswordProtection(this.keyPassword.toCharArray()));
            if (entry == null) {
                throw new GeneralSecurityException("entry " + this.keyAlias + " not found");
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new GeneralSecurityException("entry " + this.keyAlias + " is not a private key entry");
            }
            this.key = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
        }
        if ($assertionsDisabled || this.key != null) {
            return this.key;
        }
        throw new AssertionError();
    }

    @Nonnull
    public Class<?> getObjectType() {
        return PrivateKey.class;
    }

    public boolean isSingleton() {
        return true;
    }

    static {
        $assertionsDisabled = !PKCS11PrivateKeyFactoryBean.class.desiredAssertionStatus();
    }
}
