package edu.internet2.middleware.shibboleth.common.config.security;

import java.security.PrivateKey;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/config/security/X509CredentialFactoryBean.class */
public class X509CredentialFactoryBean extends AbstractCredentialFactoryBean {
    private final Logger log = LoggerFactory.getLogger(X509CredentialFactoryBean.class);
    private PrivateKey privateKey;
    private X509Certificate entityCertificate;
    private List<X509Certificate> certificates;
    private List<X509CRL> x509crls;

    protected Object createInstance() throws Exception {
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        basicX509Credential.setUsageType(getUsageType());
        basicX509Credential.setEntityId(getEntityID());
        if (getKeyNames() != null) {
            basicX509Credential.getKeyNames().addAll(getKeyNames());
        }
        if (this.certificates != null) {
            basicX509Credential.setEntityCertificateChain(new ArrayList(this.certificates));
            if (this.entityCertificate != null) {
                basicX509Credential.setEntityCertificate(this.entityCertificate);
            } else {
                basicX509Credential.setEntityCertificate(this.certificates.get(0));
            }
        }
        if (this.x509crls != null) {
            basicX509Credential.setCRLs(new ArrayList(this.x509crls));
        }
        basicX509Credential.setPrivateKey(this.privateKey);
        basicX509Credential.setPublicKey(basicX509Credential.getEntityCertificate().getPublicKey());
        if (basicX509Credential.getPublicKey() != null && basicX509Credential.getPrivateKey() != null) {
            boolean z = false;
            try {
                z = SecurityHelper.matchKeyPair(basicX509Credential.getPublicKey(), basicX509Credential.getPrivateKey());
            } catch (SecurityException e) {
                this.log.warn("Could not perform sanity check against credential public and private key: {}", e.getMessage());
            }
            if (!z) {
                this.log.error("Mismatch detected between credential's public and private key");
                throw new SecurityException("Mismatch between credential public and private key");
            }
        }
        return basicX509Credential;
    }

    public Class getObjectType() {
        return X509Credential.class;
    }

    public X509Certificate getEntityCertificate() {
        return this.entityCertificate;
    }

    public List<X509Certificate> getCertificates() {
        return this.certificates;
    }

    public List<X509CRL> getCrls() {
        return this.x509crls;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void setEntityCertificate(X509Certificate x509Certificate) {
        this.entityCertificate = x509Certificate;
    }

    public void setCertificates(List<X509Certificate> list) {
        this.certificates = list;
    }

    public void setCrls(List<X509CRL> list) {
        this.x509crls = list;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }
}
