package org.apereo.cas.support.saml.util.credential;

import com.google.common.io.ByteStreams;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.SecretKey;
import lombok.Generated;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.cryptacular.util.KeyPairUtil;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.crypto.KeySupport;
import org.springframework.beans.FatalBeanException;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-core-api-6.5.5.jar:org/apereo/cas/support/saml/util/credential/BasicResourceCredentialFactoryBean.class */
public class BasicResourceCredentialFactoryBean implements FactoryBean<BasicCredential> {
    private String secretKeyAlgorithm;
    private char[] privateKeyPassword;
    private Resource publicKeyInfo;
    private Resource privateKeyInfo;
    private Resource secretKeyInfo;
    private String usageType;
    private SecretKeyEncoding secretKeyEncoding = SecretKeyEncoding.BASE64;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-core-api-6.5.5.jar:org/apereo/cas/support/saml/util/credential/BasicResourceCredentialFactoryBean$SecretKeyEncoding.class */
    public enum SecretKeyEncoding {
        BINARY,
        HEX,
        BASE64
    }

    @Override // org.springframework.beans.factory.FactoryBean
    public boolean isSingleton() {
        return true;
    }

    @Override // org.springframework.beans.factory.FactoryBean
    public Class<?> getObjectType() {
        return BasicCredential.class;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.beans.factory.FactoryBean
    public BasicCredential getObject() throws Exception {
        BasicCredential basicCredential;
        PrivateKey privateKey = getPrivateKey();
        PublicKey publicKey = getPublicKey();
        SecretKey secretKey = getSecretKey();
        if (null != publicKey) {
            if (null == privateKey) {
                basicCredential = new BasicCredential(publicKey);
            } else {
                if (!KeySupport.matchKeyPair(publicKey, privateKey)) {
                    throw new BeanCreationException("Public and private keys do not match");
                }
                basicCredential = new BasicCredential(publicKey, privateKey);
            }
        } else {
            if (null == secretKey) {
                throw new BeanCreationException("Neither public key nor secret key specified");
            }
            basicCredential = new BasicCredential(secretKey);
        }
        if (null != getUsageType()) {
            basicCredential.setUsageType(UsageType.valueOf(getUsageType()));
        }
        return basicCredential;
    }

    protected PublicKey getPublicKey() {
        if (null == getPublicKeyInfo()) {
            return null;
        }
        try {
            InputStream inputStream = getPublicKeyInfo().getInputStream();
            try {
                PublicKey readPublicKey = KeyPairUtil.readPublicKey(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                return readPublicKey;
            } finally {
            }
        } catch (Exception e) {
            throw new FatalBeanException("Could not decode public key", e);
        }
    }

    private PrivateKey getPrivateKey() {
        if (null == getPrivateKeyInfo()) {
            return null;
        }
        try {
            InputStream inputStream = getPrivateKeyInfo().getInputStream();
            try {
                PrivateKey decodePrivateKey = KeySupport.decodePrivateKey(inputStream, getPrivateKeyPassword());
                if (inputStream != null) {
                    inputStream.close();
                }
                return decodePrivateKey;
            } finally {
            }
        } catch (Exception e) {
            throw new BeanCreationException("Could not decode private key", e);
        }
    }

    private byte[] decodeSecretKey(byte[] bArr) {
        switch (getSecretKeyEncoding()) {
            case BINARY:
                return bArr;
            case HEX:
                return Hex.decode(bArr);
            case BASE64:
            default:
                return Base64.decodeBase64(bArr);
        }
    }

    private SecretKey getSecretKey() {
        if (null == getSecretKeyInfo()) {
            return null;
        }
        try {
            InputStream inputStream = getSecretKeyInfo().getInputStream();
            try {
                SecretKey decodeSecretKey = KeySupport.decodeSecretKey(decodeSecretKey(ByteStreams.toByteArray(inputStream)), getSecretKeyAlgorithm());
                if (inputStream != null) {
                    inputStream.close();
                }
                return decodeSecretKey;
            } finally {
            }
        } catch (Exception e) {
            throw new BeanCreationException("Could not decode secret key", e);
        }
    }

    @Generated
    public String getSecretKeyAlgorithm() {
        return this.secretKeyAlgorithm;
    }

    @Generated
    public char[] getPrivateKeyPassword() {
        return this.privateKeyPassword;
    }

    @Generated
    public Resource getPublicKeyInfo() {
        return this.publicKeyInfo;
    }

    @Generated
    public Resource getPrivateKeyInfo() {
        return this.privateKeyInfo;
    }

    @Generated
    public Resource getSecretKeyInfo() {
        return this.secretKeyInfo;
    }

    @Generated
    public String getUsageType() {
        return this.usageType;
    }

    @Generated
    public SecretKeyEncoding getSecretKeyEncoding() {
        return this.secretKeyEncoding;
    }

    @Generated
    public void setSecretKeyAlgorithm(String str) {
        this.secretKeyAlgorithm = str;
    }

    @Generated
    public void setPrivateKeyPassword(char[] cArr) {
        this.privateKeyPassword = cArr;
    }

    @Generated
    public void setPublicKeyInfo(Resource resource) {
        this.publicKeyInfo = resource;
    }

    @Generated
    public void setPrivateKeyInfo(Resource resource) {
        this.privateKeyInfo = resource;
    }

    @Generated
    public void setSecretKeyInfo(Resource resource) {
        this.secretKeyInfo = resource;
    }

    @Generated
    public void setUsageType(String str) {
        this.usageType = str;
    }

    @Generated
    public void setSecretKeyEncoding(SecretKeyEncoding secretKeyEncoding) {
        this.secretKeyEncoding = secretKeyEncoding;
    }
}
