package org.opensaml.security.x509;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.SecretKey;
import net.shibboleth.utilities.java.support.annotation.ParameterName;
import net.shibboleth.utilities.java.support.collection.LazySet;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;

/* loaded from: input_file:lib/opensaml-security-api-4.2.0.jar:org/opensaml/security/x509/BasicX509Credential.class */
public class BasicX509Credential extends BasicCredential implements X509Credential {
    private X509Certificate entityCert;
    private Collection<X509Certificate> entityCertChain;
    private Collection<X509CRL> crls;

    public BasicX509Credential(@Nonnull @ParameterName(name = "entityCertificate") X509Certificate x509Certificate) {
        setEntityCertificate(x509Certificate);
    }

    public BasicX509Credential(@Nonnull @ParameterName(name = "entityCertificate") X509Certificate x509Certificate, @Nonnull @ParameterName(name = "privateKey") PrivateKey privateKey) {
        setEntityCertificate(x509Certificate);
        setPrivateKey(privateKey);
    }

    @Override // org.opensaml.security.credential.BasicCredential, org.opensaml.security.credential.Credential
    @Nonnull
    public Class<? extends Credential> getCredentialType() {
        return X509Credential.class;
    }

    @Override // org.opensaml.security.x509.X509Credential
    @Nullable
    public Collection<X509CRL> getCRLs() {
        return this.crls;
    }

    public void setCRLs(@Nullable Collection<X509CRL> collection) {
        this.crls = collection;
    }

    @Override // org.opensaml.security.x509.X509Credential
    @Nonnull
    public X509Certificate getEntityCertificate() {
        return this.entityCert;
    }

    public void setEntityCertificate(@Nonnull X509Certificate x509Certificate) {
        Constraint.isNotNull(x509Certificate, "Credential certificate cannot be null");
        this.entityCert = x509Certificate;
    }

    @Override // org.opensaml.security.credential.AbstractCredential, org.opensaml.security.credential.Credential
    @Nonnull
    public PublicKey getPublicKey() {
        return getEntityCertificate().getPublicKey();
    }

    @Override // org.opensaml.security.credential.BasicCredential, org.opensaml.security.credential.AbstractCredential, org.opensaml.security.credential.MutableCredential
    public void setPublicKey(PublicKey publicKey) {
        throw new UnsupportedOperationException("Public key may not be set explicitly on an X509 credential");
    }

    @Override // org.opensaml.security.x509.X509Credential
    @Nonnull
    public Collection<X509Certificate> getEntityCertificateChain() {
        if (this.entityCertChain != null) {
            return this.entityCertChain;
        }
        LazySet lazySet = new LazySet();
        lazySet.add(this.entityCert);
        return lazySet;
    }

    public void setEntityCertificateChain(@Nonnull Collection<X509Certificate> collection) {
        Constraint.isNotNull(collection, "Certificate chain collection cannot be null");
        Constraint.isNotEmpty(collection, "Certificate chain collection cannot be empty");
        this.entityCertChain = new ArrayList(collection);
    }

    @Override // org.opensaml.security.credential.AbstractCredential, org.opensaml.security.credential.Credential
    @Nullable
    public SecretKey getSecretKey() {
        return null;
    }

    @Override // org.opensaml.security.credential.BasicCredential, org.opensaml.security.credential.AbstractCredential, org.opensaml.security.credential.MutableCredential
    public void setSecretKey(SecretKey secretKey) {
        throw new UnsupportedOperationException("An X509Credential may not contain a secret key");
    }
}
