package com.liferay.saml.opensaml.integration.internal.credential;

import com.liferay.saml.runtime.configuration.SamlProviderConfiguration;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import com.liferay.saml.runtime.credential.KeyStoreManager;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver;
import org.opensaml.xml.security.credential.BasicCredential;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.CredentialResolver;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.saml.runtime.configuration.SamlKeyStoreManagerConfiguration"}, immediate = true, service = {CredentialResolver.class})
/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/credential/KeyStoreCredentialResolver.class */
public class KeyStoreCredentialResolver extends AbstractCriteriaFilteringCredentialResolver {
    private KeyStoreManager _keyStoreManager;
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;

    @Reference(name = "KeyStoreManager", target = "(default=true)", unbind = "-")
    public void setKeyStoreManager(KeyStoreManager keyStoreManager) {
        this._keyStoreManager = keyStoreManager;
    }

    @Reference(unbind = "-")
    public void setSamlProviderConfigurationHelper(SamlProviderConfigurationHelper samlProviderConfigurationHelper) {
        this._samlProviderConfigurationHelper = samlProviderConfigurationHelper;
    }

    protected Credential buildCredential(KeyStore.Entry entry, String str, UsageType usageType) {
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            return processPrivateKeyEntry((KeyStore.PrivateKeyEntry) entry, str, usageType);
        }
        if (entry instanceof KeyStore.SecretKeyEntry) {
            return processSecretKeyEntry((KeyStore.SecretKeyEntry) entry, str, usageType);
        }
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            return processTrustedCertificateEntry((KeyStore.TrustedCertificateEntry) entry, str, usageType);
        }
        return null;
    }

    protected void checkCriteriaRequirements(CriteriaSet criteriaSet) {
        if (((EntityIDCriteria) criteriaSet.get(EntityIDCriteria.class)) == null) {
            throw new IllegalArgumentException("No entity ID criteria was available in criteria set");
        }
    }

    protected Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String str, UsageType usageType) {
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        basicX509Credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate());
        basicX509Credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain()));
        basicX509Credential.setEntityId(str);
        basicX509Credential.setPrivateKey(privateKeyEntry.getPrivateKey());
        basicX509Credential.setUsageType(usageType);
        return basicX509Credential;
    }

    protected Credential processSecretKeyEntry(KeyStore.SecretKeyEntry secretKeyEntry, String str, UsageType usageType) {
        BasicCredential basicCredential = new BasicCredential();
        basicCredential.setEntityId(str);
        basicCredential.setSecretKey(secretKeyEntry.getSecretKey());
        basicCredential.setUsageType(usageType);
        return basicCredential;
    }

    protected Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertificateEntry, String str, UsageType usageType) {
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        X509Certificate x509Certificate = (X509Certificate) trustedCertificateEntry.getTrustedCertificate();
        basicX509Credential.setEntityCertificate(x509Certificate);
        basicX509Credential.setEntityCertificateChain(Arrays.asList(x509Certificate));
        basicX509Credential.setEntityId(str);
        basicX509Credential.setUsageType(usageType);
        return basicX509Credential;
    }

    @Override // org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
    protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
        String keyStoreCredentialPassword;
        try {
            checkCriteriaRequirements(criteriaSet);
            String entityID = ((EntityIDCriteria) criteriaSet.get(EntityIDCriteria.class)).getEntityID();
            KeyStore.PasswordProtection passwordProtection = null;
            SamlProviderConfiguration samlProviderConfiguration = this._samlProviderConfigurationHelper.getSamlProviderConfiguration();
            if (entityID.equals(samlProviderConfiguration.entityId()) && (keyStoreCredentialPassword = samlProviderConfiguration.keyStoreCredentialPassword()) != null) {
                passwordProtection = new KeyStore.PasswordProtection(keyStoreCredentialPassword.toCharArray());
            }
            KeyStore.Entry entry = this._keyStoreManager.getKeyStore().getEntry(entityID, passwordProtection);
            if (entry == null) {
                return Collections.emptySet();
            }
            UsageType usageType = UsageType.UNSPECIFIED;
            UsageCriteria usageCriteria = (UsageCriteria) criteriaSet.get(UsageCriteria.class);
            if (usageCriteria != null) {
                usageType = usageCriteria.getUsage();
            }
            return Collections.singleton(buildCredential(entry, entityID, usageType));
        } catch (RuntimeException e) {
            throw new SecurityException(e);
        } catch (Exception e2) {
            throw new SecurityException(e2);
        }
    }
}
