package com.adobe.granite.auth.saml.util;

import com.adobe.granite.auth.saml.util.io.Siphon;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.resource.ValueMap;

/* loaded from: input_file:com/adobe/granite/auth/saml/util/SlingKeyProvider.class */
public class SlingKeyProvider implements KeyProvider {
    static final String KEY_ROOT = "/etc/key/saml";
    static final String PRIVATE_KEY = "private";
    static final String PUBLIC_CERT = "public";
    private ResourceResolverFactory resourceResolverFactory;
    private Siphon siphon = new Siphon();

    public void setResourceResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resourceResolverFactory = resourceResolverFactory;
    }

    @Override // com.adobe.granite.auth.saml.util.KeyProvider
    public Key getDecryptionKey() {
        ResourceResolver resourceResolver = null;
        InputStream inputStream = null;
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                try {
                    resourceResolver = this.resourceResolverFactory.getAdministrativeResourceResolver(null);
                    ValueMap valueMap = (ValueMap) resourceResolver.getResource(KEY_ROOT).adaptTo(ValueMap.class);
                    if (!valueMap.containsKey(PRIVATE_KEY)) {
                        if (0 != 0) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (IOException e2) {
                            }
                        }
                        if (resourceResolver != null) {
                            resourceResolver.close();
                        }
                        return null;
                    }
                    inputStream = (InputStream) valueMap.get(PRIVATE_KEY, InputStream.class);
                    byteArrayOutputStream = new ByteArrayOutputStream();
                    this.siphon.siphon(inputStream, byteArrayOutputStream);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    if (null == byteArray || 0 == byteArray.length) {
                        if (null != byteArrayOutputStream) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (IOException e3) {
                            }
                        }
                        if (null != inputStream) {
                            try {
                                inputStream.close();
                            } catch (IOException e4) {
                            }
                        }
                        if (resourceResolver != null) {
                            resourceResolver.close();
                        }
                        return null;
                    }
                    PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(byteArray));
                    if (null != byteArrayOutputStream) {
                        try {
                            byteArrayOutputStream.close();
                        } catch (IOException e5) {
                        }
                    }
                    if (null != inputStream) {
                        try {
                            inputStream.close();
                        } catch (IOException e6) {
                        }
                    }
                    if (resourceResolver != null) {
                        resourceResolver.close();
                    }
                    return generatePrivate;
                } catch (Throwable th) {
                    if (null != byteArrayOutputStream) {
                        try {
                            byteArrayOutputStream.close();
                        } catch (IOException e7) {
                        }
                    }
                    if (null != inputStream) {
                        try {
                            inputStream.close();
                        } catch (IOException e8) {
                        }
                    }
                    if (resourceResolver != null) {
                        resourceResolver.close();
                    }
                    throw th;
                }
            } catch (InvalidKeySpecException e9) {
                throw new RuntimeException("Error reading private key", e9);
            } catch (LoginException e10) {
                throw new RuntimeException("Unable to retrieve admin resource resolver", e10);
            }
        } catch (IOException e11) {
            throw new RuntimeException("Error reading private key", e11);
        } catch (NoSuchAlgorithmException e12) {
            throw new RuntimeException("Error reading private key", e12);
        }
    }

    @Override // com.adobe.granite.auth.saml.util.KeyProvider
    public Certificate getPublicCertificate() {
        ResourceResolver resourceResolver = null;
        InputStream inputStream = null;
        try {
            try {
                ResourceResolver administrativeResourceResolver = this.resourceResolverFactory.getAdministrativeResourceResolver(null);
                InputStream inputStream2 = (InputStream) ((ValueMap) administrativeResourceResolver.getResource(KEY_ROOT).adaptTo(ValueMap.class)).get(PUBLIC_CERT, InputStream.class);
                if (null == inputStream2) {
                    throw new RuntimeException("Public key has not been configured - please contact your administrator");
                }
                Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream2);
                if (null != inputStream2) {
                    try {
                        inputStream2.close();
                    } catch (IOException e) {
                    }
                }
                if (null != administrativeResourceResolver) {
                    administrativeResourceResolver.close();
                }
                return generateCertificate;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                    }
                }
                if (0 != 0) {
                    resourceResolver.close();
                }
                throw th;
            }
        } catch (CertificateException e3) {
            throw new RuntimeException("Error reading certificate", e3);
        } catch (LoginException e4) {
            throw new RuntimeException("Unable to retrieve admin resource resolver", e4);
        }
    }
}
