package org.springframework.security.saml.spi;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.UUID;
import org.springframework.security.saml.SamlKeyException;
import org.springframework.security.saml.key.SimpleKey;
import org.springframework.security.saml.util.X509Utilities;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/saml/spi/SamlKeyStoreProvider.class */
public interface SamlKeyStoreProvider {
    public static final char[] DEFAULT_KS_PASSWD = ("ks-" + UUID.randomUUID().toString()).toCharArray();

    default KeyStore getKeyStore(SimpleKey simpleKey) {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, DEFAULT_KS_PASSWD);
            X509Certificate certificate = X509Utilities.getCertificate(X509Utilities.getDER(simpleKey.getCertificate()));
            keyStore.setCertificateEntry(simpleKey.getName(), certificate);
            if (StringUtils.hasText(simpleKey.getPrivateKey())) {
                keyStore.setKeyEntry(simpleKey.getName(), X509Utilities.readPrivateKey(simpleKey.getPrivateKey(), simpleKey.getPassphrase()), simpleKey.getPassphrase().toCharArray(), new Certificate[]{certificate});
            }
            return keyStore;
        } catch (IOException e) {
            throw new SamlKeyException(e);
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new SamlKeyException(e2);
        }
    }
}
