package org.wso2.appserver.webapp.security.saml.signature;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import org.wso2.appserver.configuration.listeners.ServerConfigurationLoader;
import org.wso2.appserver.configuration.server.AppServerSecurity;
import org.wso2.appserver.configuration.server.ApplicationServerConfiguration;
import org.wso2.appserver.webapp.security.utils.SSOUtils;
import org.wso2.appserver.webapp.security.utils.exception.SSOException;

/* loaded from: input_file:org/wso2/appserver/webapp/security/saml/signature/SSOX509Credential.class */
public class SSOX509Credential {
    private PublicKey publicKey;
    private PrivateKey privateKey;
    private X509Certificate entityCertificate;
    private String idpCertificateAlias;
    private static SSOX509Credential ssoX509Credential;

    private SSOX509Credential(ApplicationServerConfiguration applicationServerConfiguration) throws SSOException {
        this.idpCertificateAlias = applicationServerConfiguration.getSingleSignOnConfiguration().getIdpCertificateAlias();
        readX509Credentials(applicationServerConfiguration.getSecurityConfiguration());
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public X509Certificate getEntityCertificate() {
        return this.entityCertificate;
    }

    public static synchronized SSOX509Credential getInstance() throws SSOException {
        if (ssoX509Credential == null) {
            ssoX509Credential = new SSOX509Credential(ServerConfigurationLoader.getServerConfiguration());
        }
        return ssoX509Credential;
    }

    private void readX509Credentials(AppServerSecurity appServerSecurity) throws SSOException {
        Optional generateKeyStore = SSOUtils.generateKeyStore();
        if (generateKeyStore.isPresent()) {
            KeyStore keyStore = (KeyStore) generateKeyStore.get();
            try {
                if (this.idpCertificateAlias != null) {
                    this.entityCertificate = (X509Certificate) keyStore.getCertificate(this.idpCertificateAlias);
                }
                if (appServerSecurity != null) {
                    try {
                        if (appServerSecurity.getKeystore() != null) {
                            String keyAlias = appServerSecurity.getKeystore().getKeyAlias();
                            String keyPassword = appServerSecurity.getKeystore().getKeyPassword();
                            if (keyAlias != null && keyPassword != null) {
                                this.privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyPassword.toCharArray());
                            }
                        }
                    } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                        throw new SSOException("Error occurred while retrieving the private key", e);
                    }
                }
                if (this.entityCertificate != null) {
                    this.publicKey = this.entityCertificate.getPublicKey();
                }
            } catch (KeyStoreException e2) {
                throw new SSOException("Error occurred while retrieving public certificate with certificateAlias " + this.idpCertificateAlias, e2);
            }
        }
    }
}
