package org.wso2.carbon.identity.sso.saml.builders;

import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Collections;
import javax.crypto.SecretKey;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialContextSet;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.X509Credential;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/builders/X509CredentialImpl.class */
public class X509CredentialImpl implements X509Credential {
    private PublicKey publicKey;
    private PrivateKey privateKey;
    private X509Certificate signingCert;
    private String entityId;
    private static KeyStore superTenantSignKeyStore = null;
    private static final Log log = LogFactory.getLog(X509CredentialImpl.class);
    private static final String SECURITY_SAML_SIGN_KEY_STORE_LOCATION = "Security.SAMLSignKeyStore.Location";
    private static final String SECURITY_SAML_SIGN_KEY_STORE_TYPE = "Security.SAMLSignKeyStore.Type";
    private static final String SECURITY_SAML_SIGN_KEY_STORE_PASSWORD = "Security.SAMLSignKeyStore.Password";
    private static final String SECURITY_SAML_SIGN_KEY_STORE_KEY_ALIAS = "Security.SAMLSignKeyStore.KeyAlias";
    private static final String SECURITY_SAML_SIGN_KEY_STORE_KEY_PASSWORD = "Security.SAMLSignKeyStore.KeyPassword";

    public X509CredentialImpl(String str) throws IdentityException {
        this.publicKey = null;
        this.privateKey = null;
        this.signingCert = null;
        this.entityId = "";
        try {
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(SAMLSSOUtil.getRealmService().getTenantManager().getTenantId(str));
            if (!"carbon.super".equals(str)) {
                initCredentialForTenant(str, keyStoreManager);
            } else if (isSignKeyStoreConfigured()) {
                initCredentialForSuperTenantFromSignKeyStore();
            } else {
                initCredentialFromSuperTenantKeyStore(keyStoreManager);
            }
            if (this.privateKey == null) {
                throw new IdentityException("Cannot find the private key for tenant " + str);
            }
            if (this.signingCert == null) {
                throw new IdentityException("Cannot find the certificate.");
            }
            this.publicKey = this.signingCert.getPublicKey();
        } catch (UserStoreException e) {
            throw new IdentityException("Exception occurred while retrieving Tenant ID from tenant domain " + str, e);
        }
    }

    private void initCredentialFromSuperTenantKeyStore(KeyStoreManager keyStoreManager) throws IdentityException {
        try {
            this.privateKey = keyStoreManager.getDefaultPrivateKey();
            this.signingCert = keyStoreManager.getDefaultPrimaryCertificate();
        } catch (Exception e) {
            throw new IdentityException("Error retrieving private key and the certificate for tenant carbon.super", e);
        }
    }

    private void initCredentialForSuperTenantFromSignKeyStore() throws IdentityException {
        if (log.isDebugEnabled()) {
            log.debug("Initializing Key Data for super tenant using separate sign key store.");
        }
        try {
            if (superTenantSignKeyStore == null) {
                initSuperTenantSignKeyStore();
            }
            String firstProperty = ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.KeyAlias");
            Key key = superTenantSignKeyStore.getKey(firstProperty, ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.KeyPassword").toCharArray());
            Certificate certificate = superTenantSignKeyStore.getCertificate(firstProperty);
            if (!(key instanceof PrivateKey)) {
                throw new IdentityException("Configured signing KeyStore private key is invalid.");
            }
            this.privateKey = (PrivateKey) key;
            if (!(certificate instanceof X509Certificate)) {
                throw new IdentityException("Configured signing KeyStore X509Certificate is invalid.");
            }
            this.signingCert = (X509Certificate) certificate;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new IdentityException("Unable to load signing keystore for tenant carbon.super", e);
        }
    }

    private void initSuperTenantSignKeyStore() throws IdentityException {
        try {
            FileInputStream fileInputStream = new FileInputStream(ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.Location"));
            try {
                KeyStore keyStore = KeyStore.getInstance(ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.Type"));
                keyStore.load(fileInputStream, ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.Password").toCharArray());
                superTenantSignKeyStore = keyStore;
                fileInputStream.close();
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new IdentityException("Unable to load keystore.", e);
        } catch (KeyStoreException e2) {
            throw new IdentityException("Unable to get an instance of keystore.", e2);
        }
    }

    private void initCredentialForTenant(String str, KeyStoreManager keyStoreManager) throws IdentityException {
        try {
            String str2 = str.trim().replace(".", "-") + ".jks";
            this.privateKey = (PrivateKey) keyStoreManager.getPrivateKey(str2, str);
            this.signingCert = (X509Certificate) keyStoreManager.getKeyStore(str2).getCertificate(str);
        } catch (Exception e) {
            throw new IdentityException("Error retrieving private key and the certificate for tenant " + str, e);
        }
    }

    private boolean isSignKeyStoreConfigured() {
        return StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.Location")) && StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.Type")) && StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.Password")) && StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.KeyAlias")) && StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty("Security.SAMLSignKeyStore.KeyPassword"));
    }

    public X509CredentialImpl(BigInteger bigInteger, BigInteger bigInteger2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        this.publicKey = null;
        this.privateKey = null;
        this.signingCert = null;
        this.entityId = "";
        this.publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2));
    }

    public X509CredentialImpl(X509Certificate x509Certificate) {
        this.publicKey = null;
        this.privateKey = null;
        this.signingCert = null;
        this.entityId = "";
        this.publicKey = x509Certificate.getPublicKey();
        this.signingCert = x509Certificate;
    }

    public X509CredentialImpl(X509Certificate x509Certificate, String str) {
        this(x509Certificate);
        this.entityId = str;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public X509Certificate getSigningCert() {
        return this.signingCert;
    }

    public X509Certificate getEntityCertificate() {
        return null;
    }

    public Collection<X509CRL> getCRLs() {
        return Collections.emptyList();
    }

    public Collection<X509Certificate> getEntityCertificateChain() {
        return Collections.emptyList();
    }

    public CredentialContextSet getCredentialContextSet() {
        return null;
    }

    public Class<? extends Credential> getCredentialType() {
        return X509Credential.class;
    }

    public String getEntityId() {
        return this.entityId;
    }

    public Collection<String> getKeyNames() {
        return Collections.emptyList();
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public SecretKey getSecretKey() {
        return null;
    }

    public UsageType getUsageType() {
        return UsageType.UNSPECIFIED;
    }
}
