package org.wso2.carbon.identity.application.authenticator.samlsso.manager;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import javax.crypto.SecretKey;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialContextSet;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.X509Credential;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException;
import org.wso2.carbon.identity.application.authenticator.samlsso.internal.SAMLSSOAuthenticatorServiceDataHolder;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOErrorConstants;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.class */
public class X509CredentialImpl implements X509Credential {
    private PublicKey publicKey;
    private PrivateKey privateKey;
    private X509Certificate entityCertificate;
    private String entityId;
    private static KeyStore superTenantSignKeyStore = null;
    private static final Log log = LogFactory.getLog(X509CredentialImpl.class);
    public static final String SECURITY_SAML_SIGN_KEY_STORE_LOCATION = "Security.SAMLSignKeyStore.Location";
    public static final String SECURITY_SAML_SIGN_KEY_STORE_TYPE = "Security.SAMLSignKeyStore.Type";
    public static final String SECURITY_SAML_SIGN_KEY_STORE_PASSWORD = "Security.SAMLSignKeyStore.Password";
    public static final String SECURITY_SAML_SIGN_KEY_STORE_KEY_ALIAS = "Security.SAMLSignKeyStore.KeyAlias";
    public static final String SECURITY_SAML_SIGN_KEY_STORE_KEY_PASSWORD = "Security.SAMLSignKeyStore.KeyPassword";

    public X509CredentialImpl(String str, String str2) throws SAMLSSOException {
        PrivateKey defaultPrivateKey;
        X509Certificate defaultPrimaryCertificate;
        this.publicKey = null;
        this.privateKey = null;
        this.entityCertificate = null;
        this.entityId = "";
        if (str2 == null || str2.isEmpty()) {
            try {
                KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(SAMLSSOAuthenticatorServiceDataHolder.getInstance().getRealmService().getTenantManager().getTenantId(str));
                try {
                    try {
                        if (!str.equals("carbon.super")) {
                            FrameworkUtils.startTenantFlow(str);
                            String str3 = str.trim().replace(".", "-") + ".jks";
                            defaultPrivateKey = (PrivateKey) keyStoreManager.getPrivateKey(str3, str);
                            defaultPrimaryCertificate = (X509Certificate) keyStoreManager.getKeyStore(str3).getCertificate(str);
                        } else if (isSignKeyStoreConfigured()) {
                            if (log.isDebugEnabled()) {
                                log.debug("Initializing Key Data for super tenant using separate sign key store");
                            }
                            try {
                                if (superTenantSignKeyStore == null) {
                                    try {
                                        FileInputStream fileInputStream = new FileInputStream(ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_LOCATION));
                                        try {
                                            KeyStore keyStore = KeyStore.getInstance(ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_TYPE));
                                            keyStore.load(fileInputStream, ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_PASSWORD).toCharArray());
                                            superTenantSignKeyStore = keyStore;
                                            fileInputStream.close();
                                        } catch (Throwable th) {
                                            try {
                                                fileInputStream.close();
                                            } catch (Throwable th2) {
                                                th.addSuppressed(th2);
                                            }
                                            throw th;
                                        }
                                    } catch (FileNotFoundException e) {
                                        throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.UNABLE_TO_LOCATE_KEYSTORE.getCode(), SSOErrorConstants.ErrorMessages.UNABLE_TO_LOCATE_KEYSTORE.getMessage(), e);
                                    } catch (IOException e2) {
                                        throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.UNABLE_TO_READ_KEYSTORE.getCode(), SSOErrorConstants.ErrorMessages.UNABLE_TO_READ_KEYSTORE.getMessage(), e2);
                                    } catch (CertificateException e3) {
                                        throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.UNABLE_TO_READ_CERTIFICATE.getCode(), SSOErrorConstants.ErrorMessages.UNABLE_TO_READ_CERTIFICATE.getMessage(), e3);
                                    }
                                }
                                String firstProperty = ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_KEY_ALIAS);
                                Key key = superTenantSignKeyStore.getKey(firstProperty, ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_KEY_PASSWORD).toCharArray());
                                Certificate certificate = superTenantSignKeyStore.getCertificate(firstProperty);
                                if (!(key instanceof PrivateKey)) {
                                    throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.CONFIGURED_PRIVATE_KEY_IS_INVALID.getCode(), SSOErrorConstants.ErrorMessages.CONFIGURED_PRIVATE_KEY_IS_INVALID.getMessage());
                                }
                                defaultPrivateKey = (PrivateKey) key;
                                if (!(certificate instanceof X509Certificate)) {
                                    throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.CONFIGURED_PUBLIC_KEY_IS_INVALID.getCode(), SSOErrorConstants.ErrorMessages.CONFIGURED_PUBLIC_KEY_IS_INVALID.getMessage());
                                }
                                defaultPrimaryCertificate = (X509Certificate) certificate;
                            } catch (KeyStoreException e4) {
                                throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.UNABLE_TO_LOAD_KEYSTORE.getCode(), SSOErrorConstants.ErrorMessages.UNABLE_TO_LOAD_KEYSTORE.getMessage(), e4);
                            } catch (NoSuchAlgorithmException e5) {
                                throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.INVALID_ALGORITHM.getCode(), SSOErrorConstants.ErrorMessages.INVALID_ALGORITHM.getMessage(), e5);
                            } catch (UnrecoverableKeyException e6) {
                                throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.UNABLE_TO_LOAD_KEY.getCode(), SSOErrorConstants.ErrorMessages.UNABLE_TO_LOAD_KEY.getMessage(), e6);
                            }
                        } else {
                            defaultPrivateKey = keyStoreManager.getDefaultPrivateKey();
                            defaultPrimaryCertificate = keyStoreManager.getDefaultPrimaryCertificate();
                        }
                        if (defaultPrivateKey == null) {
                            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.CANNOT_FIND_THE_PRIVATE_KEY_FOR_TENANT.getCode(), String.format(SSOErrorConstants.ErrorMessages.CANNOT_FIND_THE_PRIVATE_KEY_FOR_TENANT.getMessage(), str));
                        }
                        this.privateKey = defaultPrivateKey;
                    } catch (Exception e7) {
                        throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.RETRIEVING_PRIVATE_KEY_AND_CERTIFICATE_FOR_TENANT_FAILED.getCode(), String.format(SSOErrorConstants.ErrorMessages.RETRIEVING_PRIVATE_KEY_AND_CERTIFICATE_FOR_TENANT_FAILED.getMessage(), str), e7);
                    }
                } finally {
                    if (!str.equals("carbon.super")) {
                        FrameworkUtils.endTenantFlow();
                    }
                }
            } catch (UserStoreException e8) {
                throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.RETRIEVING_TENANT_ID_FAILED.getCode(), String.format(SSOErrorConstants.ErrorMessages.RETRIEVING_TENANT_ID_FAILED.getMessage(), str), e8);
            }
        } else {
            try {
                defaultPrimaryCertificate = (X509Certificate) IdentityApplicationManagementUtil.decodeCertificate(str2);
            } catch (CertificateException e9) {
                throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.RETRIEVING_THE_CERTIFICATE_FAILED.getCode(), String.format("Error retrieving the certificate for alias %s", str2), e9);
            }
        }
        if (defaultPrimaryCertificate == null) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.CANNOT_FIND_THE_CERTIFICATE.getCode(), SSOErrorConstants.ErrorMessages.CANNOT_FIND_THE_CERTIFICATE.getMessage());
        }
        this.entityCertificate = defaultPrimaryCertificate;
        this.publicKey = defaultPrimaryCertificate.getPublicKey();
    }

    public X509CredentialImpl(X509Certificate x509Certificate, String str) {
        this.publicKey = null;
        this.privateKey = null;
        this.entityCertificate = null;
        this.entityId = "";
        this.publicKey = x509Certificate.getPublicKey();
        this.entityId = str;
    }

    private boolean isSignKeyStoreConfigured() {
        return StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_LOCATION)) && StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_TYPE)) && StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_PASSWORD)) && StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_KEY_ALIAS)) && StringUtils.isNotBlank(ServerConfiguration.getInstance().getFirstProperty(SECURITY_SAML_SIGN_KEY_STORE_KEY_PASSWORD));
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public X509Certificate getEntityCertificate() {
        return this.entityCertificate;
    }

    public Collection<X509CRL> getCRLs() {
        return CollectionUtils.EMPTY_COLLECTION;
    }

    public Collection<X509Certificate> getEntityCertificateChain() {
        return Collections.emptySet();
    }

    public CredentialContextSet getCredentialContextSet() {
        return null;
    }

    public Class<? extends Credential> getCredentialType() {
        return null;
    }

    public String getEntityId() {
        return this.entityId;
    }

    public Collection<String> getKeyNames() {
        return Collections.emptySet();
    }

    public SecretKey getSecretKey() {
        return null;
    }

    public UsageType getUsageType() {
        return UsageType.UNSPECIFIED;
    }
}
