package org.wso2.carbon.identity.relyingparty.saml;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.utils.Base64;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Exponent;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.KeyValue;
import org.opensaml.xml.signature.Modulus;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Element;
import org.wso2.carbon.identity.relyingparty.RelyingPartyException;

/* loaded from: input_file:org/wso2/carbon/identity/relyingparty/saml/X509CredentialUtil.class */
public class X509CredentialUtil {
    public static final BigInteger DEFAULT_EXPONENET = new BigInteger("65537");
    private static final Log log = LogFactory.getLog(X509CredentialUtil.class);

    private X509CredentialUtil() {
    }

    public static X509Credential loadCredentialFromTrustStore(String str, KeyStore keyStore) throws RelyingPartyException {
        X509CredentialImpl x509CredentialImpl = null;
        try {
            if (keyStore.containsAlias(str)) {
                x509CredentialImpl = new X509CredentialImpl((X509Certificate) keyStore.getCertificate(str));
            }
            return x509CredentialImpl;
        } catch (KeyStoreException e) {
            log.error("Error while loading credentials from trust store", e);
            throw new RelyingPartyException("Error while loading credentials from trust store", e);
        }
    }

    public static X509Credential loadCredentialFromSignature(Signature signature) throws RelyingPartyException {
        X509CredentialImpl x509CredentialImpl = null;
        KeyInfo keyInfo = signature.getKeyInfo();
        if (keyInfo == null) {
            return null;
        }
        try {
            List x509Datas = keyInfo.getX509Datas();
            List keyValues = keyInfo.getKeyValues();
            if (x509Datas.isEmpty()) {
                if (keyValues.isEmpty()) {
                    if (log.isDebugEnabled()) {
                        log.debug("unknown key info");
                    }
                } else {
                    if (keyValues.size() > 1) {
                        throw new RelyingPartyException("invalidKeyValueCount");
                    }
                    OMElement importNode = new OMDOMFactory().getDocument().importNode(((KeyValue) keyValues.get(0)).getRSAKeyValue().getDOM(), true);
                    Element firstChildWithName = importNode.getFirstChildWithName(Modulus.DEFAULT_ELEMENT_NAME);
                    Element firstChildWithName2 = importNode.getFirstChildWithName(Exponent.DEFAULT_ELEMENT_NAME);
                    x509CredentialImpl = new X509CredentialImpl(Base64.decodeBigIntegerFromElement(firstChildWithName), firstChildWithName2 != null ? Base64.decodeBigIntegerFromElement(firstChildWithName2) : DEFAULT_EXPONENET);
                }
            } else {
                if (x509Datas.size() > 1) {
                    throw new RelyingPartyException("invalidKeyValueCount");
                }
                Iterator it = ((X509Data) x509Datas.get(0)).getX509Certificates().iterator();
                while (it.hasNext()) {
                    x509CredentialImpl = new X509CredentialImpl((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.decode(((org.opensaml.xml.signature.X509Certificate) it.next()).getValue()))));
                }
            }
            return x509CredentialImpl;
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            log.error("Error while loading credentials from signature", e2);
            throw new RelyingPartyException("Error while loading credentials from signature", e2);
        }
    }
}
