package org.wso2.carbon.identity.sso.saml.builders;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import javax.crypto.SecretKey;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.CredentialContextSet;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.x509.X509Credential;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.security.keystore.KeyStoreAdmin;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/builders/SignKeyDataHolder.class */
public class SignKeyDataHolder implements X509Credential {
    private static final String DSA_ENCRYPTION_ALGORITHM = "DSA";
    public static final String SECURITY_KEY_STORE_KEY_ALIAS = "Security.KeyStore.KeyAlias";
    private String signatureAlgorithm;
    private X509Certificate[] issuerCerts;
    private PrivateKey issuerPK;

    public SignKeyDataHolder(String str) throws IdentityException {
        String str2;
        int tenantId;
        this.signatureAlgorithm = null;
        this.issuerCerts = null;
        this.issuerPK = null;
        try {
            String userTenantDomain = SAMLSSOUtil.getUserTenantDomain();
            String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            userTenantDomain = userTenantDomain == null ? tenantDomain : userTenantDomain;
            if (!SAMLSSOUtil.isSaaSApplication() && !tenantDomain.equalsIgnoreCase(userTenantDomain)) {
                throw new IdentityException("Service Provider tenant domain must be equal to user tenant domain for non-SaaS applications");
            }
            String property = IdentityUtil.getProperty(SAMLSSOConstants.FileBasedSPConfig.USE_AUTHENTICATED_USER_DOMAIN_CRYPTO);
            if (property == null || !"true".equalsIgnoreCase(property.trim())) {
                str2 = tenantDomain;
                tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
            } else {
                str2 = userTenantDomain;
                tenantId = SAMLSSOUtil.getRealmService().getTenantManager().getTenantId(str2);
            }
            IdentityTenantUtil.initializeRegistry(tenantId, str2);
            if (tenantId != -1234) {
                String generateKSNameFromDomainName = SAMLSSOUtil.generateKSNameFromDomainName(str2);
                KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
                KeyStore keyStore = keyStoreManager.getKeyStore(generateKSNameFromDomainName);
                this.issuerPK = (PrivateKey) keyStoreManager.getPrivateKey(generateKSNameFromDomainName, str2);
                Certificate[] certificateChain = keyStore.getCertificateChain(str2);
                this.issuerCerts = new X509Certificate[certificateChain.length];
                int i = 0;
                for (Certificate certificate : certificateChain) {
                    int i2 = i;
                    i++;
                    this.issuerCerts[i2] = (X509Certificate) certificate;
                }
                this.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
                if (DSA_ENCRYPTION_ALGORITHM.equalsIgnoreCase(this.issuerCerts[0].getPublicKey().getAlgorithm())) {
                    this.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
                }
            } else {
                String firstProperty = ServerConfiguration.getInstance().getFirstProperty(SECURITY_KEY_STORE_KEY_ALIAS);
                KeyStoreAdmin keyStoreAdmin = new KeyStoreAdmin(tenantId, SAMLSSOUtil.getRegistryService().getGovernanceSystemRegistry());
                KeyStoreManager keyStoreManager2 = KeyStoreManager.getInstance(tenantId);
                this.issuerPK = (PrivateKey) keyStoreAdmin.getPrivateKey(firstProperty, true);
                Certificate[] certificateChain2 = keyStoreManager2.getPrimaryKeyStore().getCertificateChain(firstProperty);
                this.issuerCerts = new X509Certificate[certificateChain2.length];
                int i3 = 0;
                for (Certificate certificate2 : certificateChain2) {
                    int i4 = i3;
                    i3++;
                    this.issuerCerts[i4] = (X509Certificate) certificate2;
                }
                this.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
                if (DSA_ENCRYPTION_ALGORITHM.equalsIgnoreCase(this.issuerCerts[0].getPublicKey().getAlgorithm())) {
                    this.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
                }
            }
        } catch (Exception e) {
            throw new IdentityException(e.getMessage(), e);
        }
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public void setSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
    }

    public Collection<X509CRL> getCRLs() {
        return Collections.emptyList();
    }

    public X509Certificate getEntityCertificate() {
        return this.issuerCerts[0];
    }

    public Collection<X509Certificate> getEntityCertificateChain() {
        return Arrays.asList(this.issuerCerts);
    }

    public CredentialContextSet getCredentalContextSet() {
        return null;
    }

    public Class<? extends Credential> getCredentialType() {
        return null;
    }

    public String getEntityId() {
        return null;
    }

    public Collection<String> getKeyNames() {
        return Collections.emptyList();
    }

    public PrivateKey getPrivateKey() {
        return this.issuerPK;
    }

    public PublicKey getPublicKey() {
        return this.issuerCerts[0].getPublicKey();
    }

    public SecretKey getSecretKey() {
        return null;
    }

    public UsageType getUsageType() {
        return null;
    }
}
