package org.apache.nifi.web.security.saml2.registration;

import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.Saml2X509Credential;

/* loaded from: input_file:org/apache/nifi/web/security/saml2/registration/StandardSaml2CredentialProvider.class */
public class StandardSaml2CredentialProvider implements Saml2CredentialProvider {
    @Override // org.apache.nifi.web.security.saml2.registration.Saml2CredentialProvider
    public Collection<Saml2X509Credential> getCredentials(KeyStore keyStore, char[] cArr) {
        Objects.requireNonNull(keyStore, "Key Store required");
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    processKeyEntry(keyStore, nextElement, cArr, arrayList);
                } else if (keyStore.isCertificateEntry(nextElement)) {
                    processCertificateEntry(keyStore, nextElement, arrayList);
                }
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new Saml2Exception("Loading SAML Credentials failed", e);
        }
    }

    private Key getKey(KeyStore keyStore, String str, char[] cArr) {
        try {
            return keyStore.getKey(str, cArr);
        } catch (GeneralSecurityException e) {
            throw new Saml2Exception(String.format("Loading Key [%s] failed", str), e);
        }
    }

    private void processKeyEntry(KeyStore keyStore, String str, char[] cArr, List<Saml2X509Credential> list) throws KeyStoreException {
        Key key = getKey(keyStore, str, cArr);
        if (key instanceof PrivateKey) {
            PrivateKey privateKey = (PrivateKey) key;
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate instanceof X509Certificate) {
                list.add(new Saml2X509Credential(privateKey, (X509Certificate) certificate, new Saml2X509Credential.Saml2X509CredentialType[]{Saml2X509Credential.Saml2X509CredentialType.SIGNING, Saml2X509Credential.Saml2X509CredentialType.DECRYPTION}));
            }
        }
    }

    private void processCertificateEntry(KeyStore keyStore, String str, List<Saml2X509Credential> list) throws KeyStoreException {
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate instanceof X509Certificate) {
            list.add(new Saml2X509Credential((X509Certificate) certificate, new Saml2X509Credential.Saml2X509CredentialType[]{Saml2X509Credential.Saml2X509CredentialType.VERIFICATION, Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION}));
        }
    }
}
