package org.opensaml.xml.security.credential;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.UnrecoverableEntryException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/xmltooling-1.4.6.jar:org/opensaml/xml/security/credential/KeyStoreCredentialResolver.class */
public class KeyStoreCredentialResolver extends AbstractCriteriaFilteringCredentialResolver {
    private final Logger log;
    private KeyStore keyStore;
    private Map<String, String> keyPasswords;
    private UsageType keystoreUsage;

    public KeyStoreCredentialResolver(KeyStore keyStore, Map<String, String> map) throws IllegalArgumentException {
        this(keyStore, map, null);
    }

    public KeyStoreCredentialResolver(KeyStore keyStore, Map<String, String> map, UsageType usageType) throws IllegalArgumentException {
        this.log = LoggerFactory.getLogger(KeyStoreCredentialResolver.class);
        if (keyStore == null) {
            throw new IllegalArgumentException("Provided key store may not be null.");
        }
        try {
            keyStore.size();
            this.keyStore = keyStore;
            if (usageType != null) {
                this.keystoreUsage = usageType;
            } else {
                this.keystoreUsage = UsageType.UNSPECIFIED;
            }
            this.keyPasswords = map;
        } catch (KeyStoreException e) {
            throw new IllegalArgumentException("Keystore has not been initialized.");
        }
    }

    @Override // org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
    protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
        checkCriteriaRequirements(criteriaSet);
        String entityID = ((EntityIDCriteria) criteriaSet.get(EntityIDCriteria.class)).getEntityID();
        UsageCriteria usageCriteria = (UsageCriteria) criteriaSet.get(UsageCriteria.class);
        UsageType usage = usageCriteria != null ? usageCriteria.getUsage() : UsageType.UNSPECIFIED;
        if (!matchUsage(this.keystoreUsage, usage)) {
            this.log.debug("Specified usage criteria {} does not match keystore usage {}", usage, this.keystoreUsage);
            this.log.debug("Can not resolve credentials from this keystore");
            return Collections.emptySet();
        }
        KeyStore.PasswordProtection passwordProtection = null;
        if (this.keyPasswords.containsKey(entityID)) {
            passwordProtection = new KeyStore.PasswordProtection(this.keyPasswords.get(entityID).toCharArray());
        }
        try {
            KeyStore.Entry entry = this.keyStore.getEntry(entityID, passwordProtection);
            if (entry != null) {
                return Collections.singleton(buildCredential(entry, entityID, this.keystoreUsage));
            }
            this.log.debug("Keystore entry for entity ID (keystore alias) {} does not exist", entityID);
            return Collections.emptySet();
        } catch (UnrecoverableEntryException e) {
            this.log.error("Unable to retrieve keystore entry for entityID (keystore alias): " + entityID);
            this.log.error("Check for invalid keystore entityID/alias entry password");
            throw new SecurityException("Could not retrieve entry from keystore", e);
        } catch (GeneralSecurityException e2) {
            this.log.error("Unable to retrieve keystore entry for entityID (keystore alias): " + entityID, (Throwable) e2);
            throw new SecurityException("Could not retrieve entry from keystore", e2);
        }
    }

    protected void checkCriteriaRequirements(CriteriaSet criteriaSet) {
        if (((EntityIDCriteria) criteriaSet.get(EntityIDCriteria.class)) == null) {
            this.log.error("EntityIDCriteria was not specified in the criteria set, resolution can not be attempted");
            throw new IllegalArgumentException("No EntityIDCriteria was available in criteria set");
        }
    }

    protected boolean matchUsage(UsageType usageType, UsageType usageType2) {
        return usageType == UsageType.UNSPECIFIED || usageType2 == UsageType.UNSPECIFIED || usageType == usageType2;
    }

    protected Credential buildCredential(KeyStore.Entry entry, String str, UsageType usageType) throws SecurityException {
        X509Credential processSecretKeyEntry;
        this.log.debug("Building credential from keystore entry for entityID {}, usage type {}", str, usageType);
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            processSecretKeyEntry = processPrivateKeyEntry((KeyStore.PrivateKeyEntry) entry, str, this.keystoreUsage);
        } else if (entry instanceof KeyStore.TrustedCertificateEntry) {
            processSecretKeyEntry = processTrustedCertificateEntry((KeyStore.TrustedCertificateEntry) entry, str, this.keystoreUsage);
        } else {
            if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                throw new SecurityException("KeyStore entry was of an unsupported type: " + entry.getClass().getName());
            }
            processSecretKeyEntry = processSecretKeyEntry((KeyStore.SecretKeyEntry) entry, str, this.keystoreUsage);
        }
        return processSecretKeyEntry;
    }

    protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertificateEntry, String str, UsageType usageType) {
        this.log.debug("Processing TrustedCertificateEntry from keystore");
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        basicX509Credential.setEntityId(str);
        basicX509Credential.setUsageType(usageType);
        X509Certificate x509Certificate = (X509Certificate) trustedCertificateEntry.getTrustedCertificate();
        basicX509Credential.setEntityCertificate(x509Certificate);
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        basicX509Credential.setEntityCertificateChain(arrayList);
        return basicX509Credential;
    }

    protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String str, UsageType usageType) {
        this.log.debug("Processing PrivateKeyEntry from keystore");
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        basicX509Credential.setEntityId(str);
        basicX509Credential.setUsageType(usageType);
        basicX509Credential.setPrivateKey(privateKeyEntry.getPrivateKey());
        basicX509Credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate());
        basicX509Credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain()));
        return basicX509Credential;
    }

    protected Credential processSecretKeyEntry(KeyStore.SecretKeyEntry secretKeyEntry, String str, UsageType usageType) {
        this.log.debug("Processing SecretKeyEntry from keystore");
        BasicCredential basicCredential = new BasicCredential();
        basicCredential.setEntityId(str);
        basicCredential.setUsageType(usageType);
        basicCredential.setSecretKey(secretKeyEntry.getSecretKey());
        return basicCredential;
    }
}
