package org.wso2.carbon.identity.sso.agent.saml;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import org.wso2.carbon.identity.sso.agent.exception.SSOAgentException;
import org.wso2.carbon.identity.sso.agent.util.SSOAgentConfigs;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.sso.agent-5.1.1.jar:org/wso2/carbon/identity/sso/agent/saml/SSOAgentKeyStoreCredential.class */
public class SSOAgentKeyStoreCredential implements SSOAgentCredential {
    private static PublicKey publicKey = null;
    private static PrivateKey privateKey = null;
    private static X509Certificate entityCertificate = null;

    private static void readX509Credentials() throws SSOAgentException {
        String privateKeyAlias = SSOAgentConfigs.getPrivateKeyAlias();
        String privateKeyPassword = SSOAgentConfigs.getPrivateKeyPassword();
        String idPCertAlias = SSOAgentConfigs.getIdPCertAlias();
        KeyStore keyStore = SSOAgentConfigs.getKeyStore();
        PrivateKey privateKey2 = null;
        if (privateKeyAlias != null) {
            try {
                if (SSOAgentConfigs.isRequestSigned()) {
                    privateKey2 = (PrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray());
                    if (privateKey2 == null) {
                        throw new SSOAgentException("RequestSigning is enabled, but cannot find private key with the alias " + privateKeyAlias + " in the key store");
                    }
                }
            } catch (KeyStoreException e) {
                throw new SSOAgentException("Error when reading keystore", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SSOAgentException("Error when reading keystore", e2);
            } catch (UnrecoverableKeyException e3) {
                throw new SSOAgentException("Error when reading keystore", e3);
            }
        }
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(idPCertAlias);
        if (x509Certificate == null) {
            throw new SSOAgentException("Cannot find IDP certificate with the alias " + idPCertAlias + " in the trust store");
        }
        publicKey = x509Certificate.getPublicKey();
        privateKey = privateKey2;
        entityCertificate = x509Certificate;
    }

    @Override // org.wso2.carbon.identity.sso.agent.saml.SSOAgentCredential
    public void init() throws SSOAgentException {
        readX509Credentials();
    }

    @Override // org.wso2.carbon.identity.sso.agent.saml.SSOAgentCredential
    public PublicKey getPublicKey() {
        return publicKey;
    }

    @Override // org.wso2.carbon.identity.sso.agent.saml.SSOAgentCredential
    public PrivateKey getPrivateKey() {
        return privateKey;
    }

    @Override // org.wso2.carbon.identity.sso.agent.saml.SSOAgentCredential
    public X509Certificate getEntityCertificate() {
        return entityCertificate;
    }
}
