package org.springframework.security.saml.key;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.opensaml.common.SAMLRuntimeException;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.CredentialResolver;
import org.opensaml.xml.security.credential.KeyStoreCredentialResolver;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-1.0.0.RC2.jar:org/springframework/security/saml/key/JKSKeyManager.class */
public class JKSKeyManager implements KeyManager {
    private final Logger log = LoggerFactory.getLogger(JKSKeyManager.class);
    private CredentialResolver credentialResolver;
    private KeyStore keyStore;
    private Set<String> availableKeys;
    private String defaultKey;

    public JKSKeyManager(KeyStore keyStore, Map<String, String> map, String str) {
        this.keyStore = keyStore;
        this.availableKeys = getAvailableKeys(keyStore);
        this.credentialResolver = new KeyStoreCredentialResolver(keyStore, map);
        this.defaultKey = str;
    }

    public JKSKeyManager(Resource resource, String str, Map<String, String> map, String str2) {
        this.keyStore = initialize(resource, str, SSL.DEFAULT_KEYSTORE_TYPE);
        this.availableKeys = getAvailableKeys(this.keyStore);
        this.credentialResolver = new KeyStoreCredentialResolver(this.keyStore, map);
        this.defaultKey = str2;
    }

    private Set<String> getAvailableKeys(KeyStore keyStore) {
        try {
            HashSet hashSet = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                hashSet.add(aliases.nextElement());
            }
            return hashSet;
        } catch (KeyStoreException e) {
            throw new RuntimeException("Unable to load aliases from keyStore", e);
        }
    }

    private KeyStore initialize(Resource resource, String str, String str2) {
        InputStream inputStream = null;
        try {
            try {
                inputStream = resource.getInputStream();
                KeyStore keyStore = KeyStore.getInstance(str2);
                keyStore.load(inputStream, str.toCharArray());
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        this.log.debug("Error closing input stream for keystore.", (Throwable) e);
                    }
                }
                return keyStore;
            } catch (Exception e2) {
                this.log.error("Error initializing key store", (Throwable) e2);
                throw new RuntimeException("Error initializing keystore", e2);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                    this.log.debug("Error closing input stream for keystore.", (Throwable) e3);
                }
            }
            throw th;
        }
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public X509Certificate getCertificate(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        try {
            return (X509Certificate) this.keyStore.getCertificate(str);
        } catch (Exception e) {
            this.log.error("Error loading certificate", (Throwable) e);
            return null;
        }
    }

    public PublicKey getPublicKey(String str) {
        X509Certificate certificate = getCertificate(str);
        if (certificate != null) {
            return certificate.getPublicKey();
        }
        return null;
    }

    @Override // org.opensaml.xml.security.Resolver
    public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws SecurityException {
        return this.credentialResolver.resolve(criteriaSet);
    }

    @Override // org.opensaml.xml.security.Resolver
    public Credential resolveSingle(CriteriaSet criteriaSet) throws SecurityException {
        return this.credentialResolver.resolveSingle(criteriaSet);
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public Credential getCredential(String str) {
        if (str == null) {
            str = this.defaultKey;
        }
        try {
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIDCriteria(str));
            return resolveSingle(criteriaSet);
        } catch (SecurityException e) {
            throw new SAMLRuntimeException("Can't obtain SP signing key", e);
        }
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public Credential getDefaultCredential() {
        return getCredential(null);
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public String getDefaultCredentialName() {
        return this.defaultKey;
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public Set<String> getAvailableCredentials() {
        return this.availableKeys;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }
}
