package org.nuxeo.ecm.platform.auth.saml.key;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;
import org.opensaml.common.SAMLRuntimeException;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.KeyStoreCredentialResolver;
import org.opensaml.xml.security.criteria.EntityIDCriteria;

/* loaded from: input_file:org/nuxeo/ecm/platform/auth/saml/key/KeyManagerImpl.class */
public class KeyManagerImpl extends DefaultComponent implements KeyManager {
    private static final Log log = LogFactory.getLog(KeyManagerImpl.class);
    private static final String KEYSTORE_TYPE = "JKS";
    KeyDescriptor config;
    private KeyStore keyStore;
    private KeyStoreCredentialResolver credentialResolver;
    private Set<String> availableCredentials;

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) {
        this.config = (KeyDescriptor) obj;
        setup();
    }

    private void setup() {
        if (this.config == null) {
            this.keyStore = null;
            this.credentialResolver = null;
            this.availableCredentials = null;
        } else {
            try {
                this.keyStore = getKeyStore(this.config.getKeystoreFilePath(), this.config.getKeystorePassword());
                this.credentialResolver = new KeyStoreCredentialResolver(this.keyStore, this.config.getPasswords());
            } catch (SecurityException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
    }

    private KeyStore getKeyStore(String str, String str2) throws SecurityException {
        try {
            File file = new File(str);
            if (!file.exists()) {
                throw new SecurityException("Unable to find keyStore at " + new File(".").getAbsolutePath() + File.separator + str);
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            keyStore.load(fileInputStream, str2.toCharArray());
            return keyStore;
        } catch (IOException | KeyStoreException e) {
            throw new SecurityException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityException(e2);
        } catch (CertificateException e3) {
            throw new SecurityException(e3);
        }
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) {
        this.config = null;
        setup();
    }

    @Override // org.nuxeo.ecm.platform.auth.saml.key.KeyManager
    public Credential getCredential(String str) {
        try {
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIDCriteria(str));
            return resolveSingle(criteriaSet);
        } catch (SecurityException e) {
            throw new SAMLRuntimeException("Can't obtain SP signing key", e);
        }
    }

    @Override // org.nuxeo.ecm.platform.auth.saml.key.KeyManager
    public Set<String> getAvailableCredentials() {
        if (this.availableCredentials != null) {
            return this.availableCredentials;
        }
        try {
            this.availableCredentials = new HashSet();
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                this.availableCredentials.add(aliases.nextElement());
            }
            return this.availableCredentials;
        } catch (KeyStoreException e) {
            throw new RuntimeException("Unable to load aliases from keyStore", e);
        }
    }

    @Override // org.nuxeo.ecm.platform.auth.saml.key.KeyManager
    public X509Certificate getCertificate(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        try {
            return (X509Certificate) this.keyStore.getCertificate(str);
        } catch (Exception e) {
            log.error("Error loading certificate", e);
            return null;
        }
    }

    @Override // org.nuxeo.ecm.platform.auth.saml.key.KeyManager
    public Credential getSigningCredential() {
        if (!hasCredentials() || this.config.getSigningKey() == null) {
            return null;
        }
        return getCredential(this.config.getSigningKey());
    }

    @Override // org.nuxeo.ecm.platform.auth.saml.key.KeyManager
    public Credential getEncryptionCredential() {
        if (!hasCredentials() || this.config.getEncryptionKey() == null) {
            return null;
        }
        return getCredential(this.config.getEncryptionKey());
    }

    @Override // org.nuxeo.ecm.platform.auth.saml.key.KeyManager
    public Credential getTlsCredential() {
        if (!hasCredentials() || this.config.getTlsKey() == null) {
            return null;
        }
        return getCredential(this.config.getTlsKey());
    }

    public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws SecurityException {
        return this.credentialResolver.resolve(criteriaSet);
    }

    public Credential resolveSingle(CriteriaSet criteriaSet) throws SecurityException {
        return this.credentialResolver.resolveSingle(criteriaSet);
    }

    private boolean hasCredentials() {
        return (this.config == null || this.credentialResolver == null) ? false : true;
    }
}
