package org.cloudfoundry.identity.uaa.provider.saml;

import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import org.cloudfoundry.identity.uaa.util.KeyWithCert;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.cloudfoundry.identity.uaa.zone.SamlConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.saml.key.JKSKeyManager;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.7.0.jar:org/cloudfoundry/identity/uaa/provider/saml/SamlKeyManagerFactory.class */
public final class SamlKeyManagerFactory {
    protected static final Logger logger = LoggerFactory.getLogger((Class<?>) SamlKeyManagerFactory.class);

    private SamlKeyManagerFactory() {
    }

    public static KeyManager getKeyManager(SamlConfig samlConfig) {
        return getKeyManager(samlConfig.getPrivateKey(), samlConfig.getPrivateKeyPassword(), samlConfig.getCertificate());
    }

    public static KeyManager getKeyManager(String str, String str2, String str3) {
        if (!StringUtils.hasText(str)) {
            return null;
        }
        if (null == str2) {
            str2 = "";
        }
        try {
            KeyWithCert keyWithCert = new KeyWithCert(str, str2, str3);
            X509Certificate cert = keyWithCert.getCert();
            KeyPair pkey = keyWithCert.getPkey();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null);
            String str4 = "service-provider-cert-" + IdentityZoneHolder.get().getId();
            keyStore.setCertificateEntry(str4, cert);
            keyStore.setKeyEntry(str4, pkey.getPrivate(), str2.toCharArray(), new Certificate[]{cert});
            JKSKeyManager jKSKeyManager = new JKSKeyManager(keyStore, Collections.singletonMap(str4, str2), str4);
            if (null == jKSKeyManager) {
                throw new IllegalArgumentException("Could not load service provider certificate. Check serviceProviderKey and certificate parameters");
            }
            logger.info("Loaded service provider certificate " + jKSKeyManager.getDefaultCredentialName());
            return jKSKeyManager;
        } catch (Throwable th) {
            logger.error("Could not load certificate", th);
            throw new IllegalArgumentException("Could not load service provider certificate. Check serviceProviderKey and certificate parameters", th);
        }
    }
}
