package org.cloudfoundry.identity.uaa.provider.saml;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.cloudfoundry.identity.uaa.saml.SamlKey;
import org.cloudfoundry.identity.uaa.util.KeyWithCert;
import org.cloudfoundry.identity.uaa.zone.SamlConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.saml.key.JKSKeyManager;
import org.springframework.security.saml.key.KeyManager;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.12.4.jar:org/cloudfoundry/identity/uaa/provider/saml/SamlKeyManagerFactory.class */
public final class SamlKeyManagerFactory {
    protected static final Logger logger = LoggerFactory.getLogger((Class<?>) SamlKeyManagerFactory.class);

    private SamlKeyManagerFactory() {
    }

    public static KeyManager getKeyManager(SamlConfig samlConfig) {
        return getKeyManager(samlConfig.getKeys(), samlConfig.getActiveKeyId());
    }

    private static KeyManager getKeyManager(Map<String, SamlKey> map, String str) {
        if (map.get(str) == null) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null);
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, SamlKey> entry : map.entrySet()) {
                String str2 = (String) Optional.ofNullable(entry.getValue().getPassphrase()).orElse("");
                KeyWithCert keyWithCert = entry.getValue().getKey() == null ? new KeyWithCert(entry.getValue().getCertificate()) : new KeyWithCert(entry.getValue().getKey(), str2, entry.getValue().getCertificate());
                X509Certificate certificate = keyWithCert.getCertificate();
                String key = entry.getKey();
                keyStore.setCertificateEntry(key, certificate);
                PrivateKey privateKey = keyWithCert.getPrivateKey();
                if (privateKey != null) {
                    keyStore.setKeyEntry(key, privateKey, str2.toCharArray(), new Certificate[]{certificate});
                    hashMap.put(key, str2);
                }
            }
            JKSKeyManager jKSKeyManager = new JKSKeyManager(keyStore, hashMap, str);
            if (null == jKSKeyManager) {
                throw new IllegalArgumentException("Could not load service provider certificate. Check serviceProviderKey and certificate parameters");
            }
            logger.info("Loaded service provider certificate " + jKSKeyManager.getDefaultCredentialName());
            return jKSKeyManager;
        } catch (Throwable th) {
            logger.error("Could not load certificate", th);
            throw new IllegalArgumentException("Could not load service provider certificate. Check serviceProviderKey and certificate parameters", th);
        }
    }
}
