package org.cloudfoundry.identity.uaa.login;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.ByteArrayInputStream;
import java.io.InputStreamReader;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PasswordFinder;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.saml.key.JKSKeyManager;
import org.springframework.security.saml.key.KeyManager;

/* loaded from: input_file:lib/cloudfoundry-identity-common-2.7.4.jar:org/cloudfoundry/identity/uaa/login/SamlLoginServerKeyManager.class */
public class SamlLoginServerKeyManager implements KeyManager {
    protected static final Logger logger = LoggerFactory.getLogger((Class<?>) SamlLoginServerKeyManager.class);
    private JKSKeyManager keyManager;

    /* loaded from: input_file:lib/cloudfoundry-identity-common-2.7.4.jar:org/cloudfoundry/identity/uaa/login/SamlLoginServerKeyManager$StringPasswordFinder.class */
    private class StringPasswordFinder implements PasswordFinder {
        private String password;

        public StringPasswordFinder(String str) {
            this.password = null;
            this.password = str;
        }

        @Override // org.bouncycastle.openssl.PasswordFinder
        public char[] getPassword() {
            return this.password.toCharArray();
        }
    }

    public SamlLoginServerKeyManager(String str, String str2, String str3) {
        this.keyManager = null;
        Security.addProvider(new BouncyCastleProvider());
        str2 = null == str2 ? "" : str2;
        try {
            X509Certificate x509Certificate = (X509Certificate) new PEMReader(new InputStreamReader(new ByteArrayInputStream(str3.getBytes()))).readObject();
            KeyPair keyPair = (KeyPair) new PEMReader(new InputStreamReader(new ByteArrayInputStream(str.getBytes())), new StringPasswordFinder(str2)).readObject();
            KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
            keyStore.load(null);
            keyStore.setCertificateEntry("service-provider-cert", x509Certificate);
            keyStore.setKeyEntry("service-provider-cert", keyPair.getPrivate(), str2.toCharArray(), new Certificate[]{x509Certificate});
            KeyManagerFactory.getInstance("SunX509").init(keyStore, str2.toCharArray());
            this.keyManager = new JKSKeyManager(keyStore, Collections.singletonMap("service-provider-cert", str2), "service-provider-cert");
            if (null == this.keyManager) {
                throw new IllegalArgumentException("Could not load service provider certificate. Check serviceProviderKey and certificate parameters");
            }
            logger.info("Loaded service provider certificate " + this.keyManager.getDefaultCredentialName());
        } catch (Throwable th) {
            logger.error("Could not load certificate", th);
            throw new IllegalArgumentException("Could not load service provider certificate. Check serviceProviderKey and certificate parameters", th);
        }
    }

    @Override // org.opensaml.xml.security.Resolver
    public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws SecurityException {
        return this.keyManager.resolve(criteriaSet);
    }

    @Override // org.opensaml.xml.security.Resolver
    public Credential resolveSingle(CriteriaSet criteriaSet) throws SecurityException {
        return this.keyManager.resolveSingle(criteriaSet);
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public Credential getCredential(String str) {
        return this.keyManager.getCredential(str);
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public Credential getDefaultCredential() {
        return this.keyManager.getDefaultCredential();
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public String getDefaultCredentialName() {
        return this.keyManager.getDefaultCredentialName();
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public Set<String> getAvailableCredentials() {
        return this.keyManager.getAvailableCredentials();
    }

    @Override // org.springframework.security.saml.key.KeyManager
    public X509Certificate getCertificate(String str) {
        return this.keyManager.getCertificate(str);
    }
}
