package com.liferay.saml.opensaml.integration.internal.credential;

import com.liferay.saml.opensaml.integration.internal.util.KeyStoreUtil;
import com.liferay.saml.runtime.configuration.SamlProviderConfiguration;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import com.liferay.saml.runtime.credential.KeyStoreManager;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.credential.impl.AbstractCredentialResolver;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.security.x509.BasicX509Credential;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(service = {CredentialResolver.class})
/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/credential/KeyStoreCredentialResolver.class */
public class KeyStoreCredentialResolver extends AbstractCredentialResolver {

    @Reference(name = "KeyStoreManager", target = "(default=true)")
    private KeyStoreManager _keyStoreManager;

    @Reference
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.opensaml.security.credential.impl.AbstractCredentialResolver, net.shibboleth.utilities.java.support.resolver.Resolver
    public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws SecurityException {
        _checkCriteriaRequirements(criteriaSet);
        String entityId = ((EntityIdCriterion) criteriaSet.get(EntityIdCriterion.class)).getEntityId();
        SamlProviderConfiguration samlProviderConfiguration = this._samlProviderConfigurationHelper.getSamlProviderConfiguration();
        UsageCriterion usageCriterion = (UsageCriterion) criteriaSet.get(UsageCriterion.class);
        UsageType usageType = UsageType.UNSPECIFIED;
        if (usageCriterion != null) {
            usageType = usageCriterion.getUsage();
        }
        String str = null;
        if (entityId.equals(samlProviderConfiguration.entityId())) {
            str = usageType == UsageType.ENCRYPTION ? samlProviderConfiguration.keyStoreEncryptionCredentialPassword() : samlProviderConfiguration.keyStoreCredentialPassword();
        }
        KeyStore.Entry keyStoreEntry = KeyStoreUtil.getKeyStoreEntry(KeyStoreUtil.getAlias(entityId, usageType), str, this._keyStoreManager);
        return keyStoreEntry == null ? Collections.emptySet() : Collections.singleton(_buildCredential(keyStoreEntry, entityId, usageType));
    }

    private Credential _buildCredential(KeyStore.Entry entry, String str, UsageType usageType) {
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            return _processPrivateKeyEntry((KeyStore.PrivateKeyEntry) entry, str, usageType);
        }
        if (entry instanceof KeyStore.SecretKeyEntry) {
            return _processSecretKeyEntry((KeyStore.SecretKeyEntry) entry, str, usageType);
        }
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            return _processTrustedCertificateEntry((KeyStore.TrustedCertificateEntry) entry, str, usageType);
        }
        return null;
    }

    private void _checkCriteriaRequirements(CriteriaSet criteriaSet) {
        if (((EntityIdCriterion) criteriaSet.get(EntityIdCriterion.class)) == null) {
            throw new IllegalArgumentException("No entity ID criterion was available in criteria set");
        }
    }

    private Credential _processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String str, UsageType usageType) {
        BasicX509Credential basicX509Credential = new BasicX509Credential((X509Certificate) privateKeyEntry.getCertificate());
        basicX509Credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain()));
        basicX509Credential.setEntityId(str);
        basicX509Credential.setPrivateKey(privateKeyEntry.getPrivateKey());
        basicX509Credential.setUsageType(usageType);
        return basicX509Credential;
    }

    private Credential _processSecretKeyEntry(KeyStore.SecretKeyEntry secretKeyEntry, String str, UsageType usageType) {
        BasicCredential basicCredential = new BasicCredential(secretKeyEntry.getSecretKey());
        basicCredential.setEntityId(str);
        basicCredential.setUsageType(usageType);
        return basicCredential;
    }

    private Credential _processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertificateEntry, String str, UsageType usageType) {
        X509Certificate x509Certificate = (X509Certificate) trustedCertificateEntry.getTrustedCertificate();
        BasicX509Credential basicX509Credential = new BasicX509Credential(x509Certificate);
        basicX509Credential.setEntityCertificateChain(Arrays.asList(x509Certificate));
        basicX509Credential.setEntityId(str);
        basicX509Credential.setUsageType(usageType);
        return basicX509Credential;
    }
}
