package com.liferay.saml.opensaml.integration.internal.metadata;

import com.liferay.portal.kernel.security.auth.CompanyThreadLocal;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.saml.opensaml.integration.internal.util.KeyStoreUtil;
import com.liferay.saml.persistence.service.SamlSpIdpConnectionLocalService;
import com.liferay.saml.runtime.SamlException;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import com.liferay.saml.runtime.credential.KeyStoreManager;
import com.liferay.saml.runtime.exception.CredentialAuthException;
import com.liferay.saml.runtime.exception.CredentialException;
import com.liferay.saml.runtime.exception.EntityIdException;
import com.liferay.saml.runtime.metadata.LocalEntityManager;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.xml.security.utils.Base64;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.security.x509.X509Credential;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(service = {LocalEntityManager.class})
/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/metadata/KeyStoreLocalEntityManager.class */
public class KeyStoreLocalEntityManager implements LocalEntityManager {

    @Reference
    private CredentialResolver _credentialResolver;

    @Reference(name = "KeyStoreManager", target = "(default=true)")
    private KeyStoreManager _keyStoreManager;

    @Reference
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;

    @Reference
    private SamlSpIdpConnectionLocalService _samlSpIdpConnectionLocalService;

    public void authenticateLocalEntityCertificate(String str, LocalEntityManager.CertificateUsage certificateUsage, String str2) throws CredentialAuthException, CredentialException {
        if ((certificateUsage == LocalEntityManager.CertificateUsage.ENCRYPTION ? KeyStoreUtil.getKeyStoreEntry(KeyStoreUtil.getAlias(str2, UsageType.ENCRYPTION), str, this._keyStoreManager) : KeyStoreUtil.getKeyStoreEntry(KeyStoreUtil.getAlias(str2, UsageType.SIGNING), str, this._keyStoreManager)) == null) {
            throw new CredentialException("Certificate not found");
        }
    }

    public void deleteLocalEntityCertificate(LocalEntityManager.CertificateUsage certificateUsage) throws KeyStoreException {
        KeyStore keyStore = this._keyStoreManager.getKeyStore();
        keyStore.deleteEntry(KeyStoreUtil.getAlias(getLocalEntityId(), _getUsageType(certificateUsage)));
        try {
            this._keyStoreManager.saveKeyStore(keyStore);
        } catch (Exception e) {
            throw new KeyStoreException(e);
        }
    }

    public String getEncodedLocalEntityCertificate(LocalEntityManager.CertificateUsage certificateUsage) throws SamlException {
        try {
            X509Certificate localEntityCertificate = getLocalEntityCertificate(certificateUsage);
            if (localEntityCertificate == null) {
                return null;
            }
            return Base64.encode(localEntityCertificate.getEncoded(), 76);
        } catch (CertificateEncodingException e) {
            throw new SamlException(e);
        }
    }

    public X509Certificate getLocalEntityCertificate(LocalEntityManager.CertificateUsage certificateUsage) throws SamlException {
        UsageType _getUsageType = _getUsageType(certificateUsage);
        if (_getUsageType == null) {
            return null;
        }
        String localEntityId = getLocalEntityId();
        if (Validator.isBlank(localEntityId)) {
            throw new SamlException(new EntityIdException("An Entity ID must be configured"));
        }
        try {
            X509Credential x509Credential = (X509Credential) this._credentialResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(localEntityId), new UsageCriterion(_getUsageType)));
            if (x509Credential == null) {
                return null;
            }
            return x509Credential.getEntityCertificate();
        } catch (ResolverException e) {
            throw new SamlException(e);
        }
    }

    public String getLocalEntityId() {
        return this._samlProviderConfigurationHelper.getSamlProviderConfiguration().entityId();
    }

    public boolean hasDefaultIdpRole() {
        return !this._samlSpIdpConnectionLocalService.getSamlSpIdpConnections(CompanyThreadLocal.getCompanyId().longValue()).isEmpty();
    }

    public void storeLocalEntityCertificate(PrivateKey privateKey, String str, X509Certificate x509Certificate, LocalEntityManager.CertificateUsage certificateUsage) throws Exception {
        KeyStore keyStore = this._keyStoreManager.getKeyStore();
        keyStore.setEntry(KeyStoreUtil.getAlias(getLocalEntityId(), _getUsageType(certificateUsage)), new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{x509Certificate}), new KeyStore.PasswordProtection(str.toCharArray()));
        this._keyStoreManager.saveKeyStore(keyStore);
    }

    private UsageType _getUsageType(LocalEntityManager.CertificateUsage certificateUsage) {
        UsageType usageType = null;
        if (certificateUsage == LocalEntityManager.CertificateUsage.ENCRYPTION) {
            usageType = UsageType.ENCRYPTION;
        } else if (certificateUsage == LocalEntityManager.CertificateUsage.SIGNING) {
            usageType = UsageType.SIGNING;
        }
        return usageType;
    }
}
