package edu.internet2.middleware.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509Util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/internet2/middleware/security/CredentialHelper.class */
public class CredentialHelper {
    private static final Logger LOG = LoggerFactory.getLogger(CredentialHelper.class);

    public static X509TrustManager buildNoTrustTrustManager() {
        return new X509TrustManager() { // from class: edu.internet2.middleware.security.CredentialHelper.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicX509Credential getFileBasedCredentials(String str, String str2, String str3) throws KeyException, CertificateException {
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        LOG.debug("Reading PEM/DER encoded credentials from the filesystem");
        if (str != null) {
            LOG.debug("Reading private key from file {}", str);
            if (str2 == null) {
                basicX509Credential.setPrivateKey(SecurityHelper.decodePrivateKey(new File(str), (char[]) null));
            } else {
                basicX509Credential.setPrivateKey(SecurityHelper.decodePrivateKey(new File(str), str2.toCharArray()));
            }
            LOG.debug("Private key succesfully read");
        }
        LOG.debug("Reading certificates from file {}", str3);
        basicX509Credential.setEntityCertificateChain(X509Util.decodeCertificate(new File(str3)));
        basicX509Credential.setEntityCertificate((X509Certificate) basicX509Credential.getEntityCertificateChain().iterator().next());
        basicX509Credential.setPublicKey(basicX509Credential.getEntityCertificate().getPublicKey());
        LOG.debug("Certificates successfully");
        return basicX509Credential;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicX509Credential getKeystoreCredential(String str, String str2, String str3, String str4, String str5, String str6) throws IOException, GeneralSecurityException {
        LOG.debug("Reading credentials from keystore");
        String str7 = str4;
        if (str7 == null) {
            str7 = KeyStore.getDefaultType();
        }
        String str8 = str2;
        if (str8 == null) {
            str8 = str6;
        }
        KeyStore keyStore = str3 != null ? KeyStore.getInstance(str7, str3) : KeyStore.getInstance(str7);
        keyStore.load(new FileInputStream(str), str8.toCharArray());
        return getCredentialFromKeystore(keyStore, str5, str6);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicX509Credential getPKCS11Credential(String str, String str2, String str3, String str4) throws IOException, GeneralSecurityException {
        LOG.debug("Install PKCS11 provider");
        KeyStore keyStore = null;
        try {
            if (str != null) {
                LOG.debug("Creating PKCS11 keystore with provider {} and configuration file {}", str, str2);
                Provider provider = (Provider) XmlSecTool.class.getClassLoader().loadClass(str).getConstructor(String.class).newInstance(str2);
                provider.load(new FileInputStream(str2));
                Security.addProvider(provider);
                keyStore = KeyStore.getInstance("PKCS11", provider);
            } else {
                LOG.debug("Creating PKCS11 keystore with system wide provider and configuration file");
                keyStore = KeyStore.getInstance("PKCS11");
            }
        } catch (ClassNotFoundException e) {
            LOG.error("Unable to load keystore provider class: " + str);
            System.exit(1);
        } catch (NoSuchMethodException e2) {
            LOG.error("Keystore provider class does not provide a default, no-argument, constructor");
            System.exit(1);
        } catch (Exception e3) {
            LOG.error("Unable to read PKCS12 keystore", e3);
            throw new IOException("Unable to read PKCS12 keystore", e3);
        }
        LOG.debug("Initializing PKCS11 keystore");
        keyStore.load(null, str4.toCharArray());
        return getCredentialFromKeystore(keyStore, str3, str4);
    }

    protected static BasicX509Credential getCredentialFromKeystore(KeyStore keyStore, String str, String str2) throws GeneralSecurityException {
        KeyStore.Entry entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(str2.toCharArray()));
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            List asList = Arrays.asList(privateKeyEntry.getCertificateChain());
            basicX509Credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate());
            basicX509Credential.setEntityCertificateChain(asList);
            basicX509Credential.setPrivateKey(privateKeyEntry.getPrivateKey());
            basicX509Credential.setPublicKey(privateKeyEntry.getCertificate().getPublicKey());
        } else if (entry instanceof KeyStore.TrustedCertificateEntry) {
            basicX509Credential.setEntityCertificate((X509Certificate) ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate());
            basicX509Credential.setPublicKey(basicX509Credential.getEntityCertificate().getPublicKey());
        }
        LOG.debug("Successfully read credentials from keystore");
        return basicX509Credential;
    }
}
