package net.shibboleth.tool.xmlsectool;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/tool/xmlsectool/CredentialHelper.class */
public final class CredentialHelper {
    private static final Logger LOG = LoggerFactory.getLogger(CredentialHelper.class);

    private CredentialHelper() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicX509Credential getFileBasedCredentials(String str, String str2, String str3) throws KeyException, CertificateException {
        LOG.debug("Reading PEM/DER encoded credentials from the filesystem");
        LOG.debug("Reading certificates from file {}", str3);
        Collection decodeCertificates = X509Support.decodeCertificates(new File(str3));
        BasicX509Credential basicX509Credential = new BasicX509Credential((X509Certificate) decodeCertificates.iterator().next());
        basicX509Credential.setEntityCertificateChain(decodeCertificates);
        LOG.debug("Certificates successfully read");
        if (str != null) {
            LOG.debug("Reading private key from file {}", str);
            if (str2 == null) {
                basicX509Credential.setPrivateKey(KeySupport.decodePrivateKey(new File(str), (char[]) null));
            } else {
                basicX509Credential.setPrivateKey(KeySupport.decodePrivateKey(new File(str), str2.toCharArray()));
            }
            LOG.debug("Private key succesfully read");
        }
        return basicX509Credential;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicX509Credential getKeystoreCredential(String str, String str2, String str3, String str4, String str5, String str6) throws IOException, GeneralSecurityException {
        LOG.debug("Reading credentials from keystore");
        String str7 = str4;
        if (str7 == null) {
            str7 = KeyStore.getDefaultType();
        }
        String str8 = str2;
        if (str8 == null) {
            str8 = str6;
        }
        KeyStore keyStore = str3 != null ? KeyStore.getInstance(str7, str3) : KeyStore.getInstance(str7);
        keyStore.load(new FileInputStream(str), str8.toCharArray());
        return getCredentialFromKeystore(keyStore, str5, str6);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicX509Credential getPKCS11Credential(String str, String str2, String str3, String str4) throws IOException, GeneralSecurityException {
        KeyStore keyStore;
        LOG.debug("Install PKCS11 provider");
        try {
            if (str != null) {
                LOG.debug("Creating PKCS11 keystore with provider {} and configuration file {}", str, str2);
                Provider provider = (Provider) CredentialHelper.class.getClassLoader().loadClass(str).getConstructor(String.class).newInstance(str2);
                provider.load(new FileInputStream(str2));
                Security.addProvider(provider);
                keyStore = KeyStore.getInstance("PKCS11", provider);
            } else {
                LOG.debug("Creating PKCS11 keystore with system wide provider and configuration file");
                keyStore = KeyStore.getInstance("PKCS11");
            }
            LOG.debug("Initializing PKCS11 keystore");
            keyStore.load(null, str4.toCharArray());
            return getCredentialFromKeystore(keyStore, str3, str4);
        } catch (ClassNotFoundException e) {
            LOG.error("Unable to load keystore provider class: " + str);
            throw new Terminator(ReturnCode.RC_INIT);
        } catch (NoSuchMethodException e2) {
            LOG.error("Keystore provider class does not provide a String-argument constructor");
            throw new Terminator(ReturnCode.RC_INIT);
        } catch (Exception e3) {
            LOG.error("Unable to read PKCS11 keystore", e3);
            throw new IOException("Unable to read PKCS11 keystore", e3);
        }
    }

    protected static BasicX509Credential getCredentialFromKeystore(KeyStore keyStore, String str, String str2) throws GeneralSecurityException {
        BasicX509Credential basicX509Credential;
        KeyStore.Entry entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(str2.toCharArray()));
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            List asList = Arrays.asList(privateKeyEntry.getCertificateChain());
            basicX509Credential = new BasicX509Credential((X509Certificate) privateKeyEntry.getCertificate());
            basicX509Credential.setEntityCertificateChain(asList);
            basicX509Credential.setPrivateKey(privateKeyEntry.getPrivateKey());
        } else {
            if (!(entry instanceof KeyStore.TrustedCertificateEntry)) {
                throw new CertificateException("unknown type of key entry in keystore");
            }
            basicX509Credential = new BasicX509Credential((X509Certificate) ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate());
        }
        LOG.debug("Successfully read credentials from keystore");
        return basicX509Credential;
    }
}
