package org.keycloak.adapters.saml.config.parsers;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.HashSet;
import java.util.Set;
import org.keycloak.adapters.saml.DefaultSamlDeployment;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.saml.config.Key;
import org.keycloak.adapters.saml.config.KeycloakSamlAdapter;
import org.keycloak.adapters.saml.config.SP;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.common.util.PemUtils;
import org.keycloak.saml.SignatureAlgorithm;
import org.keycloak.saml.common.exceptions.ParsingException;

/* loaded from: input_file:org/keycloak/adapters/saml/config/parsers/DeploymentBuilder.class */
public class DeploymentBuilder {
    public SamlDeployment build(InputStream inputStream, ResourceLoader resourceLoader) throws ParsingException {
        PrivateKey decodePrivateKey;
        PublicKey publicKeyFromPem;
        DefaultSamlDeployment defaultSamlDeployment = new DefaultSamlDeployment();
        DefaultSamlDeployment.DefaultIDP defaultIDP = new DefaultSamlDeployment.DefaultIDP();
        DefaultSamlDeployment.DefaultSingleSignOnService defaultSingleSignOnService = new DefaultSamlDeployment.DefaultSingleSignOnService();
        DefaultSamlDeployment.DefaultSingleLogoutService defaultSingleLogoutService = new DefaultSamlDeployment.DefaultSingleLogoutService();
        defaultIDP.setSingleSignOnService(defaultSingleSignOnService);
        defaultIDP.setSingleLogoutService(defaultSingleLogoutService);
        SP sp = ((KeycloakSamlAdapter) new KeycloakSamlAdapterXMLParser().parse(inputStream)).getSps().get(0);
        defaultSamlDeployment.setConfigured(true);
        defaultSamlDeployment.setEntityID(sp.getEntityID());
        defaultSamlDeployment.setForceAuthentication(sp.isForceAuthentication());
        defaultSamlDeployment.setIsPassive(sp.isIsPassive());
        defaultSamlDeployment.setNameIDPolicyFormat(sp.getNameIDPolicyFormat());
        defaultSamlDeployment.setLogoutPage(sp.getLogoutPage());
        defaultSamlDeployment.setSignatureCanonicalizationMethod(sp.getIdp().getSignatureCanonicalizationMethod());
        defaultSamlDeployment.setSignatureAlgorithm(SignatureAlgorithm.RSA_SHA256);
        if (sp.getIdp().getSignatureAlgorithm() != null) {
            defaultSamlDeployment.setSignatureAlgorithm(SignatureAlgorithm.valueOf(sp.getIdp().getSignatureAlgorithm()));
        }
        if (sp.getPrincipalNameMapping() != null) {
            defaultSamlDeployment.setPrincipalNamePolicy(SamlDeployment.PrincipalNamePolicy.valueOf(sp.getPrincipalNameMapping().getPolicy()));
            defaultSamlDeployment.setPrincipalAttributeName(sp.getPrincipalNameMapping().getAttributeName());
        }
        defaultSamlDeployment.setRoleAttributeNames(sp.getRoleAttributes());
        if (sp.getRoleAttributes() == null) {
            Set<String> hashSet = new HashSet<>();
            hashSet.add("Role");
            defaultSamlDeployment.setRoleAttributeNames(hashSet);
        }
        if (sp.getSslPolicy() != null) {
            defaultSamlDeployment.setSslRequired(SslRequired.valueOf(sp.getSslPolicy()));
        }
        if (sp.getKeys() != null) {
            for (Key key : sp.getKeys()) {
                if (key.isSigning()) {
                    if (key.getKeystore() != null) {
                        KeyStore loadKeystore = loadKeystore(resourceLoader, key);
                        try {
                            Certificate certificate = loadKeystore.getCertificate(key.getKeystore().getCertificateAlias());
                            decodePrivateKey = (PrivateKey) loadKeystore.getKey(key.getKeystore().getPrivateKeyAlias(), key.getKeystore().getPrivateKeyPassword().toCharArray());
                            publicKeyFromPem = certificate.getPublicKey();
                        } catch (Exception e) {
                            throw new RuntimeException(e);
                        }
                    } else {
                        if (key.getPrivateKeyPem() == null) {
                            throw new RuntimeException("SP signing key must have a PrivateKey defined");
                        }
                        try {
                            decodePrivateKey = PemUtils.decodePrivateKey(key.getPrivateKeyPem().trim());
                            if (key.getPublicKeyPem() == null && key.getCertificatePem() == null) {
                                throw new RuntimeException("Sp signing key must have a PublicKey or Certificate defined");
                            }
                            publicKeyFromPem = getPublicKeyFromPem(key);
                        } catch (Exception e2) {
                            throw new RuntimeException(e2);
                        }
                    }
                    defaultSamlDeployment.setSigningKeyPair(new KeyPair(publicKeyFromPem, decodePrivateKey));
                }
                if (key.isEncryption()) {
                    if (key.getKeystore() != null) {
                        try {
                            defaultSamlDeployment.setDecryptionKey((PrivateKey) loadKeystore(resourceLoader, key).getKey(key.getKeystore().getPrivateKeyAlias(), key.getKeystore().getPrivateKeyPassword().toCharArray()));
                        } catch (Exception e3) {
                            throw new RuntimeException(e3);
                        }
                    } else {
                        if (key.getPrivateKeyPem() == null) {
                            throw new RuntimeException("SP signing key must have a PrivateKey defined");
                        }
                        try {
                            defaultSamlDeployment.setDecryptionKey(PemUtils.decodePrivateKey(key.getPrivateKeyPem().trim()));
                        } catch (Exception e4) {
                            throw new RuntimeException(e4);
                        }
                    }
                }
            }
        }
        defaultSamlDeployment.setIdp(defaultIDP);
        defaultIDP.setEntityID(sp.getIdp().getEntityID());
        defaultSingleSignOnService.setRequestBinding(SamlDeployment.Binding.parseBinding(sp.getIdp().getSingleSignOnService().getRequestBinding()));
        defaultSingleSignOnService.setRequestBindingUrl(sp.getIdp().getSingleSignOnService().getBindingUrl());
        if (sp.getIdp().getSingleSignOnService().getResponseBinding() != null) {
            defaultSingleSignOnService.setResponseBinding(SamlDeployment.Binding.parseBinding(sp.getIdp().getSingleSignOnService().getResponseBinding()));
        }
        defaultSingleSignOnService.setSignRequest(sp.getIdp().getSingleSignOnService().isSignRequest());
        defaultSingleSignOnService.setValidateResponseSignature(sp.getIdp().getSingleSignOnService().isValidateResponseSignature());
        defaultSingleSignOnService.setValidateAssertionSignature(sp.getIdp().getSingleSignOnService().isValidateAssertionSignature());
        defaultSingleLogoutService.setSignRequest(sp.getIdp().getSingleLogoutService().isSignRequest());
        defaultSingleLogoutService.setSignResponse(sp.getIdp().getSingleLogoutService().isSignResponse());
        defaultSingleLogoutService.setValidateResponseSignature(sp.getIdp().getSingleLogoutService().isValidateResponseSignature());
        defaultSingleLogoutService.setValidateRequestSignature(sp.getIdp().getSingleLogoutService().isValidateRequestSignature());
        defaultSingleLogoutService.setRequestBinding(SamlDeployment.Binding.parseBinding(sp.getIdp().getSingleLogoutService().getRequestBinding()));
        defaultSingleLogoutService.setResponseBinding(SamlDeployment.Binding.parseBinding(sp.getIdp().getSingleLogoutService().getResponseBinding()));
        if (defaultSingleLogoutService.getRequestBinding() == SamlDeployment.Binding.POST) {
            defaultSingleLogoutService.setRequestBindingUrl(sp.getIdp().getSingleLogoutService().getPostBindingUrl());
        } else {
            defaultSingleLogoutService.setRequestBindingUrl(sp.getIdp().getSingleLogoutService().getRedirectBindingUrl());
        }
        if (defaultSingleLogoutService.getResponseBinding() == SamlDeployment.Binding.POST) {
            defaultSingleLogoutService.setResponseBindingUrl(sp.getIdp().getSingleLogoutService().getPostBindingUrl());
        } else {
            defaultSingleLogoutService.setResponseBindingUrl(sp.getIdp().getSingleLogoutService().getRedirectBindingUrl());
        }
        if (sp.getIdp().getKeys() != null) {
            for (Key key2 : sp.getIdp().getKeys()) {
                if (key2.isSigning()) {
                    if (key2.getKeystore() != null) {
                        try {
                            defaultIDP.setSignatureValidationKey(loadKeystore(resourceLoader, key2).getCertificate(key2.getKeystore().getCertificateAlias()).getPublicKey());
                        } catch (KeyStoreException e5) {
                            throw new RuntimeException(e5);
                        }
                    } else {
                        if (key2.getPublicKeyPem() == null && key2.getCertificatePem() == null) {
                            throw new RuntimeException("IDP signing key must have a PublicKey or Certificate defined");
                        }
                        try {
                            defaultIDP.setSignatureValidationKey(getPublicKeyFromPem(key2));
                        } catch (Exception e6) {
                            throw new RuntimeException(e6);
                        }
                    }
                }
            }
        }
        return defaultSamlDeployment;
    }

    protected static PublicKey getPublicKeyFromPem(Key key) throws Exception {
        return key.getPublicKeyPem() != null ? PemUtils.decodePublicKey(key.getPublicKeyPem().trim()) : PemUtils.decodeCertificate(key.getCertificatePem().trim()).getPublicKey();
    }

    protected static KeyStore loadKeystore(ResourceLoader resourceLoader, Key key) {
        InputStream resourceAsStream;
        String type = key.getKeystore().getType();
        if (type == null) {
            type = "JKS";
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(type);
            if (key.getKeystore().getFile() != null) {
                File file = new File(key.getKeystore().getFile());
                if (!file.exists()) {
                }
                try {
                    resourceAsStream = new FileInputStream(file);
                } catch (FileNotFoundException e) {
                    throw new RuntimeException("KeyStore " + key.getKeystore().getFile() + " does not exist");
                }
            } else {
                resourceAsStream = resourceLoader.getResourceAsStream(key.getKeystore().getResource());
                if (resourceAsStream == null) {
                    throw new RuntimeException("KeyStore " + key.getKeystore().getResource() + " does not exist");
                }
            }
            try {
                keyStore.load(resourceAsStream, key.getKeystore().getPassword().toCharArray());
                return keyStore;
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        } catch (KeyStoreException e3) {
            throw new RuntimeException(e3);
        }
    }
}
