package org.keycloak.saml.processing.core.saml.v2.util;

import java.security.cert.X509Certificate;
import org.keycloak.dom.saml.v2.metadata.KeyDescriptorType;
import org.keycloak.dom.saml.v2.metadata.KeyTypes;
import org.keycloak.dom.saml.v2.metadata.SSODescriptorType;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.processing.core.util.XMLSignatureUtil;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/keycloak-saml-core-16.1.0.jar:org/keycloak/saml/processing/core/saml/v2/util/SAMLMetadataUtil.class */
public class SAMLMetadataUtil {
    public static X509Certificate getCertificate(KeyDescriptorType keyDescriptorType) throws ConfigurationException, ProcessingException {
        X509Certificate x509Certificate = null;
        Element keyInfo = keyDescriptorType.getKeyInfo();
        if (keyInfo != null) {
            NodeList elementsByTagName = keyInfo.getElementsByTagName("X509Data");
            if (elementsByTagName == null || elementsByTagName.getLength() == 0) {
                elementsByTagName = keyInfo.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(), "X509Data");
            }
            if (elementsByTagName == null || elementsByTagName.getLength() == 0) {
                elementsByTagName = keyInfo.getElementsByTagName("ds:X509Data");
            }
            if (elementsByTagName != null && elementsByTagName.getLength() > 0) {
                NodeList childNodes = elementsByTagName.item(0).getChildNodes();
                int length = childNodes != null ? childNodes.getLength() : 0;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Node item = childNodes.item(i);
                    if (item.getNodeName().contains("X509Certificate")) {
                        x509Certificate = XMLSignatureUtil.getX509CertificateFromKeyInfoString(item.getFirstChild().getNodeValue().replaceAll("\\s", ""));
                        break;
                    }
                    i++;
                }
            }
        }
        return x509Certificate;
    }

    public static X509Certificate getCertificate(KeyTypes keyTypes, SSODescriptorType sSODescriptorType) {
        if (sSODescriptorType == null) {
            return null;
        }
        for (KeyDescriptorType keyDescriptorType : sSODescriptorType.getKeyDescriptor()) {
            KeyTypes use = keyDescriptorType.getUse();
            if (use == null || (keyTypes != null && use.value().equals(keyTypes.value()))) {
                try {
                    return getCertificate(keyDescriptorType);
                } catch (Exception e) {
                    throw new RuntimeException("Could not parse KeyDescriptor X509 certificate from metadata [" + sSODescriptorType.getID() + "].");
                }
            }
        }
        return null;
    }
}
