package org.n52.security.authentication.saml2.sp;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import org.apache.commons.codec.binary.Base64;
import org.n52.security.common.crypto.DefaultKeyPair;
import org.n52.security.common.crypto.KeyPair;
import org.n52.security.common.crypto.KeyPairProvider;
import org.n52.security.common.crypto.KeyPairResolvingException;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/authentication/saml2/sp/MetadataKeyPairProvider.class */
public class MetadataKeyPairProvider implements KeyPairProvider {
    private static final Logger LOG = LoggerFactory.getLogger(FileFolderMetadataProvider.class);
    private MetadataProvider m_metadataProvider;

    public KeyPair resolveByAlias(String str, char[] cArr) throws KeyPairResolvingException {
        try {
            EntityDescriptor entityDescriptor = this.m_metadataProvider.getEntityDescriptor(str);
            if (entityDescriptor == null) {
                throw new KeyPairResolvingException("alias <" + str + "> does not exist!");
            }
            return findCertificateInEntityDescriptor(str, entityDescriptor);
        } catch (MetadataProviderException e) {
            throw new KeyPairResolvingException("saml2 metadata for alias <" + str + "> could not be fetched", e);
        }
    }

    private KeyPair findCertificateInEntityDescriptor(String str, EntityDescriptor entityDescriptor) {
        LOG.info("Looking up key for alias <" + str + "> in entity descriptor with id <" + entityDescriptor.getEntityID() + ">");
        for (RoleDescriptor roleDescriptor : entityDescriptor.getRoleDescriptors()) {
            LOG.info("Looking up key for alias <" + str + "> in role descriptor with id <" + roleDescriptor.getID() + ">");
            for (KeyDescriptor keyDescriptor : roleDescriptor.getKeyDescriptors()) {
                LOG.info("Looking up key for alias <" + str + "> in key descriptor with id <" + keyDescriptor.getKeyInfo().getID() + ">");
                if (keyDescriptor.getUse() == UsageType.SIGNING || keyDescriptor.getUse() == UsageType.UNSPECIFIED || keyDescriptor.getUse() == null) {
                    KeyInfo keyInfo = keyDescriptor.getKeyInfo();
                    if (!keyInfo.getX509Datas().isEmpty()) {
                        X509Data x509Data = (X509Data) keyInfo.getX509Datas().get(0);
                        if (!x509Data.getX509Certificates().isEmpty()) {
                            Certificate certificate = toCertificate(((X509Certificate) x509Data.getX509Certificates().get(0)).getValue());
                            DefaultKeyPair defaultKeyPair = new DefaultKeyPair();
                            defaultKeyPair.setAlias(str);
                            defaultKeyPair.setCertificate(certificate);
                            return defaultKeyPair;
                        }
                        LOG.info("Looking up key for alias <" + str + "> but x509 data contains no x509 cert");
                    }
                    LOG.info("Looking up key for alias <" + str + "> but key info has no x509 data");
                }
                LOG.info("Looking up key for alias <" + str + "> but no key descriptor with usage type 'signing' found");
            }
        }
        throw new KeyPairResolvingException("no keypair configured for alias <" + str + ">!");
    }

    private Certificate toCertificate(String str) {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(str.trim())));
        } catch (CertificateException e) {
            throw new KeyPairResolvingException("either no X.509 certificate factory found or factory#generateCertificate failed!", e);
        }
    }

    public KeyPair resolveBySerialIssuer(String str, BigInteger bigInteger, char[] cArr) throws KeyPairResolvingException {
        throw new UnsupportedOperationException("resolveBySerialIssuer is not supported");
    }

    public KeyPair resolveByCertificate(Certificate certificate, char[] cArr) throws KeyPairResolvingException {
        throw new UnsupportedOperationException("resolveByCertificate is not supported");
    }

    public MetadataProvider getMetadataProvider() {
        return this.m_metadataProvider;
    }

    public void setMetadataProvider(MetadataProvider metadataProvider) {
        this.m_metadataProvider = metadataProvider;
    }
}
