package dk.digitalidentity.samlmodule.service;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.util.exceptions.InternalException;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.Calendar;
import java.util.HashMap;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.impl.KeyStoreCredentialResolver;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.ResourceUtils;

@Service
/* loaded from: input_file:dk/digitalidentity/samlmodule/service/DISAML_CredentialService.class */
public class DISAML_CredentialService {
    private static final Logger log = LoggerFactory.getLogger(DISAML_CredentialService.class);
    private BasicX509Credential basicX509Credential;

    @Autowired
    private DISAML_Configuration configuration;

    public BasicX509Credential getBasicX509Credential() throws InternalException {
        if (this.basicX509Credential != null) {
            return this.basicX509Credential;
        }
        KeyStore keyStore = keyStore(this.configuration.getKeystore().getLocation(), this.configuration.getKeystore().getPassword().toCharArray());
        HashMap hashMap = new HashMap();
        try {
            String nextElement = keyStore.aliases().nextElement();
            hashMap.put(nextElement, this.configuration.getKeystore().getPassword());
            KeyStoreCredentialResolver keyStoreCredentialResolver = new KeyStoreCredentialResolver(keyStore, hashMap);
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIdCriterion(nextElement));
            try {
                this.basicX509Credential = keyStoreCredentialResolver.resolveSingle(criteriaSet);
                if (this.basicX509Credential != null && this.basicX509Credential.getEntityCertificate() != null) {
                    validateCertificateExpiry();
                }
                return this.basicX509Credential;
            } catch (ResolverException e) {
                throw new InternalException("Kunne ikke finde egnet credentials ud fra aliasset: " + nextElement, e);
            }
        } catch (KeyStoreException e2) {
            throw new InternalException("Keystore ikke initialiseret ordentligt", e2);
        }
    }

    private void validateCertificateExpiry() {
        try {
            Calendar calendar = Calendar.getInstance();
            calendar.add(5, 7);
            this.basicX509Credential.getEntityCertificate().checkValidity(calendar.getTime());
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            log.error("Certificate expiring soon", e);
        } catch (Exception e2) {
            log.warn("Failed checking credential expiry", e2);
        }
    }

    public KeyInfo getPublicKeyInfo() throws InternalException {
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        try {
            return x509KeyInfoGeneratorFactory.newInstance().generate(getBasicX509Credential());
        } catch (SecurityException e) {
            throw new InternalException("Kunne ikke generere public key ud fra Tjenesteudbyders credentials", e);
        }
    }

    private KeyStore keyStore(String str, char[] cArr) throws InternalException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new FileInputStream(ResourceUtils.getFile(str)), cArr);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new InternalException("Kunne ikke tilgå Tjenesteudbyders Keystore", e);
        }
    }
}
