package dk.gov.oio.saml.service;

import dk.gov.oio.saml.config.Configuration;
import dk.gov.oio.saml.util.InternalException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.impl.KeyStoreCredentialResolver;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.KeyInfo;

/* loaded from: input_file:dk/gov/oio/saml/service/CredentialService.class */
public class CredentialService {
    private static CredentialService singleInstance = new CredentialService();
    private BasicX509Credential primaryBasicX509Credential;
    private BasicX509Credential secondaryBasicX509Credential;

    public static CredentialService getInstance() {
        return singleInstance;
    }

    public BasicX509Credential getPrimaryBasicX509Credential() throws InternalException, InitializationException {
        if (this.primaryBasicX509Credential != null) {
            return this.primaryBasicX509Credential;
        }
        Configuration config = OIOSAML3Service.getConfig();
        this.primaryBasicX509Credential = getBasicX509Credential(config.getKeystoreLocation(), config.getKeystorePassword(), config.getKeyAlias());
        return this.primaryBasicX509Credential;
    }

    public BasicX509Credential getSecondaryBasicX509Credential() throws InternalException, InitializationException {
        if (this.secondaryBasicX509Credential != null) {
            return this.secondaryBasicX509Credential;
        }
        Configuration config = OIOSAML3Service.getConfig();
        this.secondaryBasicX509Credential = getBasicX509Credential(config.getSecondaryKeystoreLocation(), config.getSecondaryKeystorePassword(), config.getSecondaryKeyAlias());
        return this.secondaryBasicX509Credential;
    }

    public KeyInfo getPublicKeyInfo(BasicX509Credential basicX509Credential) throws InternalException {
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        try {
            return x509KeyInfoGeneratorFactory.newInstance().generate(basicX509Credential);
        } catch (SecurityException e) {
            throw new InternalException("Could not generate KeyInfo Object from own Credential", e);
        }
    }

    private BasicX509Credential getBasicX509Credential(String str, String str2, String str3) throws InternalException {
        if (str == null || str2 == null || str3 == null) {
            return null;
        }
        KeyStore keyStore = keyStore(str, str2.toCharArray());
        HashMap hashMap = new HashMap();
        try {
            hashMap.put(keyStore.aliases().nextElement(), str2);
            KeyStoreCredentialResolver keyStoreCredentialResolver = new KeyStoreCredentialResolver(keyStore, hashMap);
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIdCriterion(str3));
            try {
                return keyStoreCredentialResolver.resolveSingle(criteriaSet);
            } catch (ResolverException e) {
                throw new InternalException("Could not resolve own credential by configured alias: " + str3, e);
            }
        } catch (KeyStoreException e2) {
            throw new InternalException("Keystore not initialized properly", e2);
        }
    }

    private KeyStore keyStore(String str, char[] cArr) throws InternalException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(getClass().getClassLoader().getResourceAsStream(str), cArr);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new InternalException("Could not get own credential", e);
        }
    }
}
