package edu.internet2.middleware.shibboleth.common;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.log4j.Logger;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* compiled from: Credentials.java */
/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/KeystoreCredentialResolver.class */
class KeystoreCredentialResolver implements CredentialResolver {
    private static Logger log;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("edu.internet2.middleware.shibboleth.common.KeystoreCredentialResolver");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls.getName());
    }

    @Override // edu.internet2.middleware.shibboleth.common.CredentialResolver
    public Credential loadCredential(Element element) throws CredentialFactoryException {
        if (!element.getLocalName().equals("KeyStoreResolver")) {
            log.error("Invalid Credential Resolver configuration: expected <KeyStoreResolver> .");
            throw new CredentialFactoryException("Failed to initialize Credential Resolver.");
        }
        String attribute = element.getAttribute("storeType");
        if (attribute == null || attribute.equals("")) {
            log.debug("Using default store type for credential.");
            attribute = "JKS";
        }
        String loadPath = loadPath(element);
        String loadAlias = loadAlias(element);
        String loadCertAlias = loadCertAlias(element, loadAlias);
        String loadKeyPassword = loadKeyPassword(element);
        String loadKeyStorePassword = loadKeyStorePassword(element);
        try {
            KeyStore keyStore = KeyStore.getInstance(attribute);
            keyStore.load(new ShibResource(loadPath, getClass()).getInputStream(), loadKeyStorePassword.toCharArray());
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(loadAlias, loadKeyPassword.toCharArray());
            if (privateKey == null) {
                throw new CredentialFactoryException(new StringBuffer("No key entry was found with an alias of (").append(loadAlias).append(").").toString());
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(loadCertAlias);
            if (certificateChain == null) {
                throw new CredentialFactoryException(new StringBuffer("An error occurred while reading the java keystore: No certificate found with the specified alias (").append(loadCertAlias).append(").").toString());
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
            for (int i = 0; i < certificateChain.length; i++) {
                if (!(certificateChain[i] instanceof X509Certificate)) {
                    throw new CredentialFactoryException(new StringBuffer("The KeyStore Credential Resolver can only load X509 certificates.  Found an unsupported certificate of type (").append(certificateChain[i]).append(").").toString());
                }
                x509CertificateArr[i] = (X509Certificate) certificateChain[i];
            }
            return new Credential(x509CertificateArr, privateKey);
        } catch (IOException e) {
            throw new CredentialFactoryException(new StringBuffer("An error occurred while reading the java keystore: ").append(e).toString());
        } catch (KeyStoreException e2) {
            throw new CredentialFactoryException(new StringBuffer("An error occurred while accessing the java keystore: ").append(e2).toString());
        } catch (NoSuchAlgorithmException e3) {
            throw new CredentialFactoryException(new StringBuffer("Appropriate JCE provider not found in the java environment: ").append(e3).toString());
        } catch (UnrecoverableKeyException e4) {
            throw new CredentialFactoryException(new StringBuffer("An error occurred while attempting to load the key from the java keystore: ").append(e4).toString());
        } catch (CertificateException e5) {
            throw new CredentialFactoryException(new StringBuffer("The java keystore contained a certificate that could not be loaded: ").append(e5).toString());
        }
    }

    private String loadPath(Element element) throws CredentialFactoryException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(Credentials.credentialsNamespace, "Path");
        if (elementsByTagNameNS.getLength() < 1) {
            log.error("KeyStore path not specified.");
            throw new CredentialFactoryException("KeyStore Credential Resolver requires a <Path> specification.");
        }
        if (elementsByTagNameNS.getLength() > 1) {
            log.error("Multiple KeyStore path specifications, using first.");
        }
        Node firstChild = elementsByTagNameNS.item(0).getFirstChild();
        String str = null;
        if (firstChild != null && firstChild.getNodeType() == 3) {
            str = firstChild.getNodeValue();
        }
        if (str != null && !str.equals("")) {
            return str;
        }
        log.error("KeyStore path not specified.");
        throw new CredentialFactoryException("KeyStore Credential Resolver requires a <Path> specification.");
    }

    private String loadAlias(Element element) throws CredentialFactoryException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(Credentials.credentialsNamespace, "KeyAlias");
        if (elementsByTagNameNS.getLength() < 1) {
            log.error("KeyStore key alias not specified.");
            throw new CredentialFactoryException("KeyStore Credential Resolver requires an <KeyAlias> specification.");
        }
        if (elementsByTagNameNS.getLength() > 1) {
            log.error("Multiple key alias specifications, using first.");
        }
        Node firstChild = elementsByTagNameNS.item(0).getFirstChild();
        String str = null;
        if (firstChild != null && firstChild.getNodeType() == 3) {
            str = firstChild.getNodeValue();
        }
        if (str != null && !str.equals("")) {
            return str;
        }
        log.error("KeyStore key alias not specified.");
        throw new CredentialFactoryException("KeyStore Credential Resolver requires an <KeyAlias> specification.");
    }

    private String loadCertAlias(Element element, String str) throws CredentialFactoryException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(Credentials.credentialsNamespace, "CertAlias");
        if (elementsByTagNameNS.getLength() < 1) {
            log.debug("KeyStore cert alias not specified, defaulting to key alias.");
            return str;
        }
        if (elementsByTagNameNS.getLength() > 1) {
            log.error("Multiple cert alias specifications, using first.");
        }
        Node firstChild = elementsByTagNameNS.item(0).getFirstChild();
        String str2 = null;
        if (firstChild != null && firstChild.getNodeType() == 3) {
            str2 = firstChild.getNodeValue();
        }
        if (str2 != null && !str2.equals("")) {
            return str2;
        }
        log.debug("KeyStore cert alias not specified, defaulting to key alias.");
        return str;
    }

    private String loadKeyStorePassword(Element element) throws CredentialFactoryException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(Credentials.credentialsNamespace, "StorePassword");
        if (elementsByTagNameNS.getLength() < 1) {
            log.error("KeyStore password not specified.");
            throw new CredentialFactoryException("KeyStore Credential Resolver requires an <StorePassword> specification.");
        }
        if (elementsByTagNameNS.getLength() > 1) {
            log.error("Multiple KeyStore password specifications, using first.");
        }
        Node firstChild = elementsByTagNameNS.item(0).getFirstChild();
        String str = null;
        if (firstChild != null && firstChild.getNodeType() == 3) {
            str = firstChild.getNodeValue();
        }
        if (str != null && !str.equals("")) {
            return str;
        }
        log.error("KeyStore password not specified.");
        throw new CredentialFactoryException("KeyStore Credential Resolver requires an <StorePassword> specification.");
    }

    private String loadKeyPassword(Element element) throws CredentialFactoryException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(Credentials.credentialsNamespace, "KeyPassword");
        if (elementsByTagNameNS.getLength() < 1) {
            log.error("KeyStore key password not specified.");
            throw new CredentialFactoryException("KeyStore Credential Resolver requires an <KeyPassword> specification.");
        }
        if (elementsByTagNameNS.getLength() > 1) {
            log.error("Multiple KeyStore key password specifications, using first.");
        }
        Node firstChild = elementsByTagNameNS.item(0).getFirstChild();
        String str = null;
        if (firstChild != null && firstChild.getNodeType() == 3) {
            str = firstChild.getNodeValue();
        }
        if (str != null && !str.equals("")) {
            return str;
        }
        log.error("KeyStore key password not specified.");
        throw new CredentialFactoryException("KeyStore Credential Resolver requires an <KeyPassword> specification.");
    }
}
