package org.pac4j.saml.crypto;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Enumeration;
import java.util.HashMap;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.CredentialResolver;
import org.opensaml.xml.security.credential.KeyStoreCredentialResolver;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.saml.exceptions.SamlException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-1.6.0.jar:org/pac4j/saml/crypto/CredentialProvider.class */
public class CredentialProvider {
    private final Logger logger = LoggerFactory.getLogger(CredentialProvider.class);
    private final CredentialResolver credentialResolver;
    private final String privateKey;

    public CredentialProvider(String str, String str2, String str3) {
        KeyStore loadKeyStore = loadKeyStore(CommonHelper.getInputStreamFromName(str), str2);
        this.privateKey = getPrivateKeyAlias(loadKeyStore);
        HashMap hashMap = new HashMap();
        hashMap.put(this.privateKey, str3);
        this.credentialResolver = new KeyStoreCredentialResolver(loadKeyStore, hashMap);
    }

    public Credential getCredential() {
        try {
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIDCriteria(this.privateKey));
            return this.credentialResolver.resolveSingle(criteriaSet);
        } catch (SecurityException e) {
            throw new SamlException("Can't obtain SP private key", e);
        }
    }

    private KeyStore loadKeyStore(InputStream inputStream, String str) {
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(inputStream, str == null ? null : str.toCharArray());
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        this.logger.debug("Error closing input stream of keystore", e);
                    }
                }
                return keyStore;
            } catch (Exception e2) {
                this.logger.error("Error loading keystore", e2);
                throw new SamlException("Error loading keystore", e2);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                    this.logger.debug("Error closing input stream of keystore", e3);
                }
            }
            throw th;
        }
    }

    private String getPrivateKeyAlias(KeyStore keyStore) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            if (aliases.hasMoreElements()) {
                return aliases.nextElement();
            }
            throw new SamlException("Keystore has no private keys");
        } catch (KeyStoreException e) {
            throw new SamlException("Unable to get aliases from keyStore", e);
        }
    }
}
