package org.pac4j.saml.metadata.keystore;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.regex.Pattern;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.Pac4jConstants;
import org.pac4j.saml.config.SAML2Configuration;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-5.7.2.jar:org/pac4j/saml/metadata/keystore/SAML2FileSystemKeystoreGenerator.class */
public class SAML2FileSystemKeystoreGenerator extends BaseSAML2KeystoreGenerator {
    private static final Pattern NORMALIZE_PATTERN = Pattern.compile("[^a-zA-Z0-9-_\\.]");

    public SAML2FileSystemKeystoreGenerator(SAML2Configuration sAML2Configuration) {
        super(sAML2Configuration);
    }

    private void writeEncodedCertificateToFile(File file, byte[] bArr) {
        if (file.exists()) {
            this.logger.debug("Deleted file [{}]:{}", file, Boolean.valueOf(file.delete()));
        }
        try {
            PemWriter pemWriter = new PemWriter(new OutputStreamWriter(new FileOutputStream(file), StandardCharsets.UTF_8));
            try {
                pemWriter.writeObject(new PemObject(file.getName(), bArr));
                pemWriter.close();
            } finally {
            }
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
        }
    }

    private void writeBinaryCertificateToFile(File file, byte[] bArr) {
        if (file.exists()) {
            this.logger.debug("Deleted file [{}]:{}", file, Boolean.valueOf(file.delete()));
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                fileOutputStream.write(bArr);
                fileOutputStream.flush();
                fileOutputStream.close();
            } finally {
            }
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
        }
    }

    @Override // org.pac4j.saml.metadata.keystore.BaseSAML2KeystoreGenerator, org.pac4j.saml.metadata.keystore.SAML2KeystoreGenerator
    public boolean shouldGenerate() {
        validate();
        Resource keystoreResource = this.saml2Configuration.getKeystoreResource();
        return !(keystoreResource == null || keystoreResource.exists()) || super.shouldGenerate();
    }

    @Override // org.pac4j.saml.metadata.keystore.SAML2KeystoreGenerator
    public InputStream retrieve() throws Exception {
        validate();
        this.logger.debug("Retrieving keystore from {}", this.saml2Configuration.getKeystoreResource());
        return this.saml2Configuration.getKeystoreResource().getInputStream();
    }

    private void validate() {
        CommonHelper.assertNotNull("keystoreResource", this.saml2Configuration.getKeystoreResource());
        CommonHelper.assertNotBlank("keystorePassword", this.saml2Configuration.getKeystorePassword());
    }

    @Override // org.pac4j.saml.metadata.keystore.BaseSAML2KeystoreGenerator
    protected void store(KeyStore keyStore, X509Certificate x509Certificate, PrivateKey privateKey) throws Exception {
        validate();
        File file = this.saml2Configuration.getKeystoreResource().getFile();
        File parentFile = file.getParentFile();
        if (parentFile != null && !parentFile.exists() && !parentFile.mkdirs()) {
            this.logger.warn("Could not construct the directory structure for keystore: {}", file.getCanonicalPath());
        }
        char[] charArray = this.saml2Configuration.getKeystorePassword().toCharArray();
        FileOutputStream fileOutputStream = new FileOutputStream(file.getCanonicalPath());
        try {
            keyStore.store(fileOutputStream, charArray);
            fileOutputStream.flush();
            fileOutputStream.close();
            writeEncodedCertificateToFile(getSigningBase64CertificatePath(), x509Certificate.getEncoded());
            writeBinaryCertificateToFile(getSigningBinaryCertificatePath(), x509Certificate.getEncoded());
            writeEncodedCertificateToFile(getSigningKeyFile(), privateKey.getEncoded());
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private String getNormalizedCertificateName() {
        StringBuilder sb = new StringBuilder("saml-signing-cert");
        if (CommonHelper.isNotBlank(this.saml2Configuration.getCertificateNameToAppend())) {
            sb.append('-');
            sb.append(NORMALIZE_PATTERN.matcher(this.saml2Configuration.getCertificateNameToAppend()).replaceAll(Pac4jConstants.EMPTY_STRING));
        }
        return sb.toString();
    }

    private File getSigningBinaryCertificatePath() throws IOException {
        return new File(this.saml2Configuration.getKeystoreResource().getFile().getParentFile(), getNormalizedCertificateName() + ".crt");
    }

    private File getSigningBase64CertificatePath() throws IOException {
        return new File(this.saml2Configuration.getKeystoreResource().getFile().getParentFile(), getNormalizedCertificateName() + ".pem");
    }

    private File getSigningKeyFile() throws IOException {
        return new File(this.saml2Configuration.getKeystoreResource().getFile().getParentFile(), getNormalizedCertificateName() + ".key");
    }
}
