package org.jasig.portal.security.provider.saml;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.UUID;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.x509.X509Util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/delegated-saml-authentication-1.1.2.jar:org/jasig/portal/security/provider/saml/SSLSecurityImpl.class */
public class SSLSecurityImpl implements SSLSecurityWrapper {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private KeyStore keyStore = null;
    private String keyStorePass = null;
    private KeyStore trustStore = null;
    private String publicKeys;
    private static final long serialVersionUID = 1;

    @Override // org.jasig.portal.security.provider.saml.SSLSecurityWrapper
    public SSLSocketFactory getSSLSocketFactory() {
        try {
            KeyManager[] keyManagerArr = null;
            if (this.keyStore != null) {
                keyManagerArr = createKeyManagers(this.keyStore, this.keyStorePass);
            }
            TrustManager[] trustManagerArr = null;
            if (this.trustStore != null) {
                trustManagerArr = createTrustManagers(this.trustStore);
            } else if (this.publicKeys != null) {
                trustManagerArr = new TrustManager[]{TrustAllX509TrustManager.INSTANCE};
            }
            SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactory.TLS);
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return this.publicKeys != null ? new PublicKeyVerifyingSSLSocketFactory(sSLContext, this.publicKeys) : new SSLSocketFactory(sSLContext);
        } catch (Exception e) {
            throw new DelegatedAuthenticationRuntimeException("Error dealing with SSL.  See stack trace for details.", e);
        }
    }

    private static KeyManager[] createKeyManagers(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
        return keyManagerFactory.getKeyManagers();
    }

    private static TrustManager[] createTrustManagers(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private void setSSLClientCredentials(PrivateKey privateKey, Certificate certificate) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException {
        this.logger.info("Private key: [{}].", privateKey.toString());
        this.logger.info("Certificate: [{}].", certificate.toString());
        KeyStore keyStore = KeyStore.getInstance("JKS", "SUN");
        keyStore.load(null, null);
        String uuid = UUID.randomUUID().toString();
        keyStore.setKeyEntry("sp", privateKey, uuid.toCharArray(), new Certificate[]{certificate});
        this.keyStore = keyStore;
        this.keyStorePass = uuid;
    }

    @Override // org.jasig.portal.security.provider.saml.SSLSecurityWrapper
    public void setSSLClientKeystore(String str, String str2) {
        try {
            this.keyStore = loadKeyStoreFromFile(str, str2);
            this.keyStorePass = str2;
        } catch (Exception e) {
            throw new DelegatedAuthenticationRuntimeException("Error dealing with SSL.  See stack trace for details.", e);
        }
    }

    private KeyStore loadKeyStoreFromFile(String str, String str2) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS", "SUN");
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    @Override // org.jasig.portal.security.provider.saml.SSLSecurityWrapper
    public void setSSLTrustStore(String str, String str2) {
        try {
            this.trustStore = loadKeyStoreFromFile(str, str2);
        } catch (Exception e) {
            throw new DelegatedAuthenticationRuntimeException("Error dealing with SSL.  See stack trace for details.", e);
        }
    }

    @Override // org.jasig.portal.security.provider.saml.SSLSecurityWrapper
    public void setSSLClientPrivateKeyAndCert(String str, String str2) {
        try {
            setSSLClientCredentials(SecurityHelper.decodePrivateKey(new File(str), (char[]) null), X509Util.decodeCertificate(new File(str2)).iterator().next());
        } catch (Exception e) {
            throw new DelegatedAuthenticationRuntimeException("Error dealing with SSL.  See stack trace for details.", e);
        }
    }

    @Override // org.jasig.portal.security.provider.saml.SSLSecurityWrapper
    public void setSSLServerPublicKeys(String str) {
        this.publicKeys = str;
    }
}
