package de.governikus.keycloak.eid.panstarsdk;

import de.governikus.panstar.sdk.saml.configuration.SamlKeyMaterial;
import de.governikus.panstar.sdk.utils.constant.Common;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Optional;
import org.bouncycastle.util.io.pem.PemReader;
import org.keycloak.common.util.PemUtils;
import org.opensaml.security.crypto.JCAConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/keycloak/eid/panstarsdk/SamlKeyMaterialImpl.class */
public class SamlKeyMaterialImpl implements SamlKeyMaterial {
    private static final Logger log = LoggerFactory.getLogger(SamlKeyMaterialImpl.class);
    String samlRequestSignaturePrivateKey;
    String samlResponseDecryptionPrivateKey;
    String samlResponseVerificationCertificate;
    String samlRequestEncryptionCertificate;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlKeyMaterialImpl(String str, String str2, String str3, String str4) {
        this.samlRequestSignaturePrivateKey = str;
        this.samlResponseDecryptionPrivateKey = str2;
        this.samlResponseVerificationCertificate = str3;
        this.samlRequestEncryptionCertificate = str4;
    }

    @Override // de.governikus.panstar.sdk.saml.configuration.SamlKeyMaterial
    public PrivateKey getSamlRequestSigningPrivateKey() {
        try {
            return KeyFactory.getInstance(JCAConstants.KEY_ALGO_RSA).generatePrivate(new PKCS8EncodedKeySpec(new PemReader(new StringReader(this.samlRequestSignaturePrivateKey)).readPemObject().getContent()));
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // de.governikus.panstar.sdk.saml.configuration.SamlKeyMaterial
    public KeyPair getSamlResponseDecryptionKeyPair() {
        try {
            PrivateKey decodePrivateKey = PemUtils.decodePrivateKey(this.samlResponseDecryptionPrivateKey);
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) decodePrivateKey;
            return new KeyPair(KeyFactory.getInstance(JCAConstants.KEY_ALGO_RSA).generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent())), decodePrivateKey);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // de.governikus.panstar.sdk.saml.configuration.SamlKeyMaterial
    public X509Certificate getSamlResponseSignatureValidatingCertificate() {
        try {
            return (X509Certificate) Optional.of((X509Certificate) CertificateFactory.getInstance("X509", Common.BOUNCY_PROVIDER).generateCertificate(new ByteArrayInputStream(new PemReader(new StringReader(this.samlResponseVerificationCertificate)).readPemObject().getContent()))).orElseThrow(IllegalStateException::new);
        } catch (Exception e) {
            log.warn("No certificate present to verify signature in SAML response");
            throw new IllegalStateException("No certificate present to verify signature in SAML response. Without a certificate to validate the signature the SAML response cannot be parsed", e);
        }
    }

    @Override // de.governikus.panstar.sdk.saml.configuration.SamlKeyMaterial
    public X509Certificate getSamlRequestEncryptionCertificate() {
        try {
            return (X509Certificate) Optional.of((X509Certificate) CertificateFactory.getInstance("X509", Common.BOUNCY_PROVIDER).generateCertificate(new ByteArrayInputStream(new PemReader(new StringReader(this.samlRequestEncryptionCertificate)).readPemObject().getContent()))).orElseThrow(IllegalStateException::new);
        } catch (Exception e) {
            log.warn("No certificate present to verify signature in SAML response");
            throw new IllegalStateException("No certificate present to encrypt SAML request. Without an encryption certificate no SAML request can be created", e);
        }
    }
}
