package de.governikus.keycloak.eid.provider.identity;

import de.governikus.keycloak.eid.panstarsdk.SamlConfigurationImpl;
import de.governikus.panstar.sdk.saml.configuration.SamlConfigurationHelper;
import java.security.PrivateKey;
import org.keycloak.common.util.PemUtils;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.RealmModel;
import org.opensaml.security.crypto.KeySupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/keycloak/eid/provider/identity/EidIdentityProviderModel.class */
public class EidIdentityProviderModel extends IdentityProviderModel {
    private static final Logger log = LoggerFactory.getLogger(EidIdentityProviderModel.class);
    public static final String ID_PANSTAR_SERVER_URL = "idPanstarServerUrl";
    public static final String SAML_ASSERTION_CONSUMER_URL = "samlAssertionConsumerUrl";
    public static final String SAML_ENTITY_ID = "samlEntityId";
    public static final String SAML_REQUEST_SIGNATURE_PRIVATE_KEY = "samlRequestSignaturePrivateKey";
    public static final String SAML_RESPONSE_DECRYPTION_PUBLIC_KEY = "samlResponseDecryptionPublicKey";
    public static final String SAML_RESPONSE_DECRYPTION_PRIVATE_KEY = "samlResponseDecryptionPrivateKey";
    public static final String SAML_RESPONSE_VERIFICATION_CERTIFICATE = "samlResponseVerificationCertificate";
    public static final String SAML_REQUEST_ENCRYPTION_CERTIFICATE = "samlRequestEncryptionCertificate";
    public static final String EID_GIVEN_NAMES_ALLOWED = "eidGivenNamesAllowed";
    public static final String EID_FAMILY_NAMES_ALLOWED = "eidFamilyNamesAllowed";
    public static final String EID_DATE_OF_BIRTH_ALLOWED = "eidDateOfBirthAllowed";
    public static final String EID_PLACE_OF_BIRTH_ALLOWED = "eidPlaceOfBirthAllowed";
    public static final String EID_PLACE_OF_RESIDENCE_ALLOWED = "eidPlaceOfResidenceAllowed";
    public static final String EID_ACADEMIC_TITLE_ALLOWED = "eidAcademicTitleAllowed";
    public static final String EID_ISSUING_STATE_ALLOWED = "eidIssuingStateAllowed";
    public static final String EID_ARTISTIC_NAME_ALLOWED = "eidArtisticNameAllowed";
    public static final String EID_NATIONALITY_ALLOWED = "eidNationalityAllowed";
    public static final String EID_RESIDENCE_PERMIT_I_ALLOWED = "eidResidencePermitIAllowed";
    public static final String EID_DATE_OF_EXPIRY_ALLOWED = "eidDateOfExpiryAllowed";
    public static final String EID_DOCUMENT_TYPE_ALLOWED = "eidDocumentTypeAllowed";

    public void validate(RealmModel realmModel) {
        validateIsPrivateKey(SAML_REQUEST_SIGNATURE_PRIVATE_KEY);
        PrivateKey validateIsPrivateKey = validateIsPrivateKey(SAML_RESPONSE_DECRYPTION_PRIVATE_KEY);
        if (getConfig().get(SAML_RESPONSE_DECRYPTION_PUBLIC_KEY) == null) {
            getConfig().put(SAML_RESPONSE_DECRYPTION_PUBLIC_KEY, PemUtils.encodeKey(KeySupport.derivePublicKey(validateIsPrivateKey)));
        }
        validateIsX509Certificate(SAML_RESPONSE_VERIFICATION_CERTIFICATE);
        validateIsX509Certificate(SAML_REQUEST_ENCRYPTION_CERTIFICATE);
        SamlConfigurationHelper.checkSamlConfiguration(new SamlConfigurationImpl(getConfig(), realmModel.getName()));
    }

    private PrivateKey validateIsPrivateKey(String str) {
        try {
            PrivateKey decodePrivateKey = PemUtils.decodePrivateKey((String) getConfig().get(str));
            if (decodePrivateKey == null) {
                throw new IllegalArgumentException(String.format("Attribute '%s' is not a PEM encoded private key", EidIdentityProviderFactory.getDisplayAttributeName(str)));
            }
            return decodePrivateKey;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new IllegalArgumentException(String.format("Attribute '%s' is not a PEM encoded private key", EidIdentityProviderFactory.getDisplayAttributeName(str)), e);
        }
    }

    private void validateIsX509Certificate(String str) {
        try {
            if (PemUtils.decodeCertificate((String) getConfig().get(str)) == null) {
                throw new IllegalArgumentException(String.format("Attribute '%s' is not a PEM encoded certificate", EidIdentityProviderFactory.getDisplayAttributeName(str)));
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new IllegalArgumentException(String.format("Attribute '%s' is not a PEM encoded certificate", EidIdentityProviderFactory.getDisplayAttributeName(str)), e);
        }
    }
}
