package de.governikus.autent.sdk.saml.utils;

import de.governikus.autent.sdk.saml.exceptions.NoMatchingEntryForAliasException;
import de.governikus.autent.sdk.saml.exceptions.WrongKeyFormatException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import net.shibboleth.utilities.java.support.collection.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/autent/sdk/saml/utils/KeySupport.class */
public class KeySupport {
    private static final Logger log = LoggerFactory.getLogger(KeySupport.class);
    private static final String CERTIFICATE_TYPE_X509 = "X.509";
    private static final String KEY_FORMAT_PKCS08 = "PKCS#8";

    public static Pair<X509Certificate, PrivateKey> getCertificateAndKey(KeyStore keyStore, String str, String str2) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                try {
                    log.trace("checking requested alias '{}' with alias from keystore '{}'", nextElement, str);
                    if (nextElement.equalsIgnoreCase(str) && keyStore.isKeyEntry(nextElement)) {
                        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                        if (x509Certificate == null) {
                            throw new NoMatchingEntryForAliasException("no matching X.509 certificate for alias '" + str + "' found!");
                        }
                        PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, str2.toCharArray());
                        if (!KEY_FORMAT_PKCS08.equals(privateKey.getFormat())) {
                            throw new WrongKeyFormatException("key type for alias '" + str + "' does not match " + KEY_FORMAT_PKCS08 + "!");
                        }
                        log.trace("using private key entry from alias '{}'", nextElement);
                        return new Pair<>(x509Certificate, privateKey);
                    }
                } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                    throw new RuntimeException(e.getMessage(), e);
                }
            }
            throw new NoMatchingEntryForAliasException("no matching private key for alias '" + str + "' found!");
        } catch (KeyStoreException e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }
}
