package org.keycloak.protocol.saml;

import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.keyinfo.KeyName;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import org.jboss.logging.Logger;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.PublicKeysWrapper;
import org.keycloak.dom.saml.v2.metadata.EntityDescriptorType;
import org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType;
import org.keycloak.dom.saml.v2.metadata.KeyDescriptorType;
import org.keycloak.dom.saml.v2.metadata.KeyTypes;
import org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType;
import org.keycloak.keys.PublicKeyLoader;
import org.keycloak.saml.processing.core.saml.v2.util.SAMLMetadataUtil;
import org.keycloak.saml.processing.core.util.XMLSignatureUtil;
import org.w3c.dom.Element;

/* loaded from: input_file:org/keycloak/protocol/saml/SamlAbstractMetadataPublicKeyLoader.class */
public abstract class SamlAbstractMetadataPublicKeyLoader implements PublicKeyLoader {
    private static final Logger logger = Logger.getLogger(SamlAbstractMetadataPublicKeyLoader.class);
    private final boolean forIdP;

    public SamlAbstractMetadataPublicKeyLoader(boolean z) {
        this.forIdP = z;
    }

    protected abstract InputStream openInputStream() throws Exception;

    public PublicKeysWrapper loadKeys() throws Exception {
        List<KeyDescriptorType> keyDescriptor;
        EntityDescriptorType parseEntityDescriptorType = SAMLMetadataUtil.parseEntityDescriptorType(openInputStream());
        if (this.forIdP) {
            IDPSSODescriptorType locateIDPSSODescriptorType = SAMLMetadataUtil.locateIDPSSODescriptorType(parseEntityDescriptorType);
            keyDescriptor = locateIDPSSODescriptorType != null ? locateIDPSSODescriptorType.getKeyDescriptor() : null;
        } else {
            SPSSODescriptorType locateSPSSODescriptorType = SAMLMetadataUtil.locateSPSSODescriptorType(parseEntityDescriptorType);
            keyDescriptor = locateSPSSODescriptorType != null ? locateSPSSODescriptorType.getKeyDescriptor() : null;
        }
        ArrayList arrayList = new ArrayList();
        if (keyDescriptor != null) {
            for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
                Element keyInfo = keyDescriptorType.getKeyInfo();
                if (keyInfo != null) {
                    KeyUse keyUse = null;
                    if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
                        keyUse = KeyUse.SIG;
                    } else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
                        keyUse = KeyUse.ENC;
                    }
                    try {
                        X509Certificate x509Certificate = null;
                        String str = null;
                        for (KeyName keyName : XMLSignatureUtil.createKeyInfo(keyInfo).getContent()) {
                            if (str == null && (keyName instanceof KeyName)) {
                                str = keyName.getName();
                            } else if (x509Certificate == null && (keyName instanceof X509Data)) {
                                Iterator it = ((X509Data) keyName).getContent().iterator();
                                while (true) {
                                    if (!it.hasNext()) {
                                        break;
                                    }
                                    Object next = it.next();
                                    if (next instanceof X509Certificate) {
                                        x509Certificate = (X509Certificate) next;
                                        break;
                                    }
                                }
                            }
                            if (str != null && x509Certificate != null) {
                                break;
                            }
                        }
                        if (x509Certificate != null) {
                            logger.debugf("Adding certificate %s to the list of public kets", x509Certificate.getSubjectX500Principal());
                            arrayList.add(createKeyWrapper(x509Certificate, str, keyUse));
                        }
                    } catch (MarshalException e) {
                        logger.debugf(e, "Error parsing KeyInfo from metadata endpoint information", new Object[0]);
                    }
                }
            }
        }
        return new PublicKeysWrapper(arrayList);
    }

    private KeyWrapper createKeyWrapper(X509Certificate x509Certificate, String str, KeyUse keyUse) {
        KeyWrapper keyWrapper = new KeyWrapper();
        keyWrapper.setKid(str != null ? str : x509Certificate.getSubjectX500Principal().getName());
        keyWrapper.setAlgorithm(x509Certificate.getPublicKey().getAlgorithm());
        keyWrapper.setUse(keyUse);
        keyWrapper.setType(x509Certificate.getPublicKey().getAlgorithm());
        keyWrapper.setPublicKey(x509Certificate.getPublicKey());
        keyWrapper.setCertificate(x509Certificate);
        return keyWrapper;
    }
}
