package org.keycloak.testsuite.util;

import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.crypto.JavaAlgorithm;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.keys.KeyProvider;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.TestContext;

/* loaded from: input_file:org/keycloak/testsuite/util/TokenSignatureUtil.class */
public class TokenSignatureUtil {
    private static Logger log = Logger.getLogger(TokenSignatureUtil.class);
    private static final String TEST_REALM_NAME = "test";

    public static void changeRealmTokenSignatureProvider(Keycloak keycloak, String str) {
        changeRealmTokenSignatureProvider("test", keycloak, str);
    }

    public static void changeRealmTokenSignatureProvider(String str, Keycloak keycloak, String str2) {
        RealmRepresentation representation = keycloak.realm(str).toRepresentation();
        log.tracef("change realm test signature algorithm from %s to %s", representation.getDefaultSignatureAlgorithm(), str2);
        representation.setDefaultSignatureAlgorithm(str2);
        keycloak.realm(str).update(representation);
    }

    public static void changeClientAccessTokenSignatureProvider(ClientResource clientResource, String str) {
        ClientRepresentation representation = clientResource.toRepresentation();
        log.tracef("change client %s access token signature algorithm from %s to %s", representation.getClientId(), representation.getAttributes().get("access.token.signed.response.alg"), str);
        representation.getAttributes().put("access.token.signed.response.alg", str);
        clientResource.update(representation);
    }

    public static void changeClientIdTokenSignatureProvider(ClientResource clientResource, String str) {
        ClientRepresentation representation = clientResource.toRepresentation();
        log.tracef("change client %s access token signature algorithm from %s to %s", representation.getClientId(), representation.getAttributes().get("id.token.signed.response.alg"), str);
        representation.getAttributes().put("id.token.signed.response.alg", str);
        clientResource.update(representation);
    }

    public static void changeClientIdTokenEncryptionAlgProvider(ClientResource clientResource, String str) {
        ClientRepresentation representation = clientResource.toRepresentation();
        log.tracef("change client %s id token encryption alg algorithm from %s to %s", representation.getClientId(), representation.getAttributes().get("id.token.encrypted.response.alg"), str);
        representation.getAttributes().put("id.token.encrypted.response.alg", str);
        clientResource.update(representation);
    }

    public static void changeClientIdTokenEncryptionEncProvider(ClientResource clientResource, String str) {
        ClientRepresentation representation = clientResource.toRepresentation();
        log.tracef("change client %s id token encryption enc algorithm from %s to %s", representation.getClientId(), representation.getAttributes().get("id.token.encrypted.response.enc"), str);
        representation.getAttributes().put("id.token.encrypted.response.enc", str);
        clientResource.update(representation);
    }

    public static boolean verifySignature(String str, String str2, Keycloak keycloak) throws Exception {
        PublicKey realmPublicKey = getRealmPublicKey("test", str, keycloak);
        JWSInput jWSInput = new JWSInput(str2);
        Signature signature = getSignature(str);
        signature.initVerify(realmPublicKey);
        signature.update(jWSInput.getEncodedSignatureInput().getBytes("UTF-8"));
        return signature.verify(jWSInput.getSignature());
    }

    public static void registerKeyProvider(String str, Keycloak keycloak, TestContext testContext) {
        registerKeyProvider("test", str, keycloak, testContext);
    }

    public static void registerKeyProvider(String str, String str2, Keycloak keycloak, TestContext testContext) {
        boolean z = -1;
        switch (str2.hashCode()) {
            case 66245349:
                if (str2.equals("ES256")) {
                    z = 6;
                    break;
                }
                break;
            case 66246401:
                if (str2.equals("ES384")) {
                    z = 7;
                    break;
                }
                break;
            case 66248104:
                if (str2.equals("ES512")) {
                    z = 8;
                    break;
                }
                break;
            case 76404080:
                if (str2.equals("PS256")) {
                    z = 3;
                    break;
                }
                break;
            case 76405132:
                if (str2.equals("PS384")) {
                    z = 4;
                    break;
                }
                break;
            case 76406835:
                if (str2.equals("PS512")) {
                    z = 5;
                    break;
                }
                break;
            case 78251122:
                if (str2.equals("RS256")) {
                    z = false;
                    break;
                }
                break;
            case 78252174:
                if (str2.equals("RS384")) {
                    z = true;
                    break;
                }
                break;
            case 78253877:
                if (str2.equals("RS512")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
            case true:
            case true:
                registerKeyProvider(str, "algorithm", str2, "rsa-generated", keycloak, testContext);
                return;
            case true:
            case true:
            case true:
                registerKeyProvider(str, "ecdsaEllipticCurveKey", convertAlgorithmToECDomainParamNistRep(str2), "ecdsa-generated", keycloak, testContext);
                return;
            default:
                return;
        }
    }

    public static String convertAlgorithmToECDomainParamNistRep(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 66245349:
                if (str.equals("ES256")) {
                    z = false;
                    break;
                }
                break;
            case 66246401:
                if (str.equals("ES384")) {
                    z = true;
                    break;
                }
                break;
            case 66248104:
                if (str.equals("ES512")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "P-256";
            case true:
                return "P-384";
            case true:
                return "P-521";
            default:
                return null;
        }
    }

    private static void registerKeyProvider(String str, String str2, String str3, String str4, Keycloak keycloak, TestContext testContext) {
        long currentTimeMillis = System.currentTimeMillis();
        ComponentRepresentation createKeyRep = createKeyRep("valid", str4);
        createKeyRep.setConfig(new MultivaluedHashMap());
        createKeyRep.getConfig().putSingle("priority", Long.toString(currentTimeMillis));
        createKeyRep.getConfig().putSingle(str2, str3);
        Response add = keycloak.realm(str).components().add(createKeyRep);
        Throwable th = null;
        try {
            try {
                testContext.getOrCreateCleanup(str).addComponentId(ApiUtil.getCreatedId(add));
                if (add != null) {
                    if (0 == 0) {
                        add.close();
                        return;
                    }
                    try {
                        add.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (add != null) {
                if (th != null) {
                    try {
                        add.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    add.close();
                }
            }
            throw th4;
        }
    }

    private static ComponentRepresentation createKeyRep(String str, String str2) {
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setName(str);
        componentRepresentation.setParentId("test");
        componentRepresentation.setProviderId(str2);
        componentRepresentation.setProviderType(KeyProvider.class.getName());
        componentRepresentation.setConfig(new MultivaluedHashMap());
        return componentRepresentation;
    }

    private static PublicKey getRealmPublicKey(String str, String str2, Keycloak keycloak) {
        KeysMetadataRepresentation keyMetadata = keycloak.realms().realm(str).keys().getKeyMetadata();
        String str3 = (String) keyMetadata.getActive().get(str2);
        PublicKey publicKey = null;
        for (KeysMetadataRepresentation.KeyMetadataRepresentation keyMetadataRepresentation : keyMetadata.getKeys()) {
            if (keyMetadataRepresentation.getKid().equals(str3)) {
                X509EncodedKeySpec x509EncodedKeySpec = null;
                try {
                    x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decode(keyMetadataRepresentation.getPublicKey()));
                } catch (IOException e) {
                    e.printStackTrace();
                }
                KeyFactory keyFactory = null;
                try {
                    keyFactory = KeyFactory.getInstance(keyMetadataRepresentation.getType());
                } catch (NoSuchAlgorithmException e2) {
                    e2.printStackTrace();
                }
                try {
                    publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
                } catch (InvalidKeySpecException e3) {
                    e3.printStackTrace();
                }
            }
        }
        return publicKey;
    }

    private static Signature getSignature(String str) {
        try {
            return Signature.getInstance(JavaAlgorithm.getJavaAlgorithm(str), "BC");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
