package org.keycloak.jose.jwk;

import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.List;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.PemUtils;
import org.keycloak.crypto.KeyUse;

/* loaded from: input_file:WEB-INF/lib/keycloak-core-16.1.1.jar:org/keycloak/jose/jwk/JWKBuilder.class */
public class JWKBuilder {
    public static final String DEFAULT_PUBLIC_KEY_USE = "sig";
    private String kid;
    private String algorithm;

    private JWKBuilder() {
    }

    public static JWKBuilder create() {
        return new JWKBuilder();
    }

    public JWKBuilder kid(String str) {
        this.kid = str;
        return this;
    }

    public JWKBuilder algorithm(String str) {
        this.algorithm = str;
        return this;
    }

    public JWK rs256(PublicKey publicKey) {
        algorithm("RS256");
        return rsa(publicKey);
    }

    public JWK rsa(Key key) {
        return rsa(key, null, KeyUse.SIG);
    }

    public JWK rsa(Key key, X509Certificate x509Certificate) {
        return rsa(key, Collections.singletonList(x509Certificate), KeyUse.SIG);
    }

    public JWK rsa(Key key, List<X509Certificate> list) {
        return rsa(key, list, null);
    }

    public JWK rsa(Key key, List<X509Certificate> list, KeyUse keyUse) {
        RSAPublicKey rSAPublicKey = (RSAPublicKey) key;
        RSAPublicJWK rSAPublicJWK = new RSAPublicJWK();
        rSAPublicJWK.setKeyId(this.kid != null ? this.kid : KeyUtils.createKeyId(key));
        rSAPublicJWK.setKeyType("RSA");
        rSAPublicJWK.setAlgorithm(this.algorithm);
        rSAPublicJWK.setPublicKeyUse(keyUse == null ? KeyUse.SIG.getSpecName() : keyUse.getSpecName());
        rSAPublicJWK.setModulus(Base64Url.encode(JWKUtil.toIntegerBytes(rSAPublicKey.getModulus())));
        rSAPublicJWK.setPublicExponent(Base64Url.encode(JWKUtil.toIntegerBytes(rSAPublicKey.getPublicExponent())));
        if (list != null && !list.isEmpty()) {
            String[] strArr = new String[list.size()];
            for (int i = 0; i < list.size(); i++) {
                strArr[i] = PemUtils.encodeCertificate(list.get(i));
            }
            rSAPublicJWK.setX509CertificateChain(strArr);
        }
        return rSAPublicJWK;
    }

    public JWK rsa(Key key, KeyUse keyUse) {
        JWK rsa = rsa(key);
        String specName = keyUse == null ? DEFAULT_PUBLIC_KEY_USE : keyUse.getSpecName();
        if (KeyUse.ENC == keyUse) {
            specName = "enc";
        }
        rsa.setPublicKeyUse(specName);
        return rsa;
    }

    public JWK ec(Key key) {
        ECPublicKey eCPublicKey = (ECPublicKey) key;
        ECPublicJWK eCPublicJWK = new ECPublicJWK();
        String createKeyId = this.kid != null ? this.kid : KeyUtils.createKeyId(key);
        int fieldSize = eCPublicKey.getParams().getCurve().getField().getFieldSize();
        eCPublicJWK.setKeyId(createKeyId);
        eCPublicJWK.setKeyType("EC");
        eCPublicJWK.setAlgorithm(this.algorithm);
        eCPublicJWK.setPublicKeyUse(DEFAULT_PUBLIC_KEY_USE);
        eCPublicJWK.setCrv("P-" + fieldSize);
        eCPublicJWK.setX(Base64Url.encode(JWKUtil.toIntegerBytes(eCPublicKey.getW().getAffineX())));
        eCPublicJWK.setY(Base64Url.encode(JWKUtil.toIntegerBytes(eCPublicKey.getW().getAffineY())));
        return eCPublicJWK;
    }
}
