package org.keycloak.keys;

import java.security.KeyPair;
import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.crypto.KeyUse;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.ConfigurationValidationHelper;
import org.keycloak.provider.ProviderConfigProperty;

/* loaded from: input_file:org/keycloak/keys/GeneratedEcdsaKeyProviderFactory.class */
public class GeneratedEcdsaKeyProviderFactory extends AbstractEcdsaKeyProviderFactory {
    public static final String ID = "ecdsa-generated";
    private static final String HELP_TEXT = "Generates ECDSA keys";
    public static final String DEFAULT_ECDSA_ELLIPTIC_CURVE = "P-256";
    private static final Logger logger = Logger.getLogger(GeneratedEcdsaKeyProviderFactory.class);
    private static final List<ProviderConfigProperty> CONFIG_PROPERTIES = AbstractEcdsaKeyProviderFactory.configurationBuilder().property(ECDSA_ELLIPTIC_CURVE_PROPERTY).build();

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public KeyProvider m278create(KeycloakSession keycloakSession, ComponentModel componentModel) {
        return new GeneratedEcdsaKeyProvider(keycloakSession.getContext().getRealm(), componentModel);
    }

    public boolean createFallbackKeys(KeycloakSession keycloakSession, KeyUse keyUse, String str) {
        if (!keyUse.equals(KeyUse.SIG)) {
            return false;
        }
        if (!str.equals("ES256") && !str.equals("ES384") && !str.equals("ES512")) {
            return false;
        }
        RealmModel realm = keycloakSession.getContext().getRealm();
        ComponentModel componentModel = new ComponentModel();
        componentModel.setName("fallback-" + str);
        componentModel.setParentId(realm.getId());
        componentModel.setProviderId(ID);
        componentModel.setProviderType(KeyProvider.class.getName());
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle(Attributes.PRIORITY_KEY, "-100");
        multivaluedHashMap.putSingle("ecdsaEllipticCurveKey", convertAlgorithmToECDomainParmNistRep(str));
        componentModel.setConfig(multivaluedHashMap);
        realm.addComponentModel(componentModel);
        return true;
    }

    public String getHelpText() {
        return HELP_TEXT;
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return CONFIG_PROPERTIES;
    }

    public String getId() {
        return ID;
    }

    @Override // org.keycloak.keys.AbstractEcdsaKeyProviderFactory
    public void validateConfiguration(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) throws ComponentValidationException {
        super.validateConfiguration(keycloakSession, realmModel, componentModel);
        ConfigurationValidationHelper.check(componentModel).checkList(ECDSA_ELLIPTIC_CURVE_PROPERTY, false);
        String str = componentModel.get("ecdsaEllipticCurveKey");
        if (str == null) {
            str = DEFAULT_ECDSA_ELLIPTIC_CURVE;
        }
        if (!componentModel.contains("ecdsaPrivateKey") || !componentModel.contains("ecdsaPublicKey")) {
            generateKeys(componentModel, str);
            logger.debugv("Generated keys for {0}", realmModel.getName());
            return;
        }
        if (str.equals(componentModel.get("ecdsaEllipticCurveKey"))) {
            return;
        }
        generateKeys(componentModel, str);
        logger.debugv("Elliptic Curve changed, generating new keys for {0}", realmModel.getName());
    }

    private void generateKeys(ComponentModel componentModel, String str) {
        try {
            KeyPair generateEcdsaKeyPair = generateEcdsaKeyPair(convertECDomainParmNistRepToSecRep(str));
            componentModel.put("ecdsaPrivateKey", Base64.encodeBytes(generateEcdsaKeyPair.getPrivate().getEncoded()));
            componentModel.put("ecdsaPublicKey", Base64.encodeBytes(generateEcdsaKeyPair.getPublic().getEncoded()));
            componentModel.put("ecdsaEllipticCurveKey", str);
        } catch (Throwable th) {
            throw new ComponentValidationException("Failed to generate ECDSA keys", th);
        }
    }
}
