package org.keycloak.protocol.oidc.utils;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.SecretGenerator;
import org.keycloak.crypto.SHA256HashProviderFactory;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.userprofile.DeclarativeUserProfileProvider;

/* loaded from: input_file:org/keycloak/protocol/oidc/utils/PkceUtils.class */
public class PkceUtils {
    public static String generateCodeVerifier() {
        return Base64Url.encode(SecretGenerator.getInstance().randomBytes(64));
    }

    public static String encodeCodeChallenge(String str, String str2) {
        try {
            boolean z = -1;
            switch (str2.hashCode()) {
                case 2522400:
                    if (str2.equals(OIDCLoginProtocol.PKCE_METHOD_S256)) {
                        z = false;
                        break;
                    }
                    break;
                case 106748362:
                    if (str2.equals(OIDCLoginProtocol.PKCE_METHOD_PLAIN)) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return generateS256CodeChallenge(str);
                case DeclarativeUserProfileProvider.PROVIDER_PRIORITY /* 1 */:
                default:
                    return str;
            }
        } catch (Exception e) {
            return null;
        }
        return null;
    }

    public static String generateS256CodeChallenge(String str) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance(SHA256HashProviderFactory.ID);
        messageDigest.update(str.getBytes(StandardCharsets.ISO_8859_1));
        return Base64Url.encode(messageDigest.digest());
    }

    public static boolean validateCodeChallenge(String str, String str2, String str3) {
        try {
            boolean z = -1;
            switch (str3.hashCode()) {
                case 2522400:
                    if (str3.equals(OIDCLoginProtocol.PKCE_METHOD_S256)) {
                        z = true;
                        break;
                    }
                    break;
                case 106748362:
                    if (str3.equals(OIDCLoginProtocol.PKCE_METHOD_PLAIN)) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return str.equals(str2);
                case DeclarativeUserProfileProvider.PROVIDER_PRIORITY /* 1 */:
                    return generateS256CodeChallenge(str).equals(str2);
                default:
                    return false;
            }
        } catch (Exception e) {
            return false;
        }
    }
}
