package org.keycloak.keys;

import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64Url;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.keys.KeyProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;

/* loaded from: input_file:org/keycloak/keys/GeneratedSecretKeyProviderFactory.class */
public abstract class GeneratedSecretKeyProviderFactory<T extends KeyProvider> implements KeyProviderFactory<T> {
    public void validateConfiguration(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) throws ComponentValidationException {
        SecretKeyProviderUtils.validateConfiguration(componentModel).checkList(Attributes.SECRET_SIZE_PROPERTY, false);
        int i = componentModel.get(Attributes.SECRET_SIZE_KEY, getDefaultKeySize());
        if (!componentModel.contains("secret")) {
            generateSecret(componentModel, i);
            logger().debugv("Generated secret for {0}", realmModel.getName());
        } else if (Base64Url.decode(componentModel.get("secret")).length != i) {
            generateSecret(componentModel, i);
            logger().debugv("Secret size changed, generating new secret for {0}", realmModel.getName());
        }
    }

    private void generateSecret(ComponentModel componentModel, int i) {
        try {
            componentModel.put("secret", Base64Url.encode(KeycloakModelUtils.generateSecret(i)));
            componentModel.put("kid", KeycloakModelUtils.generateId());
        } catch (Throwable th) {
            throw new ComponentValidationException("Failed to generate secret", th);
        }
    }

    protected abstract Logger logger();

    protected abstract int getDefaultKeySize();
}
