package org.keycloak.keys;

import java.security.KeyPair;
import java.util.Collections;
import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.Time;
import org.keycloak.crypto.KeyStatus;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;

/* loaded from: input_file:org/keycloak/keys/FailsafeRsaKeyProvider.class */
public class FailsafeRsaKeyProvider implements KeyProvider {
    private static final Logger logger = Logger.getLogger(FailsafeRsaKeyProvider.class);
    private static KeyWrapper KEY;
    private static long EXPIRES;
    private KeyWrapper key;

    public FailsafeRsaKeyProvider() {
        logger.errorv("No active keys found, using failsafe provider, please login to admin console to add keys. Clustering is not supported.", new Object[0]);
        synchronized (FailsafeRsaKeyProvider.class) {
            if (EXPIRES < Time.currentTime()) {
                KEY = createKeyWrapper();
                EXPIRES = Time.currentTime() + 600;
                if (EXPIRES > 0) {
                    logger.warnv("Keys expired, re-generated kid={0}", KEY.getKid());
                }
            }
            this.key = KEY;
        }
    }

    public List<KeyWrapper> getKeys() {
        return Collections.singletonList(this.key);
    }

    private KeyWrapper createKeyWrapper() {
        KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
        KeyWrapper keyWrapper = new KeyWrapper();
        keyWrapper.setKid(KeyUtils.createKeyId(generateRsaKeyPair.getPublic()));
        keyWrapper.setUse(KeyUse.SIG);
        keyWrapper.setType("RSA");
        keyWrapper.setAlgorithms(new String[]{"RS256", "RS384", "RS512"});
        keyWrapper.setStatus(KeyStatus.ACTIVE);
        keyWrapper.setSignKey(generateRsaKeyPair.getPrivate());
        keyWrapper.setVerifyKey(generateRsaKeyPair.getPublic());
        return keyWrapper;
    }
}
