package org.keycloak.keys;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.interfaces.ECPublicKey;
import java.security.spec.X509EncodedKeySpec;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.crypto.KeyUse;
import org.keycloak.keys.KeyProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.ConfigurationValidationHelper;
import org.keycloak.provider.ProviderConfigProperty;

/* loaded from: input_file:org/keycloak/keys/AbstractGeneratedEcKeyProviderFactory.class */
public abstract class AbstractGeneratedEcKeyProviderFactory<T extends KeyProvider> extends AbstractEcKeyProviderFactory<T> {
    protected abstract String getDefaultEcEllipticCurve();

    protected abstract String getEcEllipticCurveKey();

    protected abstract String getEcEllipticCurveKey(String str);

    protected abstract ProviderConfigProperty getEcEllipticCurveProperty();

    protected abstract String getEcPrivateKeyKey();

    protected abstract String getEcPublicKeyKey();

    protected abstract Logger getLogger();

    protected abstract boolean isSupportedEcAlgorithm(String str);

    protected abstract boolean isValidKeyUse(KeyUse keyUse);

    public boolean createFallbackKeys(KeycloakSession keycloakSession, KeyUse keyUse, String str) {
        if (!isValidKeyUse(keyUse) || !isSupportedEcAlgorithm(str)) {
            return false;
        }
        RealmModel realm = keycloakSession.getContext().getRealm();
        ComponentModel componentModel = new ComponentModel();
        componentModel.setName("fallback-" + str);
        componentModel.setParentId(realm.getId());
        componentModel.setProviderId(getId());
        componentModel.setProviderType(KeyProvider.class.getName());
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle(Attributes.PRIORITY_KEY, "-100");
        multivaluedHashMap.putSingle(getEcEllipticCurveKey(), getEcEllipticCurveKey(str));
        componentModel.setConfig(multivaluedHashMap);
        realm.addComponentModel(componentModel);
        return true;
    }

    @Override // org.keycloak.keys.AbstractEcKeyProviderFactory
    public void validateConfiguration(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) throws ComponentValidationException {
        super.validateConfiguration(keycloakSession, realmModel, componentModel);
        ConfigurationValidationHelper.check(componentModel).checkList(getEcEllipticCurveProperty(), false);
        String str = componentModel.get(getEcEllipticCurveKey());
        if (str == null) {
            str = getDefaultEcEllipticCurve();
        }
        if (!componentModel.contains(getEcPrivateKeyKey()) || !componentModel.contains(getEcPublicKeyKey())) {
            generateKeys(componentModel, str);
            getLogger().debugv("Generated keys for {0}", realmModel.getName());
            return;
        }
        if (str.equals(getCurveFromPublicKey((String) componentModel.getConfig().getFirst(getEcPublicKeyKey())))) {
            return;
        }
        generateKeys(componentModel, str);
        getLogger().debugv("Elliptic Curve changed, generating new keys for {0}", realmModel.getName());
    }

    protected void generateKeys(ComponentModel componentModel, String str) {
        try {
            KeyPair generateEcKeyPair = generateEcKeyPair(convertECDomainParmNistRepToSecRep(str));
            componentModel.put(getEcPrivateKeyKey(), Base64.encodeBytes(generateEcKeyPair.getPrivate().getEncoded()));
            componentModel.put(getEcPublicKeyKey(), Base64.encodeBytes(generateEcKeyPair.getPublic().getEncoded()));
            componentModel.put(getEcEllipticCurveKey(), str);
        } catch (Throwable th) {
            throw new ComponentValidationException("Failed to generate EC keys", th);
        }
    }

    protected String getCurveFromPublicKey(String str) {
        try {
            return "P-" + ((ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(Base64.decode(str)))).getParams().getCurve().getField().getFieldSize();
        } catch (Throwable th) {
            throw new ComponentValidationException("Failed to get EC from its public key", th);
        }
    }
}
