package org.keycloak.keys;

import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.stream.Stream;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.component.ComponentModel;
import org.keycloak.crypto.KeyStatus;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.RsaesOaepCekManagementProviderFactory;
import org.keycloak.models.RealmModel;

/* loaded from: input_file:org/keycloak/keys/AbstractRsaKeyProvider.class */
public abstract class AbstractRsaKeyProvider implements KeyProvider {
    private final KeyStatus status;
    private final ComponentModel model;
    private final KeyWrapper key;
    private final String algorithm;

    public AbstractRsaKeyProvider(RealmModel realmModel, ComponentModel componentModel) {
        this.model = componentModel;
        this.status = KeyStatus.from(componentModel.get(Attributes.ACTIVE_KEY, true), componentModel.get(Attributes.ENABLED_KEY, true));
        this.algorithm = componentModel.get(Attributes.ALGORITHM_KEY, KeyUse.ENC.name().equals(componentModel.get(Attributes.KEY_USE)) ? RsaesOaepCekManagementProviderFactory.ID : "RS256");
        if (componentModel.hasNote(KeyWrapper.class.getName())) {
            this.key = (KeyWrapper) componentModel.getNote(KeyWrapper.class.getName());
        } else {
            this.key = loadKey(realmModel, componentModel);
            componentModel.setNote(KeyWrapper.class.getName(), this.key);
        }
    }

    protected abstract KeyWrapper loadKey(RealmModel realmModel, ComponentModel componentModel);

    public Stream<KeyWrapper> getKeysStream() {
        return Stream.of(this.key);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyWrapper createKeyWrapper(KeyPair keyPair, X509Certificate x509Certificate, KeyUse keyUse) {
        return createKeyWrapper(keyPair, x509Certificate, Collections.emptyList(), keyUse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyWrapper createKeyWrapper(KeyPair keyPair, X509Certificate x509Certificate, List<X509Certificate> list, KeyUse keyUse) {
        KeyWrapper keyWrapper = new KeyWrapper();
        keyWrapper.setProviderId(this.model.getId());
        keyWrapper.setProviderPriority(this.model.get(Attributes.PRIORITY_KEY, 0L));
        keyWrapper.setKid(KeyUtils.createKeyId(keyPair.getPublic()));
        keyWrapper.setUse(keyUse == null ? KeyUse.SIG : keyUse);
        keyWrapper.setType("RSA");
        keyWrapper.setAlgorithm(this.algorithm);
        keyWrapper.setStatus(this.status);
        keyWrapper.setPrivateKey(keyPair.getPrivate());
        keyWrapper.setPublicKey(keyPair.getPublic());
        keyWrapper.setCertificate(x509Certificate);
        if (!list.isEmpty()) {
            if (x509Certificate != null && !x509Certificate.equals(list.get(0))) {
                list.add(0, x509Certificate);
            }
            keyWrapper.setCertificateChain(list);
        }
        return keyWrapper;
    }
}
