package org.keycloak.keys.loader;

import java.security.PublicKey;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.OIDCIdentityProviderConfig;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.keys.PublicKeyLoader;
import org.keycloak.keys.PublicKeyStorageProvider;
import org.keycloak.keys.PublicKeyStorageUtils;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;

/* loaded from: input_file:org/keycloak/keys/loader/PublicKeyStorageManager.class */
public class PublicKeyStorageManager {
    private static final Logger logger = Logger.getLogger(PublicKeyStorageManager.class);

    public static PublicKey getClientPublicKey(KeycloakSession keycloakSession, ClientModel clientModel, JWSInput jWSInput) {
        KeyWrapper clientPublicKeyWrapper = getClientPublicKeyWrapper(keycloakSession, clientModel, jWSInput);
        PublicKey publicKey = null;
        if (clientPublicKeyWrapper != null) {
            publicKey = (PublicKey) clientPublicKeyWrapper.getPublicKey();
        }
        return publicKey;
    }

    public static KeyWrapper getClientPublicKeyWrapper(KeycloakSession keycloakSession, ClientModel clientModel, JWSInput jWSInput) {
        return keycloakSession.getProvider(PublicKeyStorageProvider.class).getPublicKey(PublicKeyStorageUtils.getClientModelCacheKey(clientModel.getRealm().getId(), clientModel.getId()), jWSInput.getHeader().getKeyId(), jWSInput.getHeader().getRawAlgorithm(), new ClientPublicKeyLoader(keycloakSession, clientModel));
    }

    public static KeyWrapper getClientPublicKeyWrapper(KeycloakSession keycloakSession, ClientModel clientModel, JWK.Use use, String str) {
        return keycloakSession.getProvider(PublicKeyStorageProvider.class).getFirstPublicKey(PublicKeyStorageUtils.getClientModelCacheKey(clientModel.getRealm().getId(), clientModel.getId(), use), str, new ClientPublicKeyLoader(keycloakSession, clientModel, use));
    }

    public static KeyWrapper getIdentityProviderKeyWrapper(KeycloakSession keycloakSession, RealmModel realmModel, OIDCIdentityProviderConfig oIDCIdentityProviderConfig, JWSInput jWSInput) {
        PublicKeyLoader hardcodedPublicKeyLoader;
        boolean z = (oIDCIdentityProviderConfig.getPublicKeySignatureVerifierKeyId() == null || oIDCIdentityProviderConfig.getPublicKeySignatureVerifierKeyId().trim().isEmpty()) ? false : true;
        String keyId = jWSInput.getHeader().getKeyId();
        String rawAlgorithm = jWSInput.getHeader().getRawAlgorithm();
        PublicKeyStorageProvider provider = keycloakSession.getProvider(PublicKeyStorageProvider.class);
        String idpModelCacheKey = PublicKeyStorageUtils.getIdpModelCacheKey(realmModel.getId(), oIDCIdentityProviderConfig.getInternalId());
        if (oIDCIdentityProviderConfig.isUseJwksUrl()) {
            hardcodedPublicKeyLoader = new OIDCIdentityProviderPublicKeyLoader(keycloakSession, oIDCIdentityProviderConfig);
        } else {
            String publicKeySignatureVerifier = oIDCIdentityProviderConfig.getPublicKeySignatureVerifier();
            if (publicKeySignatureVerifier == null || publicKeySignatureVerifier.trim().isEmpty()) {
                logger.warnf("No public key saved on identityProvider %s", oIDCIdentityProviderConfig.getAlias());
                return null;
            }
            hardcodedPublicKeyLoader = new HardcodedPublicKeyLoader(z ? oIDCIdentityProviderConfig.getPublicKeySignatureVerifierKeyId().trim() : keyId, publicKeySignatureVerifier, rawAlgorithm);
        }
        return provider.getPublicKey(idpModelCacheKey, keyId, rawAlgorithm, hardcodedPublicKeyLoader);
    }
}
