package org.keycloak.keys;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.models.KeyManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.ProviderFactory;

/* loaded from: input_file:org/keycloak/keys/DefaultKeyManager.class */
public class DefaultKeyManager implements KeyManager {
    private static final Logger logger = Logger.getLogger(DefaultKeyManager.class);
    private final KeycloakSession session;
    private final Map<String, List<KeyProvider>> providersMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/keys/DefaultKeyManager$ProviderComparator.class */
    public class ProviderComparator implements Comparator<ComponentModel> {
        private ProviderComparator() {
        }

        @Override // java.util.Comparator
        public int compare(ComponentModel componentModel, ComponentModel componentModel2) {
            int compare = Long.compare(componentModel2.get(Attributes.PRIORITY_KEY, 0L), componentModel.get(Attributes.PRIORITY_KEY, 0L));
            return compare != 0 ? compare : componentModel.getId().compareTo(componentModel2.getId());
        }
    }

    public DefaultKeyManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public KeyWrapper getActiveKey(RealmModel realmModel, KeyUse keyUse, String str) {
        KeyWrapper activeKey = getActiveKey(getProviders(realmModel), realmModel, keyUse, str);
        if (activeKey != null) {
            return activeKey;
        }
        logger.debugv("Failed to find active key for realm, trying fallback: realm={0} algorithm={1} use={2}", realmModel.getName(), str, keyUse.name());
        Iterator it = this.session.getKeycloakSessionFactory().getProviderFactories(KeyProvider.class).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((ProviderFactory) it.next()).createFallbackKeys(this.session, keyUse, str)) {
                this.providersMap.remove(realmModel.getId());
                KeyWrapper activeKey2 = getActiveKey(getProviders(realmModel), realmModel, keyUse, str);
                if (activeKey2 != null) {
                    logger.warnv("Fallback key created: realm={0} algorithm={1} use={2}", realmModel.getName(), str, keyUse.name());
                    return activeKey2;
                }
            }
        }
        logger.errorv("Failed to create fallback key for realm: realm={0} algorithm={1} use={2", realmModel.getName(), str, keyUse.name());
        throw new RuntimeException("Failed to find key: realm=" + realmModel.getName() + " algorithm=" + str + " use=" + keyUse.name());
    }

    private KeyWrapper getActiveKey(List<KeyProvider> list, RealmModel realmModel, KeyUse keyUse, String str) {
        Iterator<KeyProvider> it = list.iterator();
        while (it.hasNext()) {
            for (KeyWrapper keyWrapper : it.next().getKeys()) {
                if (keyWrapper.getStatus().isActive() && matches(keyWrapper, keyUse, str)) {
                    if (logger.isTraceEnabled()) {
                        logger.tracev("Active key found: realm={0} kid={1} algorithm={2} use={3}", new Object[]{realmModel.getName(), keyWrapper.getKid(), str, keyUse.name()});
                    }
                    return keyWrapper;
                }
            }
        }
        return null;
    }

    public KeyWrapper getKey(RealmModel realmModel, String str, KeyUse keyUse, String str2) {
        if (str == null) {
            logger.warnv("kid is null, can't find public key", realmModel.getName(), str);
            return null;
        }
        Iterator<KeyProvider> it = getProviders(realmModel).iterator();
        while (it.hasNext()) {
            for (KeyWrapper keyWrapper : it.next().getKeys()) {
                if (keyWrapper.getKid().equals(str) && keyWrapper.getStatus().isEnabled() && matches(keyWrapper, keyUse, str2)) {
                    if (logger.isTraceEnabled()) {
                        logger.tracev("Found key: realm={0} kid={1} algorithm={2} use={3}", new Object[]{realmModel.getName(), keyWrapper.getKid(), str2, keyUse.name()});
                    }
                    return keyWrapper;
                }
            }
        }
        if (!logger.isTraceEnabled()) {
            return null;
        }
        logger.tracev("Failed to find public key: realm={0} kid={1} algorithm={2} use={3}", new Object[]{realmModel.getName(), str, str2, keyUse.name()});
        return null;
    }

    public List<KeyWrapper> getKeys(RealmModel realmModel, KeyUse keyUse, String str) {
        LinkedList linkedList = new LinkedList();
        Iterator<KeyProvider> it = getProviders(realmModel).iterator();
        while (it.hasNext()) {
            for (KeyWrapper keyWrapper : it.next().getKeys()) {
                if (keyWrapper.getStatus().isEnabled() && matches(keyWrapper, keyUse, str)) {
                    linkedList.add(keyWrapper);
                }
            }
        }
        return linkedList;
    }

    public List<KeyWrapper> getKeys(RealmModel realmModel) {
        LinkedList linkedList = new LinkedList();
        Iterator<KeyProvider> it = getProviders(realmModel).iterator();
        while (it.hasNext()) {
            linkedList.addAll(it.next().getKeys());
        }
        return linkedList;
    }

    @Deprecated
    public KeyManager.ActiveRsaKey getActiveRsaKey(RealmModel realmModel) {
        KeyWrapper activeKey = getActiveKey(realmModel, KeyUse.SIG, "RS256");
        return new KeyManager.ActiveRsaKey(activeKey.getKid(), (PrivateKey) activeKey.getPrivateKey(), (PublicKey) activeKey.getPublicKey(), activeKey.getCertificate());
    }

    @Deprecated
    public KeyManager.ActiveHmacKey getActiveHmacKey(RealmModel realmModel) {
        KeyWrapper activeKey = getActiveKey(realmModel, KeyUse.SIG, "HS256");
        return new KeyManager.ActiveHmacKey(activeKey.getKid(), activeKey.getSecretKey());
    }

    @Deprecated
    public KeyManager.ActiveAesKey getActiveAesKey(RealmModel realmModel) {
        KeyWrapper activeKey = getActiveKey(realmModel, KeyUse.ENC, "AES");
        return new KeyManager.ActiveAesKey(activeKey.getKid(), activeKey.getSecretKey());
    }

    @Deprecated
    public PublicKey getRsaPublicKey(RealmModel realmModel, String str) {
        KeyWrapper key = getKey(realmModel, str, KeyUse.SIG, "RS256");
        if (key != null) {
            return (PublicKey) key.getPublicKey();
        }
        return null;
    }

    @Deprecated
    public Certificate getRsaCertificate(RealmModel realmModel, String str) {
        KeyWrapper key = getKey(realmModel, str, KeyUse.SIG, "RS256");
        if (key != null) {
            return key.getCertificate();
        }
        return null;
    }

    @Deprecated
    public SecretKey getHmacSecretKey(RealmModel realmModel, String str) {
        KeyWrapper key = getKey(realmModel, str, KeyUse.SIG, "HS256");
        if (key != null) {
            return key.getSecretKey();
        }
        return null;
    }

    @Deprecated
    public SecretKey getAesSecretKey(RealmModel realmModel, String str) {
        return getKey(realmModel, str, KeyUse.ENC, "AES").getSecretKey();
    }

    @Deprecated
    public List<RsaKeyMetadata> getRsaKeys(RealmModel realmModel) {
        LinkedList linkedList = new LinkedList();
        for (KeyWrapper keyWrapper : getKeys(realmModel, KeyUse.SIG, "RS256")) {
            RsaKeyMetadata rsaKeyMetadata = new RsaKeyMetadata();
            rsaKeyMetadata.setCertificate(keyWrapper.getCertificate());
            rsaKeyMetadata.setPublicKey((PublicKey) keyWrapper.getPublicKey());
            rsaKeyMetadata.setKid(keyWrapper.getKid());
            rsaKeyMetadata.setProviderId(keyWrapper.getProviderId());
            rsaKeyMetadata.setProviderPriority(keyWrapper.getProviderPriority());
            rsaKeyMetadata.setStatus(keyWrapper.getStatus());
            linkedList.add(rsaKeyMetadata);
        }
        return linkedList;
    }

    public List<SecretKeyMetadata> getHmacKeys(RealmModel realmModel) {
        LinkedList linkedList = new LinkedList();
        for (KeyWrapper keyWrapper : getKeys(realmModel, KeyUse.SIG, "HS256")) {
            SecretKeyMetadata secretKeyMetadata = new SecretKeyMetadata();
            secretKeyMetadata.setKid(keyWrapper.getKid());
            secretKeyMetadata.setProviderId(keyWrapper.getProviderId());
            secretKeyMetadata.setProviderPriority(keyWrapper.getProviderPriority());
            secretKeyMetadata.setStatus(keyWrapper.getStatus());
            linkedList.add(secretKeyMetadata);
        }
        return linkedList;
    }

    public List<SecretKeyMetadata> getAesKeys(RealmModel realmModel) {
        LinkedList linkedList = new LinkedList();
        for (KeyWrapper keyWrapper : getKeys(realmModel, KeyUse.ENC, "AES")) {
            SecretKeyMetadata secretKeyMetadata = new SecretKeyMetadata();
            secretKeyMetadata.setKid(keyWrapper.getKid());
            secretKeyMetadata.setProviderId(keyWrapper.getProviderId());
            secretKeyMetadata.setProviderPriority(keyWrapper.getProviderPriority());
            secretKeyMetadata.setStatus(keyWrapper.getStatus());
            linkedList.add(secretKeyMetadata);
        }
        return linkedList;
    }

    private boolean matches(KeyWrapper keyWrapper, KeyUse keyUse, String str) {
        return keyUse.equals(keyWrapper.getUse()) && keyWrapper.getAlgorithm().equals(str);
    }

    private List<KeyProvider> getProviders(RealmModel realmModel) {
        List<KeyProvider> list = this.providersMap.get(realmModel.getId());
        if (list == null) {
            list = new LinkedList();
            LinkedList<ComponentModel> linkedList = new LinkedList(realmModel.getComponents(realmModel.getId(), KeyProvider.class.getName()));
            linkedList.sort(new ProviderComparator());
            for (ComponentModel componentModel : linkedList) {
                try {
                    KeyProvider create = this.session.getKeycloakSessionFactory().getProviderFactory(KeyProvider.class, componentModel.getProviderId()).create(this.session, componentModel);
                    this.session.enlistForClose(create);
                    list.add(create);
                } catch (Throwable th) {
                    logger.errorv(th, "Failed to load provider {0}", componentModel.getId());
                }
            }
            this.providersMap.put(realmModel.getId(), list);
        }
        return list;
    }
}
