package de.governikus.autent.eudiwallet.keycloak.provider.signingservices;

import de.governikus.autent.eudiwallet.keycloak.constants.Constants;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.List;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.component.ComponentModel;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.Provider;

/* loaded from: input_file:de/governikus/autent/eudiwallet/keycloak/provider/signingservices/OpenId4VciSigningProvider.class */
public interface OpenId4VciSigningProvider<C> extends Provider {
    KeycloakSession getKeycloakSession();

    String signCredential(ClientScopeModel clientScopeModel, C c);

    default void close() {
    }

    default KeyPair generatePpEphKeyPair() {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(Constants.Curves.SEC_P256_R1);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(eCGenParameterSpec);
        return keyPairGenerator.generateKeyPair();
    }

    default void doMissingCertificateWorkaround(RealmModel realmModel, KeyWrapper keyWrapper) {
        if (keyWrapper.getCertificate() == null) {
            KeyPair keyPair = new KeyPair((PublicKey) keyWrapper.getPublicKey(), (PrivateKey) keyWrapper.getPrivateKey());
            ComponentModel component = realmModel.getComponent(keyWrapper.getProviderId());
            X509Certificate generateV1SelfSignedCertificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, realmModel.getName());
            component.getConfig().put("certificate", List.of(Base64.encodeBytes(generateV1SelfSignedCertificate.getEncoded())));
            keyWrapper.setCertificate(generateV1SelfSignedCertificate);
        }
    }
}
