package org.keycloak.keys;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.List;
import java.util.Optional;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.PemUtils;
import org.keycloak.component.ComponentModel;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.models.RealmModel;

/* loaded from: input_file:org/keycloak/keys/GeneratedEcdhKeyProvider.class */
public class GeneratedEcdhKeyProvider extends AbstractEcKeyProvider {
    private static final Logger logger = Logger.getLogger(GeneratedEcdhKeyProvider.class);

    public GeneratedEcdhKeyProvider(RealmModel realmModel, ComponentModel componentModel) {
        super(realmModel, componentModel);
    }

    @Override // org.keycloak.keys.AbstractEcKeyProvider
    protected KeyWrapper loadKey(RealmModel realmModel, ComponentModel componentModel) {
        String str = (String) componentModel.getConfig().getFirst(GeneratedEcdhKeyProviderFactory.ECDH_PRIVATE_KEY_KEY);
        String str2 = (String) componentModel.getConfig().getFirst(GeneratedEcdhKeyProviderFactory.ECDH_PUBLIC_KEY_KEY);
        String str3 = (String) componentModel.getConfig().getFirst(GeneratedEcdhKeyProviderFactory.ECDH_ALGORITHM_KEY);
        boolean booleanValue = ((Boolean) Optional.ofNullable((String) componentModel.getConfig().getFirst(Attributes.EC_GENERATE_CERTIFICATE_KEY)).map(Boolean::parseBoolean).orElse(false)).booleanValue();
        try {
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decode(str));
            KeyFactory keyFactory = KeyFactory.getInstance("EC");
            KeyPair keyPair = new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decode(str2))), keyFactory.generatePrivate(pKCS8EncodedKeySpec));
            X509Certificate x509Certificate = (X509Certificate) Optional.ofNullable((String) componentModel.getConfig().getFirst("certificate")).map(PemUtils::decodeCertificate).orElse(null);
            if (booleanValue && x509Certificate == null) {
                x509Certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, realmModel.getName());
                componentModel.getConfig().put("certificate", List.of(Base64.encodeBytes(x509Certificate.getEncoded())));
            }
            return createKeyWrapper(keyPair, str3, KeyUse.ENC, x509Certificate);
        } catch (Exception e) {
            logger.warnf("Exception at decodeEcdhPublicKey. %s", e.toString());
            return null;
        }
    }
}
