package org.keycloak.jose.jwe;

import java.security.Key;
import java.util.HashMap;
import java.util.Map;
import org.keycloak.jose.jwe.enc.JWEEncryptionProvider;

/* loaded from: input_file:lib/keycloak-core-10.0.2.jar:org/keycloak/jose/jwe/JWEKeyStorage.class */
public class JWEKeyStorage {
    private Key encryptionKey;
    private Key decryptionKey;
    private byte[] cekBytes;
    private Map<KeyUse, Key> decodedCEK = new HashMap();
    private JWEEncryptionProvider encryptionProvider;

    /* loaded from: input_file:lib/keycloak-core-10.0.2.jar:org/keycloak/jose/jwe/JWEKeyStorage$KeyUse.class */
    public enum KeyUse {
        ENCRYPTION,
        SIGNATURE
    }

    public Key getEncryptionKey() {
        return this.encryptionKey;
    }

    public JWEKeyStorage setEncryptionKey(Key key) {
        this.encryptionKey = key;
        return this;
    }

    public Key getDecryptionKey() {
        return this.decryptionKey;
    }

    public JWEKeyStorage setDecryptionKey(Key key) {
        this.decryptionKey = key;
        return this;
    }

    public void setCEKBytes(byte[] bArr) {
        this.cekBytes = bArr;
    }

    public byte[] getCekBytes() {
        if (this.cekBytes == null) {
            this.cekBytes = this.encryptionProvider.serializeCEK(this);
        }
        return this.cekBytes;
    }

    public JWEKeyStorage setCEKKey(Key key, KeyUse keyUse) {
        this.decodedCEK.put(keyUse, key);
        return this;
    }

    public Key getCEKKey(KeyUse keyUse, boolean z) {
        if (this.decodedCEK.get(keyUse) == null) {
            if (this.encryptionProvider == null) {
                throw new IllegalStateException("encryptionProvider needs to be set");
            }
            if (this.cekBytes == null && z) {
                generateCekBytes();
            }
            if (this.cekBytes != null) {
                this.encryptionProvider.deserializeCEK(this);
            }
        }
        return this.decodedCEK.get(keyUse);
    }

    private void generateCekBytes() {
        this.cekBytes = JWEUtils.generateSecret(this.encryptionProvider.getExpectedCEKLength());
    }

    public void setEncryptionProvider(JWEEncryptionProvider jWEEncryptionProvider) {
        this.encryptionProvider = jWEEncryptionProvider;
    }
}
