package org.keycloak.util;

import java.io.IOException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64Url;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.PublicKeysWrapper;
import org.keycloak.jose.jwk.ECPublicJWK;
import org.keycloak.jose.jwk.JSONWebKeySet;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.jose.jwk.JWKParser;
import org.keycloak.jose.jwk.RSAPublicJWK;
import org.keycloak.jose.jws.crypto.HashUtils;

/* loaded from: input_file:org/keycloak/util/JWKSUtils.class */
public class JWKSUtils {
    private static final String JWK_THUMBPRINT_DEFAULT_HASH_ALGORITHM = "SHA-256";
    private static final Logger logger = Logger.getLogger(JWKSUtils.class.getName());
    private static final Map<String, String[]> JWK_THUMBPRINT_REQUIRED_MEMBERS = new HashMap();

    @Deprecated
    public static Map<String, PublicKey> getKeysForUse(JSONWebKeySet jSONWebKeySet, JWK.Use use) {
        return (Map) getKeyWrappersForUse(jSONWebKeySet, use).getKeys().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKid();
        }, keyWrapper -> {
            return (PublicKey) keyWrapper.getPublicKey();
        }));
    }

    public static PublicKeysWrapper getKeyWrappersForUse(JSONWebKeySet jSONWebKeySet, JWK.Use use) {
        return getKeyWrappersForUse(jSONWebKeySet, use, false);
    }

    public static PublicKeysWrapper getKeyWrappersForUse(JSONWebKeySet jSONWebKeySet, JWK.Use use, boolean z) {
        ArrayList arrayList = new ArrayList();
        for (JWK jwk : jSONWebKeySet.getKeys()) {
            JWKParser create = JWKParser.create(jwk);
            if (jwk.getPublicKeyUse() == null && !z) {
                logger.debugf("Ignoring JWK key '%s'. Missing required field 'use'.", jwk.getKeyId());
            } else if ((use.asString().equals(jwk.getPublicKeyUse()) || (jwk.getPublicKeyUse() == null && z)) && create.isKeyTypeSupported(jwk.getKeyType())) {
                KeyWrapper wrap = wrap(jwk, create);
                wrap.setUse(getKeyUse(use.asString()));
                arrayList.add(wrap);
            }
        }
        return new PublicKeysWrapper(arrayList);
    }

    private static KeyUse getKeyUse(String str) {
        if (str == null) {
            return null;
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 100570:
                if (str.equals("enc")) {
                    z = true;
                    break;
                }
                break;
            case 113873:
                if (str.equals("sig")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return KeyUse.SIG;
            case true:
                return KeyUse.ENC;
            default:
                return null;
        }
    }

    public static JWK getKeyForUse(JSONWebKeySet jSONWebKeySet, JWK.Use use) {
        for (JWK jwk : jSONWebKeySet.getKeys()) {
            JWKParser create = JWKParser.create(jwk);
            if (jwk.getPublicKeyUse() == null) {
                logger.debugf("Ignoring JWK key '%s'. Missing required field 'use'.", jwk.getKeyId());
            } else if (use.asString().equals(create.getJwk().getPublicKeyUse()) && create.isKeyTypeSupported(jwk.getKeyType())) {
                return jwk;
            }
        }
        return null;
    }

    public static KeyWrapper getKeyWrapper(JWK jwk) {
        JWKParser create = JWKParser.create(jwk);
        if (create.isKeyTypeSupported(jwk.getKeyType())) {
            return wrap(jwk, create);
        }
        return null;
    }

    private static KeyWrapper wrap(JWK jwk, JWKParser jWKParser) {
        KeyWrapper keyWrapper = new KeyWrapper();
        keyWrapper.setKid(jwk.getKeyId());
        if (jwk.getAlgorithm() != null) {
            keyWrapper.setAlgorithm(jwk.getAlgorithm());
        }
        if (jwk.getOtherClaims().get("crv") != null) {
            keyWrapper.setCurve((String) jwk.getOtherClaims().get("crv"));
        }
        keyWrapper.setType(jwk.getKeyType());
        keyWrapper.setUse(getKeyUse(jwk.getPublicKeyUse()));
        keyWrapper.setPublicKey(jWKParser.toPublicKey());
        return keyWrapper;
    }

    public static String computeThumbprint(JWK jwk) {
        return computeThumbprint(jwk, "SHA-256");
    }

    public static String computeThumbprint(JWK jwk, String str) {
        TreeMap treeMap = new TreeMap();
        treeMap.put(JWK.KEY_TYPE, jwk.getKeyType());
        for (String str2 : JWK_THUMBPRINT_REQUIRED_MEMBERS.get(jwk.getKeyType())) {
            treeMap.put(str2, (String) jwk.getOtherClaims().get(str2));
        }
        try {
            return Base64Url.encode(HashUtils.hash(str, JsonSerialization.writeValueAsBytes(treeMap)));
        } catch (IOException e) {
            return null;
        }
    }

    static {
        JWK_THUMBPRINT_REQUIRED_MEMBERS.put("RSA", new String[]{RSAPublicJWK.MODULUS, RSAPublicJWK.PUBLIC_EXPONENT});
        JWK_THUMBPRINT_REQUIRED_MEMBERS.put("EC", new String[]{"crv", "x", ECPublicJWK.Y});
    }
}
