package org.keycloak.adapters.authentication;

import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Map;
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.AdapterUtils;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.common.util.KeystoreUtil;
import org.keycloak.common.util.Time;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.jose.jwk.JWKBuilder;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.representations.JsonWebToken;

/* loaded from: input_file:BOOT-INF/lib/keycloak-adapter-core-4.6.0.Final.jar:org/keycloak/adapters/authentication/JWTClientCredentialsProvider.class */
public class JWTClientCredentialsProvider implements ClientCredentialsProvider {
    public static final String PROVIDER_ID = "jwt";
    private KeyPair keyPair;
    private JWK publicKeyJwk;
    private int tokenTimeout;

    @Override // org.keycloak.adapters.authentication.ClientCredentialsProvider
    public String getId() {
        return PROVIDER_ID;
    }

    public void setupKeyPair(KeyPair keyPair) {
        this.keyPair = keyPair;
        this.publicKeyJwk = JWKBuilder.create().rs256(keyPair.getPublic());
    }

    public void setTokenTimeout(int i) {
        this.tokenTimeout = i;
    }

    protected int getTokenTimeout() {
        return this.tokenTimeout;
    }

    public PublicKey getPublicKey() {
        return this.keyPair.getPublic();
    }

    @Override // org.keycloak.adapters.authentication.ClientCredentialsProvider
    public void init(KeycloakDeployment keycloakDeployment, Object obj) {
        if (obj == null || !(obj instanceof Map)) {
            throw new RuntimeException("Configuration of jwt credentials is missing or incorrect for client '" + keycloakDeployment.getResourceName() + "'. Check your adapter configuration");
        }
        Map<String, Object> map = (Map) obj;
        String str = (String) map.get("client-keystore-file");
        if (str == null) {
            throw new RuntimeException("Missing parameter client-keystore-file in configuration of jwt for client " + keycloakDeployment.getResourceName());
        }
        String str2 = (String) map.get("client-keystore-type");
        KeystoreUtil.KeystoreFormat keystoreFormat = str2 == null ? KeystoreUtil.KeystoreFormat.JKS : (KeystoreUtil.KeystoreFormat) Enum.valueOf(KeystoreUtil.KeystoreFormat.class, str2.toUpperCase());
        String str3 = (String) map.get("client-keystore-password");
        if (str3 == null) {
            throw new RuntimeException("Missing parameter client-keystore-password in configuration of jwt for client " + keycloakDeployment.getResourceName());
        }
        String str4 = (String) map.get("client-key-password");
        if (str4 == null) {
            str4 = str3;
        }
        String str5 = (String) map.get("client-key-alias");
        if (str5 == null) {
            str5 = keycloakDeployment.getResourceName();
        }
        setupKeyPair(KeystoreUtil.loadKeyPairFromKeystore(str, str3, str4, str5, keystoreFormat));
        this.tokenTimeout = asInt(map, "token-timeout", 10).intValue();
    }

    private Integer asInt(Map<String, Object> map, String str, int i) {
        Object obj = map.get(str);
        if (obj == null) {
            return Integer.valueOf(i);
        }
        if (obj instanceof String) {
            return Integer.valueOf(Integer.parseInt(obj.toString()));
        }
        if (obj instanceof Number) {
            return Integer.valueOf(((Number) obj).intValue());
        }
        throw new IllegalArgumentException("Can't parse " + str + " from the config. Value is " + obj);
    }

    @Override // org.keycloak.adapters.authentication.ClientCredentialsProvider
    public void setClientCredentials(KeycloakDeployment keycloakDeployment, Map<String, String> map, Map<String, String> map2) {
        String createSignedRequestToken = createSignedRequestToken(keycloakDeployment.getResourceName(), keycloakDeployment.getRealmInfoUrl());
        map2.put(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT);
        map2.put(OAuth2Constants.CLIENT_ASSERTION, createSignedRequestToken);
    }

    public String createSignedRequestToken(String str, String str2) {
        return new JWSBuilder().kid(this.publicKeyJwk.getKeyId()).jsonContent(createRequestToken(str, str2)).rsa256(this.keyPair.getPrivate());
    }

    protected JsonWebToken createRequestToken(String str, String str2) {
        JsonWebToken jsonWebToken = new JsonWebToken();
        jsonWebToken.id(AdapterUtils.generateId());
        jsonWebToken.issuer(str);
        jsonWebToken.subject(str);
        jsonWebToken.audience(str2);
        int currentTime = Time.currentTime();
        jsonWebToken.issuedAt(currentTime);
        jsonWebToken.expiration(currentTime + this.tokenTimeout);
        jsonWebToken.notBefore(currentTime);
        return jsonWebToken;
    }
}
