package dk.grinn.keycloak.migration.boundary;

import dk.grinn.keycloak.migration.entities.CreateRealmKey;
import java.security.KeyPair;
import javax.persistence.EntityManager;
import org.jboss.logging.Logger;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.PemUtils;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.RealmModel;

/* loaded from: input_file:dk/grinn/keycloak/migration/boundary/RealmKeyController.class */
public class RealmKeyController {
    private static final Logger LOG = Logger.getLogger(RealmKeyController.class);
    protected static final String PRIVATE_KEY_CONFIG_KEY = "privateKey";
    protected static final String CERTIFICATE_CONFIG_KEY = "certificate";
    private EntityManager em;
    private GkcadmRealmAttributeController controller;

    public RealmKeyController(EntityManager entityManager) {
        this.em = entityManager;
        this.controller = new GkcadmRealmAttributeController(entityManager);
    }

    public static void disableRsaGenerated(RealmModel realmModel) {
        realmModel.getComponents().stream().filter(componentModel -> {
            return componentModel.getName().equals("rsa-generated");
        }).forEach(componentModel2 -> {
            componentModel2.getConfig().putSingle("active", "false");
            componentModel2.getConfig().putSingle("enabled", "false");
            realmModel.updateComponent(componentModel2);
        });
    }

    public void setRealmKey(RealmModel realmModel, CreateRealmKey createRealmKey) {
        String name = realmModel.getName();
        String privateKey = createRealmKey.getPrivateKey();
        String certificate = createRealmKey.getCertificate();
        if (createRealmKey.isReuse() && (privateKey == null || certificate == null)) {
            LOG.info("Signaled re-using realm key");
            privateKey = this.controller.getAttribute(name, PRIVATE_KEY_CONFIG_KEY);
            certificate = this.controller.getAttribute(name, CERTIFICATE_CONFIG_KEY);
        }
        if (privateKey == null || certificate == null) {
            LOG.info("Generating new realm key");
            KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
            certificate = PemUtils.encodeCertificate(CertificateUtils.generateV1SelfSignedCertificate(generateRsaKeyPair, createRealmKey.getSubject()));
            privateKey = PemUtils.encodeKey(generateRsaKeyPair.getPrivate());
        }
        this.controller.putAttribute(name, PRIVATE_KEY_CONFIG_KEY, privateKey);
        this.controller.putAttribute(name, CERTIFICATE_CONFIG_KEY, certificate);
        realmModel.addComponentModel(createRsaComponent(createRealmKey.getName(), realmModel.getId(), privateKey, certificate, createRealmKey.getPriority()));
    }

    private ComponentModel createRsaComponent(String str, String str2, String str3, String str4, long j) {
        ComponentModel componentModel = new ComponentModel();
        componentModel.setName(str);
        componentModel.setParentId(str2);
        componentModel.setProviderId("rsa");
        componentModel.setProviderType("org.keycloak.keys.KeyProvider");
        componentModel.setConfig(new MultivaluedHashMap());
        componentModel.getConfig().putSingle("active", "true");
        componentModel.getConfig().putSingle("enabled", "true");
        componentModel.getConfig().putSingle("priority", String.valueOf(j));
        componentModel.getConfig().putSingle(PRIVATE_KEY_CONFIG_KEY, str3);
        componentModel.getConfig().putSingle(CERTIFICATE_CONFIG_KEY, str4);
        componentModel.getConfig().putSingle("algorithm", "RS256");
        return componentModel;
    }
}
