package org.openfact.keys;

import java.security.KeyPair;
import java.security.interfaces.RSAPrivateKey;
import java.util.List;
import javax.ejb.Stateless;
import org.jboss.logging.Logger;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.PemUtils;
import org.openfact.component.ComponentModel;
import org.openfact.component.ComponentValidationException;
import org.openfact.keys.qualifiers.ComponentProviderType;
import org.openfact.keys.qualifiers.RsaKeyProviderType;
import org.openfact.keys.qualifiers.RsaKeyType;
import org.openfact.models.OrganizationModel;
import org.openfact.provider.ConfigurationValidationHelper;
import org.openfact.provider.ProviderConfigProperty;

@ComponentProviderType(providerType = KeyProvider.class)
@RsaKeyProviderType(type = RsaKeyType.GENERATED)
@Stateless
/* loaded from: input_file:WEB-INF/lib/openfact-integration-1.0.RC26.jar:org/openfact/keys/GeneratedRsaKeyProviderFactory.class */
public class GeneratedRsaKeyProviderFactory extends AbstractRsaKeyProviderFactory implements RsaKeyProviderFactory {
    public static final String ID = "rsa-generated";
    private static final String HELP_TEXT = "Generates RSA keys and creates a self-signed certificate";
    private static final Logger logger = Logger.getLogger((Class<?>) GeneratedRsaKeyProviderFactory.class);
    private static final List<ProviderConfigProperty> CONFIG_PROPERTIES = AbstractRsaKeyProviderFactory.configurationBuilder().property(Attributes.KEY_SIZE_PROPERTY).build();

    @Override // org.openfact.keys.KeyProviderFactory, org.openfact.component.ComponentFactory
    public KeyProvider create(OrganizationModel organizationModel, ComponentModel componentModel) {
        return new ImportedRsaKeyProvider(organizationModel, componentModel);
    }

    @Override // org.openfact.keys.AbstractRsaKeyProviderFactory, org.openfact.component.ComponentFactory
    public void validateConfiguration(OrganizationModel organizationModel, ComponentModel componentModel) throws ComponentValidationException {
        super.validateConfiguration(organizationModel, componentModel);
        ConfigurationValidationHelper.check(componentModel).checkList(Attributes.KEY_SIZE_PROPERTY, false);
        int i = componentModel.get(Attributes.KEY_SIZE_KEY, 2048);
        if (!componentModel.contains(Attributes.PRIVATE_KEY_KEY) || !componentModel.contains(Attributes.CERTIFICATE_KEY)) {
            generateKeys(organizationModel, componentModel, i);
            logger.debugv("Generated keys for {0}", organizationModel.getName());
        } else if (((RSAPrivateKey) PemUtils.decodePrivateKey(componentModel.get(Attributes.PRIVATE_KEY_KEY))).getModulus().bitLength() != i) {
            generateKeys(organizationModel, componentModel, i);
            logger.debugv("Key size changed, generating new keys for {0}", organizationModel.getName());
        }
    }

    private void generateKeys(OrganizationModel organizationModel, ComponentModel componentModel, int i) {
        try {
            KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(i);
            componentModel.put(Attributes.PRIVATE_KEY_KEY, PemUtils.encodeKey(generateRsaKeyPair.getPrivate()));
            generateCertificate(organizationModel, componentModel, generateRsaKeyPair);
        } catch (Throwable th) {
            throw new ComponentValidationException("Failed to generate keys", th);
        }
    }

    private void generateCertificate(OrganizationModel organizationModel, ComponentModel componentModel, KeyPair keyPair) {
        try {
            componentModel.put(Attributes.CERTIFICATE_KEY, PemUtils.encodeCertificate(CertificateUtils.generateV1SelfSignedCertificate(keyPair, organizationModel.getName())));
        } catch (Throwable th) {
            throw new ComponentValidationException("Failed to generate certificate", th);
        }
    }

    @Override // org.openfact.provider.ConfiguredProvider
    public String getHelpText() {
        return HELP_TEXT;
    }

    @Override // org.openfact.provider.ConfiguredProvider
    public List<ProviderConfigProperty> getConfigProperties() {
        return CONFIG_PROPERTIES;
    }

    @Override // org.openfact.provider.ProviderFactory
    public String getId() {
        return ID;
    }
}
