package org.keycloak.sdjwt;

import com.fasterxml.jackson.databind.JsonNode;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.util.HashMap;
import java.util.Map;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.crypto.ECDSASignatureSignerContext;
import org.keycloak.crypto.ECDSASignatureVerifierContext;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.crypto.SignatureVerifierContext;

/* loaded from: input_file:org/keycloak/sdjwt/TestSettings.class */
public class TestSettings {
    public final SignatureSignerContext holderSigContext;
    public final SignatureSignerContext issuerSigContext;
    public final SignatureVerifierContext holderVerifierContext;
    public final SignatureVerifierContext issuerVerifierContext;
    private static TestSettings instance = null;
    private static final Map<String, ECParameterSpec> ECDSA_KEY_SPECS = new HashMap();
    private static final Map<String, String> ECDSA_CURVE_2_SPECS_NAMES = new HashMap();

    public static TestSettings getInstance() {
        if (instance == null) {
            instance = new TestSettings();
        }
        return instance;
    }

    public SignatureSignerContext getIssuerSignerContext() {
        return this.issuerSigContext;
    }

    public SignatureSignerContext getHolderSignerContext() {
        return this.holderSigContext;
    }

    public SignatureVerifierContext getIssuerVerifierContext() {
        return this.issuerVerifierContext;
    }

    public SignatureVerifierContext getHolderVerifierContext() {
        return this.holderVerifierContext;
    }

    private TestSettings() {
        JsonNode jsonNode = TestUtils.readClaimSet(getClass(), "sdjwt/test-settings.json").get("key_settings");
        this.holderSigContext = initSigContext(jsonNode, "holder_key", "ES256", "holder");
        this.issuerSigContext = initSigContext(jsonNode, "issuer_key", "ES256", "doc-signer-05-25-2022");
        this.holderVerifierContext = initVerifierContext(jsonNode, "holder_key", "ES256", "holder");
        this.issuerVerifierContext = initVerifierContext(jsonNode, "issuer_key", "ES256", "doc-signer-05-25-2022");
    }

    private static SignatureSignerContext initSigContext(JsonNode jsonNode, String str, String str2, String str3) {
        return getSignatureSignerContext(readKeyPair(jsonNode.get(str)), str2, str3);
    }

    private static SignatureVerifierContext initVerifierContext(JsonNode jsonNode, String str, String str2, String str3) {
        return getSignatureVerifierContext(readKeyPair(jsonNode.get(str)).getPublic(), str2, str3);
    }

    private static KeyPair readKeyPair(JsonNode jsonNode) {
        return readEcdsaKeyPair(jsonNode.get("crv").asText(), jsonNode.get("d").asText(), jsonNode.get("x").asText(), jsonNode.get("y").asText());
    }

    public static SignatureVerifierContext verifierContextFrom(JsonNode jsonNode, String str) {
        PublicKey readPublicKey = readPublicKey(jsonNode);
        return getSignatureVerifierContext(readPublicKey, str, KeyUtils.createKeyId(readPublicKey));
    }

    private static PublicKey readPublicKey(JsonNode jsonNode) {
        if (jsonNode.has("jwk")) {
            jsonNode = jsonNode.get("jwk");
        }
        return readEcdsaPublic(jsonNode.get("crv").asText(), jsonNode.get("x").asText(), jsonNode.get("y").asText());
    }

    private static PublicKey readEcdsaPublic(String str, String str2, String str3) {
        try {
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64Url.decode(str2)), new BigInteger(1, Base64Url.decode(str3))), getECParameterSpec(ECDSA_CURVE_2_SPECS_NAMES.get(str))));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static KeyPair readEcdsaKeyPair(String str, String str2, String str3, String str4) {
        ECParameterSpec eCParameterSpec = getECParameterSpec(ECDSA_CURVE_2_SPECS_NAMES.get(str));
        byte[] decode = Base64Url.decode(str2);
        byte[] decode2 = Base64Url.decode(str3);
        byte[] decode3 = Base64Url.decode(str4);
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("EC");
            return new KeyPair(keyFactory.generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, decode2), new BigInteger(1, decode3)), eCParameterSpec)), keyFactory.generatePrivate(new ECPrivateKeySpec(new BigInteger(1, decode), eCParameterSpec)));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static ECParameterSpec getECParameterSpec(String str) {
        return ECDSA_KEY_SPECS.computeIfAbsent(str, TestSettings::generateEcdsaKeySpec);
    }

    private static ECParameterSpec generateEcdsaKeySpec(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec(str));
            return ((ECPublicKey) keyPairGenerator.generateKeyPair().getPublic()).getParams();
        } catch (Exception e) {
            throw new RuntimeException("Error obtaining ECParameterSpec for P-256 curve", e);
        }
    }

    private static SignatureSignerContext getSignatureSignerContext(KeyPair keyPair, String str, String str2) {
        KeyWrapper keyWrapper = new KeyWrapper();
        keyWrapper.setAlgorithm(str);
        keyWrapper.setPrivateKey(keyPair.getPrivate());
        keyWrapper.setPublicKey(keyPair.getPublic());
        keyWrapper.setType(keyPair.getPublic().getAlgorithm());
        keyWrapper.setUse(KeyUse.SIG);
        keyWrapper.setKid(str2);
        return new ECDSASignatureSignerContext(keyWrapper);
    }

    private static SignatureVerifierContext getSignatureVerifierContext(PublicKey publicKey, String str, String str2) {
        KeyWrapper keyWrapper = new KeyWrapper();
        keyWrapper.setAlgorithm(str);
        keyWrapper.setPublicKey(publicKey);
        keyWrapper.setType(publicKey.getAlgorithm());
        keyWrapper.setUse(KeyUse.SIG);
        keyWrapper.setKid(str2);
        return new ECDSASignatureVerifierContext(keyWrapper);
    }

    private static final void curveToSpecName() {
        ECDSA_CURVE_2_SPECS_NAMES.put("P-256", "secp256r1");
    }

    static {
        curveToSpecName();
    }
}
