package org.keycloak.protocol.oidc.utils;

import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.keycloak.jose.jwk.JSONWebKeySet;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.jose.jwk.JWKBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;

/* loaded from: input_file:org/keycloak/protocol/oidc/utils/JWKSServerUtils.class */
public class JWKSServerUtils {
    public static JSONWebKeySet getRealmJwks(KeycloakSession keycloakSession, RealmModel realmModel) {
        JWK[] jwkArr = (JWK[]) keycloakSession.keys().getKeysStream(realmModel).filter(keyWrapper -> {
            return keyWrapper.getStatus().isEnabled() && keyWrapper.getPublicKey() != null;
        }).map(keyWrapper2 -> {
            JWKBuilder algorithm = JWKBuilder.create().kid(keyWrapper2.getKid()).algorithm(keyWrapper2.getAlgorithmOrDefault());
            List list = (List) Optional.ofNullable(keyWrapper2.getCertificateChain()).filter(list2 -> {
                return !list2.isEmpty();
            }).orElseGet(() -> {
                return Collections.singletonList(keyWrapper2.getCertificate());
            });
            if (keyWrapper2.getType().equals("RSA")) {
                return algorithm.rsa(keyWrapper2.getPublicKey(), list, keyWrapper2.getUse());
            }
            if (keyWrapper2.getType().equals("EC")) {
                return algorithm.ec(keyWrapper2.getPublicKey(), keyWrapper2.getUse());
            }
            if (keyWrapper2.getType().equals("OKP")) {
                return algorithm.okp(keyWrapper2.getPublicKey(), keyWrapper2.getUse());
            }
            return null;
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).toArray(i -> {
            return new JWK[i];
        });
        JSONWebKeySet jSONWebKeySet = new JSONWebKeySet();
        jSONWebKeySet.setKeys(jwkArr);
        return jSONWebKeySet;
    }
}
