package org.keycloak.keys;

import java.util.Date;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
import org.keycloak.crypto.KeyStatus;
import org.keycloak.crypto.KeyWrapper;

/* loaded from: input_file:org/keycloak/keys/KeyNoteUtils.class */
public class KeyNoteUtils {
    private static final Logger logger = Logger.getLogger(KeyNoteUtils.class);

    private KeyNoteUtils() {
    }

    public static void attachKeyNotes(ComponentModel componentModel, String str, KeyWrapper keyWrapper) {
        componentModel.setNote(str, keyWrapper);
        Date date = null;
        if (keyWrapper.getCertificateChain() != null && !keyWrapper.getCertificateChain().isEmpty()) {
            date = (Date) keyWrapper.getCertificateChain().stream().map((v0) -> {
                return v0.getNotAfter();
            }).min((v0, v1) -> {
                return v0.compareTo(v1);
            }).get();
        }
        if (keyWrapper.getCertificate() != null) {
            if (date == null) {
                date = keyWrapper.getCertificate().getNotAfter();
            } else {
                date = date.compareTo(keyWrapper.getCertificate().getNotAfter()) < 0 ? date : keyWrapper.getCertificate().getNotAfter();
            }
        }
        if (date != null) {
            componentModel.setNote(str + ".notAfter", date);
            if (KeyStatus.ACTIVE.equals(keyWrapper.getStatus())) {
                checkNotAfter(componentModel, keyWrapper, date);
            }
        }
    }

    public static KeyWrapper retrieveKeyFromNotes(ComponentModel componentModel, String str) {
        KeyWrapper keyWrapper = (KeyWrapper) componentModel.getNote(str);
        if (keyWrapper != null && KeyStatus.ACTIVE.equals(keyWrapper.getStatus()) && componentModel.hasNote(str + ".notAfter")) {
            checkNotAfter(componentModel, keyWrapper, (Date) componentModel.getNote(str + ".notAfter"));
        }
        return keyWrapper;
    }

    private static void checkNotAfter(ComponentModel componentModel, KeyWrapper keyWrapper, Date date) {
        if (new Date(Time.currentTimeMillis()).compareTo(date) > 0) {
            logger.warnf("Certificate chain for kid '%s' (%s) is not valid anymore, disabling it (certificate expired on %s)", keyWrapper.getKid(), componentModel.getName(), date);
            keyWrapper.setStatus(KeyStatus.PASSIVE);
            componentModel.put(Attributes.ACTIVE_KEY, false);
        }
    }
}
