package pl.edu.icm.unity.oauth.as.token;

import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;

@Produces({"application/jwk+json; charset=UTF-8"})
@Path(OAuthTokenEndpoint.JWK_PATH)
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/KeysResource.class */
public class KeysResource extends BaseOAuthResource {
    private OAuthASProperties config;

    public KeysResource(OAuthASProperties oAuthASProperties) {
        this.config = oAuthASProperties;
    }

    @GET
    @Path("/")
    public String getKeys() {
        RSAKey build;
        X509Certificate certificate = this.config.getCredential().getCertificate();
        if (certificate.getPublicKey() instanceof RSAPublicKey) {
            build = new RSAKey.Builder((RSAPublicKey) certificate.getPublicKey()).keyUse(KeyUse.SIGNATURE).build();
        } else {
            if (!(certificate.getPublicKey() instanceof ECPublicKey)) {
                throw new InternalException("Unsupported key in certificate, shouldn't happen");
            }
            build = new ECKey.Builder(ECKey.Curve.P_256, (ECPublicKey) certificate.getPublicKey()).keyUse(KeyUse.SIGNATURE).build();
        }
        return new JWKSet(build).toString();
    }
}
