package com.nimbusds.openid.connect.provider.jwksetgen;

import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.OctetSequenceKey;
import com.nimbusds.jose.jwk.RSAKey;
import com.thetransactioncompany.json.pretty.PrettyJson;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.LinkedList;
import java.util.List;
import javax.crypto.KeyGenerator;

/* loaded from: input_file:com/nimbusds/openid/connect/provider/jwksetgen/JWKSetGenerator.class */
public class JWKSetGenerator {
    protected static RSAKey generateSigningRSAKey(String str) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
        return new RSAKey.Builder(rSAPublicKey).privateKey((RSAPrivateKey) generateKeyPair.getPrivate()).keyID(str).keyUse(KeyUse.SIGNATURE).build();
    }

    protected static ECKey generateSigningECKey(ECKey.Curve curve, String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(curve.toECParameterSpec());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        ECPublicKey eCPublicKey = (ECPublicKey) generateKeyPair.getPublic();
        return new ECKey.Builder(curve, eCPublicKey).privateKey((ECPrivateKey) generateKeyPair.getPrivate()).keyID(str).keyUse(KeyUse.SIGNATURE).build();
    }

    protected static OctetSequenceKey generateEncryptionAESKey(String str) throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        return new OctetSequenceKey.Builder(keyGenerator.generateKey()).keyID(str).keyUse(KeyUse.ENCRYPTION).build();
    }

    protected static OctetSequenceKey generateHMACSHA256Key() throws NoSuchAlgorithmException {
        return new OctetSequenceKey.Builder(KeyGenerator.getInstance("HmacSha256").generateKey()).keyID("hmac").keyUse(KeyUse.SIGNATURE).build();
    }

    protected static OctetSequenceKey generateSubjectEncryptionKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        return new OctetSequenceKey.Builder(keyGenerator.generateKey()).keyID("subject-encrypt").keyUse(KeyUse.ENCRYPTION).build();
    }

    public List<JWK> generateRotatingKeys(KeyIDs keyIDs, boolean z) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        LinkedList linkedList = new LinkedList();
        KeyIDs keyIDs2 = new KeyIDs();
        keyIDs2.addAll(keyIDs);
        RSAKey generateSigningRSAKey = generateSigningRSAKey(keyIDs2.addRandomUniqueKeyID());
        linkedList.add(generateSigningRSAKey);
        if (z) {
            System.out.println("[1] Generated new signing RSA key with ID " + generateSigningRSAKey.getKeyID());
        }
        ECKey generateSigningECKey = generateSigningECKey(ECKey.Curve.P_256, keyIDs2.addRandomUniqueKeyID());
        linkedList.add(generateSigningECKey);
        if (z) {
            System.out.println("[2] Generated new signing EC " + generateSigningECKey.getCurve() + " key with ID " + generateSigningECKey.getKeyID());
        }
        ECKey generateSigningECKey2 = generateSigningECKey(ECKey.Curve.P_384, keyIDs2.addRandomUniqueKeyID());
        linkedList.add(generateSigningECKey2);
        if (z) {
            System.out.println("[3] Generated new signing EC " + generateSigningECKey2.getCurve() + " key with ID " + generateSigningECKey2.getKeyID());
        }
        ECKey generateSigningECKey3 = generateSigningECKey(ECKey.Curve.P_521, keyIDs2.addRandomUniqueKeyID());
        linkedList.add(generateSigningECKey3);
        if (z) {
            System.out.println("[4] Generated new signing EC " + generateSigningECKey3.getCurve() + " key with ID " + generateSigningECKey3.getKeyID());
        }
        OctetSequenceKey generateEncryptionAESKey = generateEncryptionAESKey(keyIDs2.addRandomUniqueKeyID());
        linkedList.add(generateEncryptionAESKey);
        if (z) {
            System.out.println("[5] Generated new encryption AES key with ID " + generateEncryptionAESKey.getKeyID());
        }
        return linkedList;
    }

    public List<JWK> generatePermanentKeys(boolean z) throws NoSuchAlgorithmException {
        LinkedList linkedList = new LinkedList();
        OctetSequenceKey generateHMACSHA256Key = generateHMACSHA256Key();
        linkedList.add(generateHMACSHA256Key);
        if (z) {
            System.out.println("[6] Generated new HMAC SHA key with ID " + generateHMACSHA256Key.getKeyID());
        }
        OctetSequenceKey generateSubjectEncryptionKey = generateSubjectEncryptionKey();
        linkedList.add(generateSubjectEncryptionKey);
        if (z) {
            System.out.println("[7] Generated new pairwise subject AES SIV encryption key with ID " + generateSubjectEncryptionKey.getKeyID());
        }
        return linkedList;
    }

    public JWKSet generate(boolean z) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        LinkedList linkedList = new LinkedList();
        linkedList.addAll(generateRotatingKeys(new KeyIDs(), z));
        linkedList.addAll(generatePermanentKeys(z));
        return new JWKSet(linkedList);
    }

    public JWKSet generateAndPrefixNewKeys(JWKSet jWKSet, boolean z) throws Exception {
        LinkedList linkedList = new LinkedList();
        linkedList.addAll(generateRotatingKeys(new KeyIDs(jWKSet), z));
        linkedList.addAll(jWKSet.getKeys());
        if (z) {
            System.out.println("[6] Prefixed newly generated keys to existing JWK set");
        }
        return new JWKSet(linkedList);
    }

    public static void main(String[] strArr) {
        File file;
        File file2;
        System.out.println("JWK set generator for Connect2id server v6.x+");
        if (strArr.length == 2) {
            file = new File(strArr[0]);
            file2 = new File(strArr[1]);
        } else {
            if (strArr.length != 1) {
                System.out.println("Usage:");
                System.out.println("1) To generate new Connect2id server JWK set: ");
                System.out.println("   java -jar jwkset-gen.jar jwkSet.json");
                System.out.println("2) To add new set of rotating keys to existing Connect2id server JWK set: ");
                System.out.println("   java -jar jwkset-gen.jar oldJWKSet.json newJWKSet.json");
                return;
            }
            file = null;
            file2 = new File(strArr[0]);
        }
        JWKSet jWKSet = null;
        if (file != null) {
            try {
                jWKSet = JWKSet.load(file);
            } catch (IOException | ParseException e) {
                System.err.println("Couldn't read old JWK set file: " + e.getMessage());
                return;
            }
        }
        try {
            try {
                String parseAndFormat = new PrettyJson(PrettyJson.Style.COMPACT).parseAndFormat((jWKSet == null ? new JWKSetGenerator().generate(true) : new JWKSetGenerator().generateAndPrefixNewKeys(jWKSet, true)).toJSONObject(false).toJSONString());
                PrintWriter printWriter = new PrintWriter(file2, "UTF-8");
                printWriter.write(parseAndFormat);
                printWriter.write("\n");
                printWriter.close();
            } catch (IOException | ParseException e2) {
                System.err.println("Couldn't write new JWK set file: " + e2.getMessage());
            }
        } catch (Exception e3) {
            System.err.println("Couldn't generate JWK key: " + e3.getMessage());
        }
    }
}
