package io.unitycatalog.server.security;

import com.auth0.jwt.algorithms.Algorithm;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/unitycatalog/server/security/SecurityConfiguration.class */
public class SecurityConfiguration {
    private static final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
    private Path rsa512PublicKey;
    private Path rsa512PrivateKey;
    private Path keyId;

    public SecurityConfiguration(Path path) {
        this.rsa512PublicKey = path.resolve("public_key.der");
        this.rsa512PrivateKey = path.resolve("private_key.der");
        this.keyId = path.resolve("key_id.txt");
        initializeIfMissing();
    }

    public void initializeIfMissing() {
        if (Files.notExists(this.rsa512PublicKey, new LinkOption[0]) || Files.notExists(this.rsa512PrivateKey, new LinkOption[0]) || Files.notExists(this.keyId, new LinkOption[0])) {
            log.info("Initializing security configuration.");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Files.write(this.rsa512PublicKey, generateKeyPair.getPublic().getEncoded(), StandardOpenOption.CREATE);
            Files.write(this.rsa512PrivateKey, generateKeyPair.getPrivate().getEncoded(), StandardOpenOption.CREATE);
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            Files.writeString(this.keyId, Hex.encodeHexString(bArr), new OpenOption[]{StandardOpenOption.CREATE});
        }
    }

    public Algorithm algorithmRSA() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        return Algorithm.RSA512(rsaPublicKey(), rsaPrivateKey());
    }

    public RSAPublicKey rsaPublicKey() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        if (Files.notExists(this.rsa512PublicKey, new LinkOption[0])) {
            log.info("No JWT public signing key present.");
            return null;
        }
        return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Files.readAllBytes(this.rsa512PublicKey)));
    }

    public RSAPrivateKey rsaPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        if (Files.notExists(this.rsa512PrivateKey, new LinkOption[0])) {
            log.info("No JWT private signing key present.");
            return null;
        }
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Files.readAllBytes(this.rsa512PrivateKey)));
    }

    public String getKeyId() throws IOException {
        return Files.readString(this.keyId).trim();
    }
}
