package io.jans.as.client.util;

import io.jans.as.model.crypto.AuthCryptoProvider;
import io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.exception.CryptoProviderException;
import io.jans.as.model.jwk.Algorithm;
import io.jans.as.model.jwk.JSONWebKey;
import io.jans.as.model.jwk.JSONWebKeySet;
import io.jans.as.model.jwk.KeyOpsType;
import io.jans.as.model.jwk.Use;
import io.jans.as.model.util.StringUtils;
import io.jans.util.StringHelper;
import io.jans.util.security.SecurityProviderUtility;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.apache.commons.cli.BasicParser;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.log4j.Logger;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.status.StatusLogger;
import org.jetbrains.annotations.Nullable;
import org.json.JSONObject;

/* loaded from: input_file:io/jans/as/client/util/KeyGenerator.class */
public class KeyGenerator {
    private static final String SIGNING_KEYS = "sig_keys";
    private static final String ENCRYPTION_KEYS = "enc_keys";
    private static final String KEY_STORE_FILE = "keystore";
    private static final String KEY_STORE_PASSWORD = "keypasswd";
    private static final String DN_NAME = "dnname";
    private static final String EXPIRATION = "expiration";
    private static final String EXPIRATION_HOURS = "expiration_hours";
    private static final String KEY_LENGTH = "key_length";
    private static final String HELP = "h";
    private static final String TEST_PROP_FILE = "test_prop_file";
    private static final String KEY_OPS_TYPE = "key_ops_type";
    private static final String KEY_NAME_SUFFIX = "_keyId";
    private static final Logger log;

    /* loaded from: input_file:io/jans/as/client/util/KeyGenerator$Cli.class */
    public static class Cli {
        private String[] args;
        private final Options options = new Options();

        public Cli(String[] strArr) {
            this.args = null;
            this.args = strArr;
            Option option = SecurityProviderUtility.checkFipsMode() ? new Option(KeyGenerator.SIGNING_KEYS, true, "Signature keys to generate (RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512).") : new Option(KeyGenerator.SIGNING_KEYS, true, "Signature keys to generate (RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512 EdDSA).");
            option.setArgs(-2);
            Option option2 = new Option(KeyGenerator.ENCRYPTION_KEYS, true, "Encryption keys to generate (RSA1_5 RSA-OAEP RSA-OAEP-256 ECDH-ES ECDH-ES+A128KW ECDH-ES+A192KW ECDH-ES+A256KW).");
            option2.setArgs(-2);
            this.options.addOption(option);
            this.options.addOption(option2);
            this.options.addOption("keystore", true, "Key Store file.");
            this.options.addOption(KeyGenerator.KEY_STORE_PASSWORD, true, "Key Store password.");
            this.options.addOption(KeyGenerator.DN_NAME, true, "DN of certificate issuer.");
            this.options.addOption(KeyGenerator.EXPIRATION, true, "Expiration in days.");
            this.options.addOption(KeyGenerator.EXPIRATION_HOURS, true, "Expiration in hours.");
            this.options.addOption(KeyGenerator.KEY_LENGTH, true, "Key length.");
            this.options.addOption("key_ops_type", true, "Key Operations Type.");
            this.options.addOption(KeyGenerator.TEST_PROP_FILE, true, "Tests property file.");
            this.options.addOption(KeyGenerator.HELP, false, "Show help.");
        }

        public void parse() {
            try {
                CommandLine parse = new BasicParser().parse(this.options, this.args);
                if (parse.hasOption(KeyGenerator.HELP)) {
                    help();
                }
                if ((!parse.hasOption(KeyGenerator.SIGNING_KEYS) && !parse.hasOption(KeyGenerator.ENCRYPTION_KEYS)) || (!parse.hasOption(KeyGenerator.EXPIRATION) && !parse.hasOption(KeyGenerator.EXPIRATION_HOURS))) {
                    help();
                }
                KeyOpsType parseKeyOps = parseKeyOps(parse);
                String[] optionValues = parse.getOptionValues(KeyGenerator.SIGNING_KEYS);
                String[] optionValues2 = parse.getOptionValues(KeyGenerator.ENCRYPTION_KEYS);
                List<Algorithm> fromString = parse.hasOption(KeyGenerator.SIGNING_KEYS) ? Algorithm.fromString(optionValues, Use.SIGNATURE) : new ArrayList<>();
                List<Algorithm> fromString2 = parse.hasOption(KeyGenerator.ENCRYPTION_KEYS) ? Algorithm.fromString(optionValues2, Use.ENCRYPTION) : new ArrayList<>();
                if (fromString.isEmpty() && fromString2.isEmpty()) {
                    help();
                }
                KeyGeneratorContext keyGeneratorContext = new KeyGeneratorContext();
                keyGeneratorContext.setKeyLength(StringHelper.toInt(parse.getOptionValue(KeyGenerator.KEY_LENGTH), 2048));
                keyGeneratorContext.setExpirationDays(StringHelper.toInt(parse.getOptionValue(KeyGenerator.EXPIRATION), 0));
                keyGeneratorContext.setExpirationHours(StringHelper.toInt(parse.getOptionValue(KeyGenerator.EXPIRATION_HOURS), 0));
                keyGeneratorContext.calculateExpiration();
                keyGeneratorContext.setTestPropFile(TestPropFile.create(parse));
                keyGeneratorContext.setKeyOpsType(parseKeyOps);
                if (parse.hasOption("keystore") && parse.hasOption(KeyGenerator.KEY_STORE_PASSWORD) && parse.hasOption(KeyGenerator.DN_NAME)) {
                    generateKeysWithJansAuth(parse, fromString, fromString2, keyGeneratorContext);
                } else {
                    help();
                }
            } catch (ParseException e) {
                KeyGenerator.log.error("Failed to generate keys", e);
                help();
            }
        }

        @Nullable
        private KeyOpsType parseKeyOps(CommandLine commandLine) {
            if (!commandLine.hasOption("key_ops_type")) {
                help();
            }
            KeyOpsType fromString = KeyOpsType.fromString(commandLine.getOptionValue("key_ops_type"));
            if (fromString == null) {
                help();
            }
            return fromString;
        }

        private void generateKeysWithJansAuth(CommandLine commandLine, List<Algorithm> list, List<Algorithm> list2, KeyGeneratorContext keyGeneratorContext) {
            String optionValue = commandLine.getOptionValue("keystore");
            String optionValue2 = commandLine.getOptionValue(KeyGenerator.KEY_STORE_PASSWORD);
            String optionValue3 = commandLine.getOptionValue(KeyGenerator.DN_NAME);
            try {
                SecurityProviderUtility.installBCProvider(true);
                keyGeneratorContext.setCryptoProvider(new AuthCryptoProvider(optionValue, optionValue2, optionValue3));
                generateKeys(keyGeneratorContext, list, list2);
            } catch (Exception e) {
                e.printStackTrace();
                KeyGenerator.log.error("Failed to generate keys with `jans-auth` crypto", e);
                help();
            }
        }

        private void generateKeys(KeyGeneratorContext keyGeneratorContext, List<Algorithm> list, List<Algorithm> list2) throws CryptoProviderException, IOException {
            JSONWebKeySet jSONWebKeySet = new JSONWebKeySet();
            KeyOpsType keyOpsType = keyGeneratorContext.getKeyOpsType();
            if (keyOpsType == KeyOpsType.ALL) {
                generateSignatureKeys(keyGeneratorContext, list, jSONWebKeySet, KeyOpsType.CONNECT);
                generateSignatureKeys(keyGeneratorContext, list, jSONWebKeySet, KeyOpsType.SSA);
                generateEncryptionKeys(keyGeneratorContext, list2, jSONWebKeySet, KeyOpsType.CONNECT);
                generateEncryptionKeys(keyGeneratorContext, list2, jSONWebKeySet, KeyOpsType.SSA);
            } else {
                generateSignatureKeys(keyGeneratorContext, list, jSONWebKeySet, keyOpsType);
                generateEncryptionKeys(keyGeneratorContext, list2, jSONWebKeySet, keyOpsType);
            }
            keyGeneratorContext.getTestPropFile().generate();
            System.out.println(jSONWebKeySet);
        }

        private void generateEncryptionKeys(KeyGeneratorContext keyGeneratorContext, List<Algorithm> list, JSONWebKeySet jSONWebKeySet, KeyOpsType keyOpsType) throws CryptoProviderException {
            for (Algorithm algorithm : list) {
                KeyEncryptionAlgorithm fromName = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
                JSONObject generateKey = keyGeneratorContext.getCryptoProvider().generateKey(algorithm, Long.valueOf(keyGeneratorContext.getExpirationForKeyOpsType(keyOpsType)), keyGeneratorContext.getKeyLength(), keyOpsType);
                JSONWebKey jSONWebKey = new JSONWebKey();
                jSONWebKey.setName(algorithm.getOutName());
                jSONWebKey.setDescr(algorithm.getDescription());
                jSONWebKey.setKid(generateKey.getString("kid"));
                jSONWebKey.setUse(Use.ENCRYPTION);
                jSONWebKey.setAlg(algorithm);
                jSONWebKey.setKty(fromName.getFamily().getKeyType());
                jSONWebKey.setExp(Long.valueOf(generateKey.optLong("exp")));
                jSONWebKey.setCrv(fromName.getCurve());
                jSONWebKey.setN(generateKey.optString("n"));
                jSONWebKey.setE(generateKey.optString("e"));
                jSONWebKey.setX(generateKey.optString("x"));
                jSONWebKey.setY(generateKey.optString("y"));
                jSONWebKey.setKeyOpsType(Collections.singletonList(keyOpsType));
                jSONWebKey.setX5c(StringUtils.toList(generateKey.optJSONArray("x5c")));
                jSONWebKeySet.getKeys().add(jSONWebKey);
                keyGeneratorContext.getTestPropFile().add(getKeyNameFromAlgorithm(algorithm) + "=" + generateKey.getString("kid"));
            }
        }

        private void generateSignatureKeys(KeyGeneratorContext keyGeneratorContext, List<Algorithm> list, JSONWebKeySet jSONWebKeySet, KeyOpsType keyOpsType) throws CryptoProviderException {
            for (Algorithm algorithm : list) {
                SignatureAlgorithm fromString = SignatureAlgorithm.fromString(algorithm.getParamName());
                JSONObject generateKey = keyGeneratorContext.getCryptoProvider().generateKey(algorithm, Long.valueOf(keyGeneratorContext.getExpirationForKeyOpsType(keyOpsType)), keyGeneratorContext.getKeyLength(), keyOpsType);
                JSONWebKey jSONWebKey = new JSONWebKey();
                jSONWebKey.setName(algorithm.getOutName());
                jSONWebKey.setDescr(algorithm.getDescription());
                jSONWebKey.setKid(generateKey.getString("kid"));
                jSONWebKey.setUse(Use.SIGNATURE);
                jSONWebKey.setAlg(algorithm);
                jSONWebKey.setKty(fromString.getFamily().getKeyType());
                jSONWebKey.setExp(Long.valueOf(generateKey.optLong("exp")));
                jSONWebKey.setCrv(fromString.getCurve());
                jSONWebKey.setN(generateKey.optString("n"));
                jSONWebKey.setE(generateKey.optString("e"));
                jSONWebKey.setX(generateKey.optString("x"));
                jSONWebKey.setY(generateKey.optString("y"));
                jSONWebKey.setKeyOpsType(Collections.singletonList(keyOpsType));
                jSONWebKey.setX5c(StringUtils.toList(generateKey.optJSONArray("x5c")));
                jSONWebKeySet.getKeys().add(jSONWebKey);
                keyGeneratorContext.getTestPropFile().add(getKeyNameFromAlgorithm(algorithm) + "=" + generateKey.getString("kid"));
            }
        }

        private static String getKeyNameFromAlgorithm(Algorithm algorithm) {
            return ((Algorithm.RSA_OAEP.equals(algorithm) || Algorithm.RSA_OAEP_256.equals(algorithm) || Algorithm.ECDH_ES.equals(algorithm) || Algorithm.ECDH_ES_PLUS_A128KW.equals(algorithm) || Algorithm.ECDH_ES_PLUS_A192KW.equals(algorithm) || Algorithm.ECDH_ES_PLUS_A256KW.equals(algorithm)) ? algorithm.name() : algorithm.getParamName()) + "_keyId";
        }

        private void help() {
            new HelpFormatter().printHelp("KeyGenerator -sig_keys alg ... -enc_keys alg ... -expiration n_days [-expiration_hours n_hours] [-ox11 url] [-keystore path -keypasswd secret -dnname dn_name]", this.options);
            System.exit(0);
        }
    }

    public static void main(String[] strArr) {
        new Cli(strArr).parse();
    }

    static {
        StatusLogger.getLogger().setLevel(Level.OFF);
        log = Logger.getLogger((Class<?>) KeyGenerator.class);
    }
}
