package org.gluu.oxauth.util;

import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.List;
import org.apache.commons.cli.BasicParser;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.log4j.Logger;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.status.StatusLogger;
import org.gluu.oxauth.model.crypto.AbstractCryptoProvider;
import org.gluu.oxauth.model.crypto.OxAuthCryptoProvider;
import org.gluu.oxauth.model.crypto.OxElevenCryptoProvider;
import org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm;
import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.gluu.oxauth.model.jwk.Algorithm;
import org.gluu.oxauth.model.jwk.JSONWebKey;
import org.gluu.oxauth.model.jwk.JSONWebKeySet;
import org.gluu.oxauth.model.jwk.KeyType;
import org.gluu.oxauth.model.jwk.Use;
import org.gluu.oxauth.model.util.SecurityProviderUtility;
import org.gluu.oxauth.model.util.StringUtils;
import org.gluu.util.StringHelper;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:org/gluu/oxauth/util/KeyGenerator.class */
public class KeyGenerator {
    private static final String SIGNING_KEYS = "sig_keys";
    private static final String ENCRYPTION_KEYS = "enc_keys";
    private static final String KEY_STORE_FILE = "keystore";
    private static final String KEY_STORE_PASSWORD = "keypasswd";
    private static final String DN_NAME = "dnname";
    private static final String OXELEVEN_ACCESS_TOKEN = "at";
    private static final String OXELEVEN_GENERATE_KEY_ENDPOINT = "ox11";
    private static final String EXPIRATION = "expiration";
    private static final String EXPIRATION_HOURS = "expiration_hours";
    private static final String HELP = "h";
    private static final Logger log;

    /* loaded from: input_file:org/gluu/oxauth/util/KeyGenerator$Cli.class */
    public static class Cli {
        private String[] args;
        private Options options = new Options();

        public Cli(String[] strArr) {
            this.args = null;
            this.args = strArr;
            Option option = new Option(KeyGenerator.SIGNING_KEYS, true, "Signature keys to generate. (RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512).");
            option.setArgs(-2);
            Option option2 = new Option(KeyGenerator.ENCRYPTION_KEYS, true, "Encryption keys to generate. (RSA_OAEP RSA1_5).");
            option2.setArgs(-2);
            this.options.addOption(option);
            this.options.addOption(option2);
            this.options.addOption(KeyGenerator.KEY_STORE_FILE, true, "Key Store file.");
            this.options.addOption(KeyGenerator.KEY_STORE_PASSWORD, true, "Key Store password.");
            this.options.addOption(KeyGenerator.DN_NAME, true, "DN of certificate issuer.");
            this.options.addOption(KeyGenerator.OXELEVEN_ACCESS_TOKEN, true, "oxEleven Access Token");
            this.options.addOption(KeyGenerator.OXELEVEN_GENERATE_KEY_ENDPOINT, true, "oxEleven Generate Key Endpoint.");
            this.options.addOption(KeyGenerator.EXPIRATION, true, "Expiration in days.");
            this.options.addOption(KeyGenerator.EXPIRATION_HOURS, true, "Expiration in hours.");
            this.options.addOption(KeyGenerator.HELP, false, "Show help.");
        }

        public void parse() {
            try {
                CommandLine parse = new BasicParser().parse(this.options, this.args);
                if (parse.hasOption(KeyGenerator.HELP)) {
                    help();
                }
                if ((!parse.hasOption(KeyGenerator.SIGNING_KEYS) && !parse.hasOption(KeyGenerator.ENCRYPTION_KEYS)) || (!parse.hasOption(KeyGenerator.EXPIRATION) && !parse.hasOption(KeyGenerator.EXPIRATION_HOURS))) {
                    help();
                }
                String[] optionValues = parse.getOptionValues(KeyGenerator.SIGNING_KEYS);
                String[] optionValues2 = parse.getOptionValues(KeyGenerator.ENCRYPTION_KEYS);
                List<Algorithm> fromString = parse.hasOption(KeyGenerator.SIGNING_KEYS) ? Algorithm.fromString(optionValues, Use.SIGNATURE) : new ArrayList<>();
                List<Algorithm> fromString2 = parse.hasOption(KeyGenerator.ENCRYPTION_KEYS) ? Algorithm.fromString(optionValues2, Use.ENCRYPTION) : new ArrayList<>();
                if (fromString.isEmpty() && fromString2.isEmpty()) {
                    help();
                }
                int i = StringHelper.toInt(parse.getOptionValue(KeyGenerator.EXPIRATION), 0);
                int i2 = StringHelper.toInt(parse.getOptionValue(KeyGenerator.EXPIRATION_HOURS), 0);
                if (parse.hasOption(KeyGenerator.OXELEVEN_ACCESS_TOKEN) && parse.hasOption(KeyGenerator.OXELEVEN_GENERATE_KEY_ENDPOINT)) {
                    try {
                        generateKeys(new OxElevenCryptoProvider(parse.getOptionValue(KeyGenerator.OXELEVEN_GENERATE_KEY_ENDPOINT), null, null, null, parse.getOptionValue(KeyGenerator.OXELEVEN_ACCESS_TOKEN)), fromString, fromString2, i, i2);
                    } catch (Exception e) {
                        KeyGenerator.log.error("Failed to generate keys", e);
                        help();
                    }
                }
                if (parse.hasOption(KeyGenerator.KEY_STORE_FILE) && parse.hasOption(KeyGenerator.KEY_STORE_PASSWORD) && parse.hasOption(KeyGenerator.DN_NAME)) {
                    String optionValue = parse.getOptionValue(KeyGenerator.KEY_STORE_FILE);
                    String optionValue2 = parse.getOptionValue(KeyGenerator.KEY_STORE_PASSWORD);
                    String optionValue3 = parse.getOptionValue(KeyGenerator.DN_NAME);
                    try {
                        SecurityProviderUtility.installBCProvider(true);
                        generateKeys(new OxAuthCryptoProvider(optionValue, optionValue2, optionValue3), fromString, fromString2, i, i2);
                    } catch (Exception e2) {
                        e2.printStackTrace();
                        KeyGenerator.log.error("Failed to generate keys", e2);
                        help();
                    }
                } else {
                    help();
                }
            } catch (ParseException e3) {
                KeyGenerator.log.error("Failed to generate keys", e3);
                help();
            }
        }

        private void generateKeys(AbstractCryptoProvider abstractCryptoProvider, List<Algorithm> list, List<Algorithm> list2, int i, int i2) throws Exception, JSONException {
            JSONWebKeySet jSONWebKeySet = new JSONWebKeySet();
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.add(5, i);
            gregorianCalendar.add(10, i2);
            for (Algorithm algorithm : list) {
                SignatureAlgorithm fromString = SignatureAlgorithm.fromString(algorithm.name());
                JSONObject generateKey = abstractCryptoProvider.generateKey(algorithm, Long.valueOf(gregorianCalendar.getTimeInMillis()));
                JSONWebKey jSONWebKey = new JSONWebKey();
                jSONWebKey.setKid(generateKey.getString("kid"));
                jSONWebKey.setUse(Use.SIGNATURE);
                jSONWebKey.setAlg(algorithm);
                jSONWebKey.setKty(KeyType.fromString(fromString.getFamily().toString()));
                jSONWebKey.setExp(Long.valueOf(generateKey.optLong("exp")));
                jSONWebKey.setCrv(fromString.getCurve());
                jSONWebKey.setN(generateKey.optString("n"));
                jSONWebKey.setE(generateKey.optString("e"));
                jSONWebKey.setX(generateKey.optString("x"));
                jSONWebKey.setY(generateKey.optString("y"));
                jSONWebKey.setX5c(StringUtils.toList(generateKey.optJSONArray("x5c")));
                jSONWebKeySet.getKeys().add(jSONWebKey);
            }
            for (Algorithm algorithm2 : list2) {
                KeyEncryptionAlgorithm fromName = KeyEncryptionAlgorithm.fromName(algorithm2.getParamName());
                JSONObject generateKey2 = abstractCryptoProvider.generateKey(algorithm2, Long.valueOf(gregorianCalendar.getTimeInMillis()));
                JSONWebKey jSONWebKey2 = new JSONWebKey();
                jSONWebKey2.setKid(generateKey2.getString("kid"));
                jSONWebKey2.setUse(Use.ENCRYPTION);
                jSONWebKey2.setAlg(algorithm2);
                jSONWebKey2.setKty(KeyType.fromString(fromName.getFamily()));
                jSONWebKey2.setExp(Long.valueOf(generateKey2.optLong("exp")));
                jSONWebKey2.setN(generateKey2.optString("n"));
                jSONWebKey2.setE(generateKey2.optString("e"));
                jSONWebKey2.setX(generateKey2.optString("x"));
                jSONWebKey2.setY(generateKey2.optString("y"));
                jSONWebKey2.setX5c(StringUtils.toList(generateKey2.optJSONArray("x5c")));
                jSONWebKeySet.getKeys().add(jSONWebKey2);
            }
            System.out.println(jSONWebKeySet);
        }

        private void help() {
            new HelpFormatter().printHelp("KeyGenerator -sig_keys alg ... -enc_keys alg ... -expiration n_days [-expiration_hours n_hours] [-ox11 url] [-keystore path -keypasswd secret -dnname dn_name]", this.options);
            System.exit(0);
        }
    }

    public static void main(String[] strArr) throws Exception {
        new Cli(strArr).parse();
    }

    static {
        StatusLogger.getLogger().setLevel(Level.OFF);
        log = Logger.getLogger(KeyGenerator.class);
    }
}
