package net.trajano.openidconnect.provider.ejb;

import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import javax.annotation.PostConstruct;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.ejb.Lock;
import javax.ejb.LockType;
import javax.ejb.Singleton;
import javax.ejb.Startup;
import net.trajano.openidconnect.crypto.Encoding;
import net.trajano.openidconnect.crypto.JsonWebAlgorithm;
import net.trajano.openidconnect.crypto.JsonWebKeySet;
import net.trajano.openidconnect.crypto.OctWebKey;
import net.trajano.openidconnect.crypto.RsaWebKey;
import net.trajano.openidconnect.provider.spi.KeyProvider;
import org.eclipse.persistence.internal.libraries.asm.Opcodes;

@Singleton
@Startup
@Lock(LockType.READ)
/* loaded from: input_file:openid-connect-provider-sample-1.0.1.war:WEB-INF/lib/openid-connect-provider-1.0.1.jar:net/trajano/openidconnect/provider/ejb/DefaultKeyProvider.class */
public class DefaultKeyProvider implements KeyProvider {
    private static final int NUMBER_OF_SIGNING_KEYS = 3;
    private JsonWebKeySet jwks;
    private JsonWebKeySet privateJwks;
    private Random rng = ThreadLocalRandom.current();
    private SecretKey secretKey;
    private String secretKeyId;

    @PostConstruct
    public void generateKeys() {
        try {
            this.jwks = new JsonWebKeySet();
            this.privateJwks = new JsonWebKeySet();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(Opcodes.ACC_ABSTRACT);
            for (int i = 0; i < 3; i++) {
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                String nextEncodedToken = nextEncodedToken();
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) generateKeyPair.getPrivate();
                RsaWebKey rsaWebKey = new RsaWebKey(nextEncodedToken, (RSAPublicKey) generateKeyPair.getPublic());
                rsaWebKey.setAlg(JsonWebAlgorithm.RS256);
                this.jwks.add(rsaWebKey);
                RsaWebKey rsaWebKey2 = new RsaWebKey(nextEncodedToken, rSAPrivateCrtKey);
                rsaWebKey2.setAlg(JsonWebAlgorithm.RS256);
                this.privateJwks.add(rsaWebKey2);
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(128);
            this.secretKey = keyGenerator.generateKey();
            OctWebKey octWebKey = new OctWebKey(this.secretKey, JsonWebAlgorithm.A256CBC);
            this.secretKeyId = nextEncodedToken();
            octWebKey.setKid(this.secretKeyId);
            this.privateJwks.add(octWebKey);
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // net.trajano.openidconnect.provider.spi.KeyProvider
    @Lock(LockType.READ)
    public JsonWebKeySet getJwks() {
        return this.jwks;
    }

    @Override // net.trajano.openidconnect.provider.spi.KeyProvider
    @Lock(LockType.READ)
    public JsonWebKeySet getPrivateJwks() {
        return this.privateJwks;
    }

    @Override // net.trajano.openidconnect.provider.spi.KeyProvider
    @Lock(LockType.READ)
    public String getSecretKeyId() {
        return this.secretKeyId;
    }

    @Override // net.trajano.openidconnect.provider.spi.KeyProvider
    @Lock(LockType.WRITE)
    public String nextEncodedToken() {
        byte[] bArr = new byte[16];
        this.rng.nextBytes(bArr);
        return Encoding.base64urlEncode(bArr);
    }
}
