package org.mitre.jose.jwk;

import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.KeyUse;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.OptionGroup;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/mitre/jose/jwk/Launcher.class */
public class Launcher {
    private static Options options;
    private static List<Curve> ecCurves = Arrays.asList(Curve.P_256, Curve.SECP256K1, Curve.P_384, Curve.P_521);
    private static List<Curve> okpCurves = Arrays.asList(Curve.Ed25519, Curve.Ed448, Curve.X25519, Curve.X448);
    private static List<KeyType> keyTypes = Arrays.asList(KeyType.RSA, KeyType.OCT, KeyType.EC, KeyType.OKP);

    public static void main(String[] strArr) {
        Security.addProvider(new BouncyCastleProvider());
        options = new Options();
        configureCommandLineOptions(options);
        try {
            CommandLine parse = new DefaultParser().parse(options, strArr);
            String optionValue = parse.getOptionValue("t");
            String optionValue2 = parse.getOptionValue("s");
            String optionValue3 = parse.getOptionValue("u");
            String optionValue4 = parse.getOptionValue("a");
            String optionValue5 = parse.getOptionValue("c");
            boolean hasOption = parse.hasOption("S");
            boolean hasOption2 = parse.hasOption("p");
            String optionValue6 = parse.getOptionValue("o");
            String optionValue7 = parse.getOptionValue("P");
            boolean hasOption3 = parse.hasOption("x");
            String optionValue8 = parse.getOptionValue("i");
            KeyIdGenerator keyIdGenerator = Strings.isNullOrEmpty(optionValue8) ? (parse.hasOption("i") || parse.hasOption("I")) ? KeyIdGenerator.NONE : KeyIdGenerator.get(parse.getOptionValue("g")) : new KeyIdGenerator(null, (keyUse, bArr) -> {
                return optionValue8;
            });
            if (optionValue == null) {
                throw printUsageAndExit("Key type must be supplied.");
            }
            KeyType parse2 = KeyType.parse(optionValue);
            KeyUse validateKeyUse = validateKeyUse(optionValue3);
            JWSAlgorithm jWSAlgorithm = null;
            if (!Strings.isNullOrEmpty(optionValue4)) {
                jWSAlgorithm = JWSAlgorithm.parse(optionValue4);
            }
            outputKey(hasOption, hasOption2, optionValue6, optionValue7, hasOption3, makeKey(optionValue2, keyIdGenerator, optionValue5, parse2, validateKeyUse, jWSAlgorithm));
        } catch (ParseException e) {
            throw printUsageAndExit("Failed to parse arguments: " + e.getMessage());
        } catch (IOException e2) {
            throw printUsageAndExit("Could not read existing KeySet: " + e2.getMessage());
        } catch (NumberFormatException e3) {
            throw printUsageAndExit("Invalid key size: " + e3.getMessage());
        } catch (java.text.ParseException e4) {
            throw printUsageAndExit("Could not parse existing KeySet: " + e4.getMessage());
        }
    }

    private static void configureCommandLineOptions(Options options2) {
        options2.addOption("t", "type", true, "Key Type, one of: " + ((String) keyTypes.stream().map((v0) -> {
            return v0.getValue();
        }).collect(Collectors.joining(", "))));
        options2.addOption("s", "size", true, "Key Size in bits, required for " + KeyType.RSA.getValue() + " and " + KeyType.OCT.getValue() + " key types. Must be an integer divisible by 8");
        options2.addOption("c", "curve", true, "Key Curve, required for " + KeyType.EC.getValue() + " or " + KeyType.OKP.getValue() + " key type. Must be one of " + ((String) ecCurves.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.joining(", "))) + " for EC keys or one of " + ((String) okpCurves.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.joining(", "))) + " for OKP keys.");
        options2.addOption("u", "usage", true, "Usage, one of: enc, sig (optional)");
        options2.addOption("a", "algorithm", true, "Algorithm (optional)");
        OptionGroup optionGroup = new OptionGroup();
        optionGroup.addOption(new Option("i", "id", true, "Key ID (optional), one will be generated if not defined"));
        optionGroup.addOption(new Option("I", "noGenerateId", false, "<deprecated> Don't generate a Key ID. (Deprecated, use '-g none' instead.)"));
        optionGroup.addOption(new Option("g", "idGenerator", true, "Key ID generation method (optional). Can be one of: " + ((String) KeyIdGenerator.values().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.joining(", "))) + ". If omitted, generator method defaults to '" + KeyIdGenerator.TIMESTAMP.getName() + "'."));
        options2.addOptionGroup(optionGroup);
        options2.addOption("p", "showPubKey", false, "Display public key separately (if applicable)");
        options2.addOption("S", "keySet", false, "Wrap the generated key in a KeySet");
        options2.addOption("x", "x509", false, "Display keys in X509 PEM format");
        options2.addOption("o", "output", true, "Write output to file. Will append to existing KeySet if -S is used. Key material will not be displayed to console.");
        options2.addOption("P", "pubKeyOutput", true, "Write public key to separate file. Will append to existing KeySet if -S is used. Key material will not be displayed to console. '-o/--output' must be declared as well.");
    }

    private static KeyUse validateKeyUse(String str) {
        try {
            return KeyUse.parse(str);
        } catch (java.text.ParseException e) {
            throw printUsageAndExit("Invalid key usage, must be 'sig' or 'enc', got " + str);
        }
    }

    private static JWK makeKey(String str, KeyIdGenerator keyIdGenerator, String str2, KeyType keyType, KeyUse keyUse, Algorithm algorithm) {
        JWK makeOkpKey;
        if (keyType.equals(KeyType.RSA)) {
            makeOkpKey = makeRsaKey(keyIdGenerator, str, keyType, keyUse, algorithm);
        } else if (keyType.equals(KeyType.OCT)) {
            makeOkpKey = makeOctKey(keyIdGenerator, str, keyType, keyUse, algorithm);
        } else if (keyType.equals(KeyType.EC)) {
            makeOkpKey = makeEcKey(keyIdGenerator, str2, keyType, keyUse, algorithm);
        } else {
            if (!keyType.equals(KeyType.OKP)) {
                throw printUsageAndExit("Unknown key type: " + keyType);
            }
            makeOkpKey = makeOkpKey(keyIdGenerator, str2, keyType, keyUse, algorithm);
        }
        return makeOkpKey;
    }

    private static JWK makeOkpKey(KeyIdGenerator keyIdGenerator, String str, KeyType keyType, KeyUse keyUse, Algorithm algorithm) {
        if (Strings.isNullOrEmpty(str)) {
            throw printUsageAndExit("Curve is required for key type " + keyType);
        }
        Curve parse = Curve.parse(str);
        if (okpCurves.contains(parse)) {
            return OKPKeyMaker.make(parse, keyUse, algorithm, keyIdGenerator);
        }
        throw printUsageAndExit("Curve " + str + " is not valid for key type " + keyType);
    }

    private static JWK makeEcKey(KeyIdGenerator keyIdGenerator, String str, KeyType keyType, KeyUse keyUse, Algorithm algorithm) {
        if (Strings.isNullOrEmpty(str)) {
            throw printUsageAndExit("Curve is required for key type " + keyType);
        }
        Curve parse = Curve.parse(str);
        if (ecCurves.contains(parse)) {
            return ECKeyMaker.make(parse, keyUse, algorithm, keyIdGenerator);
        }
        throw printUsageAndExit("Curve " + str + " is not valid for key type " + keyType);
    }

    private static JWK makeOctKey(KeyIdGenerator keyIdGenerator, String str, KeyType keyType, KeyUse keyUse, Algorithm algorithm) {
        if (Strings.isNullOrEmpty(str)) {
            throw printUsageAndExit("Key size (in bits) is required for key type " + keyType);
        }
        Integer decode = Integer.decode(str);
        if (decode.intValue() % 8 != 0) {
            throw printUsageAndExit("Key size (in bits) must be divisible by 8, got " + decode);
        }
        return OctetSequenceKeyMaker.make(decode, keyUse, algorithm, keyIdGenerator);
    }

    private static JWK makeRsaKey(KeyIdGenerator keyIdGenerator, String str, KeyType keyType, KeyUse keyUse, Algorithm algorithm) {
        if (Strings.isNullOrEmpty(str)) {
            throw printUsageAndExit("Key size (in bits) is required for key type " + keyType);
        }
        Integer decode = Integer.decode(str);
        if (decode.intValue() % 8 != 0) {
            throw printUsageAndExit("Key size (in bits) must be divisible by 8, got " + decode);
        }
        return RSAKeyMaker.make(decode, keyUse, algorithm, keyIdGenerator);
    }

    private static void outputKey(boolean z, boolean z2, String str, String str2, boolean z3, JWK jwk) throws IOException, java.text.ParseException {
        Gson create = new GsonBuilder().setPrettyPrinting().create();
        if (str != null) {
            writeKeyToFile(z, str, str2, jwk, create);
            return;
        }
        System.out.println("Full key:");
        printKey(z, jwk, create);
        if (z2) {
            System.out.println();
            JWK publicJWK = jwk.toPublicJWK();
            if (publicJWK != null) {
                System.out.println("Public key:");
                printKey(z, publicJWK, create);
            } else {
                System.out.println("No public key.");
            }
        }
        if (z3) {
            try {
                KeyType keyType = jwk.getKeyType();
                if (keyType.equals(KeyType.RSA)) {
                    writePEMToConsole(jwk.toRSAKey().toPublicKey(), jwk.toRSAKey().toPrivateKey(), selfSign(jwk.toRSAKey().toPublicKey(), jwk.toRSAKey().toPrivateKey(), jwk.getKeyID() != null ? jwk.getKeyID() : jwk.computeThumbprint().toString(), "SHA256withRSA"));
                } else {
                    if (!keyType.equals(KeyType.EC)) {
                        throw printUsageAndExit("Unknown key type for X509 encoding: " + keyType);
                    }
                    writePEMToConsole(jwk.toECKey().toPublicKey(), jwk.toECKey().toPrivateKey(), selfSign(jwk.toECKey().toPublicKey(), jwk.toECKey().toPrivateKey(), jwk.getKeyID() != null ? jwk.getKeyID() : jwk.computeThumbprint().toString(), "SHA256withECDSA"));
                }
            } catch (JOSEException e) {
                throw printUsageAndExit("Error extracting keypair for X509: " + e.getMessage());
            }
        }
    }

    private static void writePEMToConsole(PublicKey publicKey, PrivateKey privateKey, Certificate certificate) {
        try {
            System.out.println();
            System.out.println("X509 Formatted Keys:");
            PemWriter pemWriter = new PemWriter(new OutputStreamWriter(System.out));
            if (publicKey != null) {
                pemWriter.writeObject(new PemObject("PUBLIC KEY", publicKey.getEncoded()));
            }
            if (privateKey != null) {
                pemWriter.writeObject(new PemObject("PRIVATE KEY", privateKey.getEncoded()));
            }
            if (certificate != null) {
                pemWriter.writeObject(new PemObject("CERTIFICATE", certificate.getEncoded()));
            }
            pemWriter.flush();
            pemWriter.close();
        } catch (IOException | CertificateEncodingException e) {
            throw printUsageAndExit("Error printing X509 format: " + e.getMessage());
        }
    }

    public static Certificate selfSign(PublicKey publicKey, PrivateKey privateKey, String str, String str2) {
        try {
            X500Name x500Name = new X500Name("CN=" + URLEncoder.encode(str, Charset.defaultCharset()));
            BigInteger valueOf = BigInteger.valueOf(Instant.now().toEpochMilli());
            ContentSigner build = new JcaContentSignerBuilder(str2).build(privateKey);
            Instant now = Instant.now();
            return new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(x500Name, valueOf, Date.from(now), Date.from(now.plus(300L, (TemporalUnit) ChronoUnit.DAYS)), x500Name, publicKey).build(build));
        } catch (CertificateException | OperatorCreationException e) {
            throw printUsageAndExit("Unable to create certificate: " + e.getMessage());
        }
    }

    private static void writeKeyToFile(boolean z, String str, String str2, JWK jwk, Gson gson) throws IOException, java.text.ParseException {
        JsonElement parseString;
        JsonElement parseString2;
        File file = new File(str);
        if (z) {
            ArrayList arrayList = new ArrayList(file.exists() ? JWKSet.load(file).getKeys() : Collections.emptyList());
            arrayList.add(jwk);
            JWKSet jWKSet = new JWKSet(arrayList);
            parseString = JsonParser.parseString(jWKSet.toJSONObject(false).toJSONString());
            parseString2 = JsonParser.parseString(jWKSet.toJSONObject(true).toJSONString());
        } else {
            parseString = JsonParser.parseString(jwk.toJSONString());
            parseString2 = JsonParser.parseString(jwk.toPublicJWK().toJSONString());
        }
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(file));
        try {
            bufferedWriter.write(gson.toJson(parseString));
            bufferedWriter.close();
            if (str2 != null) {
                bufferedWriter = new BufferedWriter(new FileWriter(str2));
                try {
                    bufferedWriter.write(gson.toJson(parseString2));
                    bufferedWriter.close();
                } finally {
                }
            }
        } finally {
        }
    }

    private static void printKey(boolean z, JWK jwk, Gson gson) {
        if (z) {
            System.out.println(gson.toJson(JsonParser.parseString(new JWKSet(jwk).toJSONObject(false).toJSONString())));
        } else {
            System.out.println(gson.toJson(JsonParser.parseString(jwk.toJSONString())));
        }
    }

    private static IllegalArgumentException printUsageAndExit(String str) {
        if (str != null) {
            System.err.println(str);
        }
        ImmutableList of = ImmutableList.of("t", "s", "c", "u", "a", "i", "g", "I", "p", "S", "o", "P", new String[]{"x"});
        HelpFormatter helpFormatter = new HelpFormatter();
        helpFormatter.setOptionComparator(Comparator.comparingInt(option -> {
            return of.indexOf(option.getOpt());
        }));
        helpFormatter.printHelp("java -jar json-web-key-generator.jar -t <keyType> [options]", options);
        System.exit(1);
        return new IllegalArgumentException("Program was called with invalid arguments");
    }
}
