package org.apache.nifi.web.security.jwt.key.command;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.crypto.RSASSASigner;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Objects;
import java.util.UUID;
import org.apache.nifi.web.security.jwt.jws.JwsSignerContainer;
import org.apache.nifi.web.security.jwt.jws.SignerListener;
import org.apache.nifi.web.security.jwt.key.VerificationKeyListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/key/command/KeyGenerationCommand.class */
public class KeyGenerationCommand implements Runnable {
    private static final String KEY_ALGORITHM = "RSA";
    private static final int KEY_SIZE = 4096;
    private final KeyPairGenerator keyPairGenerator;
    private final SignerListener signerListener;
    private final VerificationKeyListener verificationKeyListener;
    private static final Logger LOGGER = LoggerFactory.getLogger(KeyGenerationCommand.class);
    private static final JWSAlgorithm JWS_ALGORITHM = JWSAlgorithm.PS512;

    public KeyGenerationCommand(SignerListener signerListener, VerificationKeyListener verificationKeyListener) {
        this.signerListener = (SignerListener) Objects.requireNonNull(signerListener, "Signer Listener required");
        this.verificationKeyListener = (VerificationKeyListener) Objects.requireNonNull(verificationKeyListener, "Verification Key Listener required");
        try {
            this.keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
            this.keyPairGenerator.initialize(KEY_SIZE, new SecureRandom());
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e);
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        KeyPair generateKeyPair = this.keyPairGenerator.generateKeyPair();
        String uuid = UUID.randomUUID().toString();
        LOGGER.debug("Generated Key Pair [{}] Key Identifier [{}]", KEY_ALGORITHM, uuid);
        this.verificationKeyListener.onVerificationKeyGenerated(uuid, generateKeyPair.getPublic());
        this.signerListener.onSignerUpdated(new JwsSignerContainer(uuid, JWS_ALGORITHM, new RSASSASigner(generateKeyPair.getPrivate())));
    }
}
