package com.sigpwned.dropwizard.jose.jwt.tool.keygen;

import com.sigpwned.discourse.core.util.Discourse;
import com.sigpwned.discourse.validation.ValidatingCommandBuilder;
import java.math.BigInteger;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import java.util.Optional;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:com/sigpwned/dropwizard/jose/jwt/tool/keygen/KeygenTool.class */
public class KeygenTool {
    public static final String KEY_STORE_TYPE = "PKCS12";
    public static final String KEY_ALGORITHM = "RSA";
    public static final int DEFAULT_KEY_WIDTH = 2048;
    public static final int KEY_WIDTH;
    public static final int DEFAULT_HASH_LENGTH = 256;
    public static final int HASH_LENGTH;

    public static void main(String[] strArr) throws Exception {
        main((KeygenToolConfiguration) Discourse.configuration(KeygenToolConfiguration.class, new ValidatingCommandBuilder(), strArr));
    }

    public static void main(KeygenToolConfiguration keygenToolConfiguration) throws Exception {
        Instant now = Instant.now();
        String str = keygenToolConfiguration.realm;
        String str2 = keygenToolConfiguration.password;
        int i = keygenToolConfiguration.expirationMonths;
        BigInteger valueOf = BigInteger.valueOf(now.toEpochMilli());
        int i2 = KEY_WIDTH;
        int i3 = HASH_LENGTH;
        String str3 = (String) Optional.ofNullable(keygenToolConfiguration.keyAlias).orElse(now.atOffset(ZoneOffset.UTC).toLocalDate().toString());
        String str4 = "SHA" + i3 + "With" + KEY_ALGORITHM;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
        keyPairGenerator.initialize(i2);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) generateKeyPair.getPrivate();
        try {
            X500Name x500Name = new X500Name("CN=" + URLEncoder.encode(str, StandardCharsets.UTF_8));
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(x500Name, valueOf, Date.from(now), Date.from(now.plus(30 * i, (TemporalUnit) ChronoUnit.DAYS)), x500Name, rSAPublicKey).build(new JcaContentSignerBuilder(str4).build(rSAPrivateKey)));
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
            keyStore.load(null, str2.toCharArray());
            keyStore.setKeyEntry(str3, rSAPrivateKey, null, new Certificate[]{certificate});
            keyStore.store(keygenToolConfiguration.out, str2.toCharArray());
        } catch (CertificateException | OperatorCreationException e) {
            throw e;
        }
    }

    static {
        int intValue = ((Integer) Optional.ofNullable(System.getenv("DEFAULT_JWK_KEY_WIDTH")).map(Integer::parseInt).orElse(2048)).intValue();
        if (intValue != 1024 && intValue != 2048 && intValue != 4096) {
            throw new IllegalArgumentException("Invalid JWK key width: " + intValue);
        }
        KEY_WIDTH = intValue;
        int intValue2 = ((Integer) Optional.ofNullable(System.getenv("DEFAULT_JWK_HASH_LENGTH")).map(Integer::parseInt).orElse(256)).intValue();
        if (intValue2 != 256 && intValue2 != 384 && intValue2 != 512) {
            throw new IllegalArgumentException("Invalid JWK hash length: " + intValue2);
        }
        HASH_LENGTH = intValue2;
    }
}
