package org.apereo.cas.shell.commands;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.crypto.AESDecrypter;
import com.nimbusds.jose.crypto.DirectDecrypter;
import java.util.Arrays;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.jooq.lambda.Unchecked;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration;
import org.pac4j.jwt.config.signature.SecretSignatureConfiguration;
import org.pac4j.jwt.profile.JwtGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/org/apereo/cas/shell/commands/GenerateJwtCommand.class */
public class GenerateJwtCommand implements CommandMarker {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GenerateJwtCommand.class);
    private static final int SEP_LENGTH = 8;
    private static final int DEFAULT_SIGNING_SECRET_SIZE = 256;
    private static final int DEFAULT_ENCRYPTION_SECRET_SIZE = 48;
    private static final String DEFAULT_SIGNING_ALGORITHM = "HS256";
    private static final String DEFAULT_ENCRYPTION_ALGORITHM = "dir";
    private static final String DEFAULT_ENCRYPTION_METHOD = "A192CBC-HS384";

    public void generate(String str) {
        generate(256, 48, "HS256", "dir", "A192CBC-HS384", str);
    }

    @CliCommand(value = {"generate-jwt"}, help = "Generate a JWT with given size and algorithm for signing and encryption.")
    public void generate(@CliOption(key = {"signingSecretSize"}, help = "Size of the signing secret", optionContext = "Size of the signing secret", specifiedDefaultValue = "256", unspecifiedDefaultValue = "256") int i, @CliOption(key = {"signingSecretSize"}, help = "Size of the encryption secret", optionContext = "Size of the encryption secret", specifiedDefaultValue = "48", unspecifiedDefaultValue = "48") int i2, @CliOption(key = {"signingAlgorithm"}, help = "Algorithm to use for signing", optionContext = "Algorithm to use for signing", specifiedDefaultValue = "HS256", unspecifiedDefaultValue = "HS256") String str, @CliOption(key = {"encryptionAlgorithm"}, help = "Algorithm to use for encryption", optionContext = "Algorithm to use for encryption", specifiedDefaultValue = "dir", unspecifiedDefaultValue = "dir") String str2, @CliOption(key = {"encryptionMethod"}, help = "Method to use for encryption", optionContext = "Method to use for encryption", specifiedDefaultValue = "A192CBC-HS384", unspecifiedDefaultValue = "A192CBC-HS384") String str3, @CliOption(key = {"subject"}, help = "Subject to use for the JWT", optionContext = "Subject to use for the JWT", mandatory = true) String str4) {
        JwtGenerator<CommonProfile> jwtGenerator = new JwtGenerator<>();
        configureJwtSigning(i, str, jwtGenerator);
        configureJwtEncryption(i2, str2, str3, jwtGenerator);
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setId(str4);
        LOGGER.debug(StringUtils.repeat('=', 8));
        LOGGER.info("\nGenerating JWT for subject [{}] with signing key size [{}], signing algorithm [{}], encryption key size [{}], encryption method [{}] and encryption algorithm [{}]\n", str4, Integer.valueOf(i), str, Integer.valueOf(i2), str3, str2);
        LOGGER.debug(StringUtils.repeat('=', 8));
        LOGGER.info("==== JWT ====\n[{}]", jwtGenerator.generate((JwtGenerator<CommonProfile>) commonProfile));
    }

    private void configureJwtEncryption(int i, String str, String str2, JwtGenerator<CommonProfile> jwtGenerator) {
        if (i <= 0 || StringUtils.isBlank(str2) || StringUtils.isBlank(str)) {
            LOGGER.info("No encryption algorithm or size specified, so the generated JWT will not be encrypted");
            return;
        }
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(i);
        LOGGER.info("==== Encryption Secret ====\n[{}]\n", randomAlphanumeric);
        LOGGER.debug("Encryption algorithm: [{}]. Available algorithms are [{}]", str, (String) Arrays.stream(JWEAlgorithm.class.getDeclaredFields()).filter(field -> {
            return field.getType().equals(JWEAlgorithm.class);
        }).map(Unchecked.function(field2 -> {
            field2.setAccessible(true);
            return ((JWEAlgorithm) field2.get(null)).getName();
        })).collect(Collectors.joining(",")));
        LOGGER.debug("Encryption method: [{}]. Available methods are [{}]", str2, (String) Arrays.stream(EncryptionMethod.class.getDeclaredFields()).filter(field3 -> {
            return field3.getType().equals(EncryptionMethod.class);
        }).map(Unchecked.function(field4 -> {
            field4.setAccessible(true);
            return ((EncryptionMethod) field4.get(null)).getName();
        })).collect(Collectors.joining(",")));
        JWEAlgorithm parse = JWEAlgorithm.parse(str);
        EncryptionMethod parse2 = EncryptionMethod.parse(str2);
        if (DirectDecrypter.SUPPORTED_ALGORITHMS.contains(parse) && !DirectDecrypter.SUPPORTED_ENCRYPTION_METHODS.contains(parse2)) {
            LOGGER.warn("Encrypted method [{}] is not supported for algorithm [{}]. Accepted methods are [{}]", str2, str, DirectDecrypter.SUPPORTED_ENCRYPTION_METHODS);
        } else if (!AESDecrypter.SUPPORTED_ALGORITHMS.contains(parse) || AESDecrypter.SUPPORTED_ENCRYPTION_METHODS.contains(parse2)) {
            jwtGenerator.setEncryptionConfiguration(new SecretEncryptionConfiguration(randomAlphanumeric, parse, parse2));
        } else {
            LOGGER.warn("Encrypted method [{}] is not supported for algorithm [{}]. Accepted methods are [{}]", str2, str, AESDecrypter.SUPPORTED_ENCRYPTION_METHODS);
        }
    }

    private void configureJwtSigning(int i, String str, JwtGenerator<CommonProfile> jwtGenerator) {
        if (i <= 0 || StringUtils.isBlank(str)) {
            LOGGER.info("No signing algorithm or size specified, so the generated JWT will not be encrypted");
            return;
        }
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(i);
        LOGGER.info("==== Signing Secret ====\n{}\n", randomAlphanumeric);
        LOGGER.debug("Signing algorithm: [{}]. Available algorithms are [{}]", str, (String) Arrays.stream(JWSAlgorithm.class.getDeclaredFields()).filter(field -> {
            return field.getType().equals(JWSAlgorithm.class);
        }).map(Unchecked.function(field2 -> {
            field2.setAccessible(true);
            return ((JWSAlgorithm) field2.get(null)).getName();
        })).collect(Collectors.joining(",")));
        jwtGenerator.setSignatureConfiguration(new SecretSignatureConfiguration(randomAlphanumeric, JWSAlgorithm.parse(str)));
    }
}
