package org.apereo.cas.shell.commands;

import lombok.Generated;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties;
import org.apereo.cas.metadata.CasConfigurationMetadataRepository;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.gen.Base64RandomStringGenerator;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.configurationmetadata.ConfigurationMetadataGroup;
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:org/apereo/cas/shell/commands/GenerateCryptoKeysCommand.class */
public class GenerateCryptoKeysCommand implements CommandMarker {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(GenerateCryptoKeysCommand.class);

    @CliCommand(value = {"generate-key"}, help = "Generate signing/encryption crypto keys for CAS settings")
    public void generateKey(@CliOption(key = {"group"}, help = "Property group that holds the key (i.e. cas.webflow). The group must have a child category of 'crypto'.", mandatory = true, specifiedDefaultValue = "", unspecifiedDefaultValue = "", optionContext = "Property name for that holds the key") String str) {
        if (StringUtils.isBlank(str)) {
            LOGGER.warn("No property/setting name is specified for signing/encryption key generation.");
            return;
        }
        CasConfigurationMetadataRepository casConfigurationMetadataRepository = new CasConfigurationMetadataRepository();
        String concat = str.concat(".crypto");
        casConfigurationMetadataRepository.getRepository().getAllGroups().entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).startsWith(concat);
        }).forEach(entry2 -> {
            ((ConfigurationMetadataGroup) entry2.getValue()).getSources().forEach(Unchecked.biConsumer((str2, configurationMetadataSource) -> {
                Object newInstance = ClassUtils.getClass(str2, true).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
                if (newInstance instanceof EncryptionJwtSigningJwtCryptographyProperties) {
                    EncryptionJwtSigningJwtCryptographyProperties encryptionJwtSigningJwtCryptographyProperties = (EncryptionJwtSigningJwtCryptographyProperties) newInstance;
                    LOGGER.info(concat.concat(".encryption.key=" + EncodingUtils.generateJsonWebKey(encryptionJwtSigningJwtCryptographyProperties.getEncryption().getKeySize())));
                    LOGGER.info(concat.concat(".signing.key=" + EncodingUtils.generateJsonWebKey(encryptionJwtSigningJwtCryptographyProperties.getSigning().getKeySize())));
                } else if (newInstance instanceof EncryptionRandomizedSigningJwtCryptographyProperties) {
                    EncryptionRandomizedSigningJwtCryptographyProperties encryptionRandomizedSigningJwtCryptographyProperties = (EncryptionRandomizedSigningJwtCryptographyProperties) newInstance;
                    LOGGER.info(concat.concat(".encryption.key=" + new Base64RandomStringGenerator(encryptionRandomizedSigningJwtCryptographyProperties.getEncryption().getKeySize()).getNewString()));
                    LOGGER.info(concat.concat(".signing.key=" + EncodingUtils.generateJsonWebKey(encryptionRandomizedSigningJwtCryptographyProperties.getSigning().getKeySize())));
                }
            }));
        });
    }
}
