package org.apache.nifi.web.security.jwt.key.command;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.util.Objects;
import java.util.UUID;
import org.apache.nifi.web.security.jwt.jws.JwsSignerContainer;
import org.apache.nifi.web.security.jwt.jws.SignerListener;
import org.apache.nifi.web.security.jwt.key.Ed25519Signer;
import org.apache.nifi.web.security.jwt.key.VerificationKeyListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/key/command/KeyGenerationCommand.class */
public class KeyGenerationCommand implements Runnable {
    private static final String RSA_KEY_ALGORITHM = "RSA";
    private final KeyPairGenerator keyPairGenerator;
    private final JWSAlgorithm jwsAlgorithm;
    private final SignerListener signerListener;
    private final VerificationKeyListener verificationKeyListener;
    private static final Logger LOGGER = LoggerFactory.getLogger(KeyGenerationCommand.class);
    private static final JWSAlgorithm RSA_JWS_ALGORITHM = JWSAlgorithm.PS512;
    private static final JWSAlgorithm DEFAULT_JWS_ALGORITHM = JWSAlgorithm.EdDSA;

    public KeyGenerationCommand(SignerListener signerListener, VerificationKeyListener verificationKeyListener, KeyPairGenerator keyPairGenerator) {
        this.signerListener = (SignerListener) Objects.requireNonNull(signerListener, "Signer Listener required");
        this.verificationKeyListener = (VerificationKeyListener) Objects.requireNonNull(verificationKeyListener, "Verification Key Listener required");
        this.keyPairGenerator = (KeyPairGenerator) Objects.requireNonNull(keyPairGenerator, "Key Pair Generator required");
        if (RSA_KEY_ALGORITHM.equals(keyPairGenerator.getAlgorithm())) {
            this.jwsAlgorithm = RSA_JWS_ALGORITHM;
        } else {
            this.jwsAlgorithm = DEFAULT_JWS_ALGORITHM;
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        KeyPair generateKeyPair = this.keyPairGenerator.generateKeyPair();
        String uuid = UUID.randomUUID().toString();
        LOGGER.debug("Generated Key Pair [{}] Key Identifier [{}]", this.keyPairGenerator.getAlgorithm(), uuid);
        this.verificationKeyListener.onVerificationKeyGenerated(uuid, generateKeyPair.getPublic());
        this.signerListener.onSignerUpdated(new JwsSignerContainer(uuid, this.jwsAlgorithm, getJwsSigner(generateKeyPair.getPrivate())));
    }

    private JWSSigner getJwsSigner(PrivateKey privateKey) {
        return RSA_JWS_ALGORITHM.equals(this.jwsAlgorithm) ? new RSASSASigner(privateKey) : new Ed25519Signer(privateKey);
    }
}
