package com.gentics.contentnode.rest.configuration;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.gentics.api.lib.exception.NodeException;
import com.gentics.lib.log.NodeLogger;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParserBuilder;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.InvalidKeyException;
import io.jsonwebtoken.security.Keys;
import java.io.File;
import java.io.IOException;
import java.security.KeyPair;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.UUID;
import org.apache.commons.io.FileUtils;

/* loaded from: input_file:com/gentics/contentnode/rest/configuration/KeyProvider.class */
public final class KeyProvider {
    protected static final NodeLogger logger = NodeLogger.getNodeLogger(KeyProvider.class);
    public static final String DEFAULT_KEYFILE_NAME = "private-key.jwk";
    public static final String KEYFILE_PARAM_NAME = "com.gentics.contentnode.private-key.path";
    private static RSAKey instance;

    public static final void init(String str) throws NodeException {
        File file = new File(System.getProperty(KEYFILE_PARAM_NAME, String.format("%s%s", str, DEFAULT_KEYFILE_NAME)));
        try {
            if (file.exists()) {
                instance = JWK.parse(FileUtils.readFileToString(file));
            } else {
                KeyPair keyPairFor = Keys.keyPairFor(SignatureAlgorithm.RS256);
                instance = new RSAKey.Builder((RSAPublicKey) keyPairFor.getPublic()).privateKey(keyPairFor.getPrivate()).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).build();
                FileUtils.writeStringToFile(file, instance.toJSONString());
            }
        } catch (IOException | ParseException e) {
            throw new NodeException(e);
        }
    }

    public static final JwtBuilder sign(JwtBuilder jwtBuilder) throws NodeException {
        try {
            return jwtBuilder.signWith(instance.toPrivateKey());
        } catch (InvalidKeyException | JOSEException e) {
            throw new NodeException(e);
        }
    }

    public static final JwtParserBuilder signedWith(JwtParserBuilder jwtParserBuilder) throws NodeException {
        try {
            return jwtParserBuilder.setSigningKey(instance.toPublicKey());
        } catch (JOSEException e) {
            throw new NodeException(e);
        }
    }

    public static final JsonNode getPublicKey() throws NodeException {
        try {
            return (JsonNode) new ObjectMapper().readValue(instance.toPublicJWK().toJSONString(), JsonNode.class);
        } catch (IOException e) {
            throw new NodeException(e);
        }
    }
}
