package org.apereo.cas.oidc.jwks.generator;

import java.nio.charset.StandardCharsets;
import java.util.Optional;
import org.apache.commons.io.IOUtils;
import org.apereo.cas.configuration.model.support.oidc.OidcProperties;
import org.apereo.cas.configuration.model.support.oidc.jwks.OidcJsonWebKeystoreCoreProperties;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeyStoreUtils;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeyUsage;
import org.apereo.cas.oidc.jwks.rotation.OidcJsonWebKeystoreRotationService;
import org.apereo.cas.util.RandomUtils;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.PublicJsonWebKey;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/jwks/generator/OidcJsonWebKeystoreGeneratorService.class */
public interface OidcJsonWebKeystoreGeneratorService {
    static Resource toResource(JsonWebKeySet jsonWebKeySet) {
        return new ByteArrayResource(jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE).getBytes(StandardCharsets.UTF_8), "OIDC JWKS");
    }

    static JsonWebKeySet toJsonWebKeyStore(Resource resource) throws Exception {
        return new JsonWebKeySet(IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8));
    }

    static JsonWebKey generateJsonWebKey(OidcProperties oidcProperties, OidcJsonWebKeyUsage oidcJsonWebKeyUsage) {
        OidcJsonWebKeystoreCoreProperties core = oidcProperties.getJwks().getCore();
        PublicJsonWebKey generateJsonWebKey = OidcJsonWebKeyStoreUtils.generateJsonWebKey(core.getJwksType(), core.getJwksKeySize(), oidcJsonWebKeyUsage);
        generateJsonWebKey.setKeyId(core.getJwksKeyId().concat("-").concat(RandomUtils.randomAlphabetic(8)));
        return generateJsonWebKey;
    }

    static JsonWebKey generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates jsonWebKeyLifecycleStates, OidcProperties oidcProperties, OidcJsonWebKeyUsage oidcJsonWebKeyUsage) {
        JsonWebKey generateJsonWebKey = generateJsonWebKey(oidcProperties, oidcJsonWebKeyUsage);
        OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.setJsonWebKeyState(generateJsonWebKey, jsonWebKeyLifecycleStates);
        return generateJsonWebKey;
    }

    static JsonWebKeySet generateJsonWebKeySet(OidcProperties oidcProperties) {
        return new JsonWebKeySet(generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.CURRENT, oidcProperties, OidcJsonWebKeyUsage.SIGNING), generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.CURRENT, oidcProperties, OidcJsonWebKeyUsage.ENCRYPTION), generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.FUTURE, oidcProperties, OidcJsonWebKeyUsage.SIGNING), generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.FUTURE, oidcProperties, OidcJsonWebKeyUsage.ENCRYPTION));
    }

    Resource generate() throws Exception;

    JsonWebKeySet store(JsonWebKeySet jsonWebKeySet) throws Exception;

    Optional<Resource> find() throws Exception;
}
