package org.hyperledger.besu.ethereum.api.jsonrpc.authentication;

import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.jwt.JWTAuthOptions;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:org/hyperledger/besu/ethereum/api/jsonrpc/authentication/JWTAuthOptionsFactory.class */
public class JWTAuthOptionsFactory {
    private static final String ALGORITHM = "RS256";
    private static final String PERMISSIONS = "permissions";

    public JWTAuthOptions createForExternalPublicKey(File file) {
        return new JWTAuthOptions().setPermissionsClaimKey(PERMISSIONS).addPubSecKey(new PubSecKeyOptions().setAlgorithm(ALGORITHM).setPublicKey(Base64.getEncoder().encodeToString(readPublicKey(file))));
    }

    public JWTAuthOptions createWithGeneratedKeyPair() {
        KeyPair generateJwtKeyPair = generateJwtKeyPair();
        return new JWTAuthOptions().setPermissionsClaimKey(PERMISSIONS).addPubSecKey(new PubSecKeyOptions().setAlgorithm(ALGORITHM).setPublicKey(Base64.getEncoder().encodeToString(generateJwtKeyPair.getPublic().getEncoded())).setSecretKey(Base64.getEncoder().encodeToString(generateJwtKeyPair.getPrivate().getEncoded())));
    }

    private byte[] readPublicKey(File file) {
        try {
            BufferedReader newBufferedReader = Files.newBufferedReader(file.toPath(), StandardCharsets.UTF_8);
            try {
                PemReader pemReader = new PemReader(newBufferedReader);
                try {
                    PemObject readPemObject = pemReader.readPemObject();
                    if (readPemObject == null) {
                        throw new IllegalStateException("Authentication RPC public key file format is invalid");
                    }
                    byte[] content = readPemObject.getContent();
                    pemReader.close();
                    if (newBufferedReader != null) {
                        newBufferedReader.close();
                    }
                    return content;
                } catch (Throwable th) {
                    try {
                        pemReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException("Authentication RPC public key could not be read", e);
        }
    }

    private KeyPair generateJwtKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
