package com.nimbusds.openid.connect.provider.jwksetgen;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import java.util.LinkedList;
import java.util.List;

/* loaded from: input_file:com/nimbusds/openid/connect/provider/jwksetgen/FederationJWKSetGenerator.class */
public class FederationJWKSetGenerator {
    public static final int RSA_KEY_BIT_SIZE = 2048;

    public static RSAKey generateSigningRSAKey(String str) throws JOSEException {
        return new RSAKeyGenerator(2048).keyID(str).algorithm(JWSAlgorithm.RS256).keyUse(KeyUse.SIGNATURE).generate();
    }

    public List<JWK> generateRotatingKeys(KeyIDs keyIDs, boolean z) throws JOSEException {
        LinkedList linkedList = new LinkedList();
        KeyIDs keyIDs2 = new KeyIDs();
        keyIDs2.addAll(keyIDs);
        RSAKey generateSigningRSAKey = generateSigningRSAKey(keyIDs2.addRandomUniqueKeyID());
        linkedList.add(generateSigningRSAKey);
        if (z) {
            System.out.println("[1] Generated new signing RSA 2048 bit key with ID " + generateSigningRSAKey.getKeyID());
        }
        return linkedList;
    }

    public JWKSet generate(boolean z) throws JOSEException {
        return new JWKSet(generateRotatingKeys(new KeyIDs(), z));
    }

    public JWKSet generateAndPrefixNewKeys(JWKSet jWKSet, boolean z) throws Exception {
        LinkedList linkedList = new LinkedList(generateRotatingKeys(new KeyIDs(jWKSet), z));
        linkedList.addAll(jWKSet.getKeys());
        if (z) {
            System.out.println("[2] Prefixed newly generated keys to existing federation entity JWK set");
        }
        return new JWKSet(linkedList);
    }
}
