package com.nimbusds.jose.aws.kms.scripts;

import com.amazonaws.services.kms.AWSKMSClientBuilder;
import com.amazonaws.services.kms.model.MessageType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.aws.kms.crypto.KmsAsymmetricRSASSASigner;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;

/* loaded from: input_file:com/nimbusds/jose/aws/kms/scripts/KmsAsymmetricJwsCompactSignatureGeneratorScript.class */
public class KmsAsymmetricJwsCompactSignatureGeneratorScript {
    private static final String COMMAND = "gradle kmsRsaSsaSigner";

    public static void main(String[] strArr) throws Exception {
        new KmsAsymmetricJwsCompactSignatureGeneratorScript().execute(strArr);
    }

    private void execute(String[] strArr) throws Exception {
        Options buildOptions = buildOptions();
        CommandLine parse = new DefaultParser().parse(buildOptions, strArr);
        if (parse.hasOption("help")) {
            System.out.println(ScriptConstants.LINE_SEPARATOR);
            new HelpFormatter().printHelp(COMMAND, buildOptions);
            System.out.println(ScriptConstants.LINE_SEPARATOR);
        } else if (!parse.hasOption("alg") || !parse.hasOption("kid") || !parse.hasOption("payload") || !parse.hasOption("messageType")) {
            System.out.printf("%1$s%2$s, %3$s, %4$s, %5$s options are required. Use '--%6$s' for details of these options.%1$s", ScriptConstants.LINE_SEPARATOR, "alg", "kid", "payload", "messageType", "help");
        } else {
            System.out.printf("%1$sJWS Token:%1$s%2$s%1$s", ScriptConstants.LINE_SEPARATOR, sign(JWSAlgorithm.parse(parse.getOptionValue("alg")), parse.getOptionValue("kid"), parse.getOptionValue("payload"), parse.getOptionValue("messageType")).serialize());
        }
    }

    private Options buildOptions() {
        Options options = new Options();
        options.addOption(Option.builder().longOpt("help").desc("Print this help message.").build());
        options.addOption(Option.builder().hasArg().longOpt("alg").desc("JWS signature generation algorithm").build());
        options.addOption(Option.builder().hasArg().longOpt("kid").desc("Id of the key, which should used for signature generation. Pass a KMS CMK ARN or alias ARN. Note: You'll have to configure credentials of an IAM user in the default profile, who as access to the provided CMK. Follow these instruction to configure user credentials: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-where").build());
        options.addOption(Option.builder().hasArg().longOpt("messageType").desc("Type Of message can be Digest or rawhttps://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html#API_Sign_RequestSyntax").build());
        options.addOption(Option.builder().hasArg().longOpt("payload").desc("Payload to for signature generation.").build());
        return options;
    }

    private JWSObject sign(JWSAlgorithm jWSAlgorithm, String str, String str2, String str3) throws Exception {
        KmsAsymmetricRSASSASigner kmsAsymmetricRSASSASigner = new KmsAsymmetricRSASSASigner(AWSKMSClientBuilder.defaultClient(), str, MessageType.fromValue(str3));
        JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(jWSAlgorithm).keyID(str).customParam("messageType", str3).build(), new Payload(str2));
        jWSObject.sign(kmsAsymmetricRSASSASigner);
        return jWSObject;
    }
}
