package org.apereo.cas.token.cipher;

import java.io.Serializable;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceCipherExecutor;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.cipher.BaseStringCipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-token-core-api-6.5.3.jar:org/apereo/cas/token/cipher/RegisteredServiceJwtTicketCipherExecutor.class */
public class RegisteredServiceJwtTicketCipherExecutor extends JwtTicketCipherExecutor implements RegisteredServiceCipherExecutor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RegisteredServiceJwtTicketCipherExecutor.class);

    @Override // org.apereo.cas.services.RegisteredServiceCipherExecutor
    public String decode(String str, Optional<RegisteredService> optional) {
        if (optional.isPresent()) {
            RegisteredService registeredService = optional.get();
            if (supports(registeredService)) {
                LOGGER.debug("Found signing and/or encryption keys for [{}] in service registry to decode", registeredService.getServiceId());
                JwtTicketCipherExecutor tokenTicketCipherExecutorForService = getTokenTicketCipherExecutorForService(registeredService);
                if (tokenTicketCipherExecutorForService.isEnabled()) {
                    return tokenTicketCipherExecutorForService.decode((Serializable) str, new Object[]{registeredService});
                }
            }
        }
        return decode((Serializable) str, (Object[]) ArrayUtils.EMPTY_BOOLEAN_OBJECT_ARRAY);
    }

    @Override // org.apereo.cas.services.RegisteredServiceCipherExecutor
    public String encode(String str, Optional<RegisteredService> optional) {
        if (optional.isPresent()) {
            RegisteredService registeredService = optional.get();
            if (supports(registeredService)) {
                LOGGER.debug("Found signing and/or encryption keys for [{}] in service registry to encode", registeredService.getServiceId());
                JwtTicketCipherExecutor tokenTicketCipherExecutorForService = getTokenTicketCipherExecutorForService(registeredService);
                if (tokenTicketCipherExecutorForService.isEnabled()) {
                    return tokenTicketCipherExecutorForService.encode(str);
                }
            }
        }
        return encode((Serializable) str, (Object[]) ArrayUtils.EMPTY_BOOLEAN_OBJECT_ARRAY);
    }

    @Override // org.apereo.cas.services.RegisteredServiceCipherExecutor
    public boolean supports(RegisteredService registeredService) {
        return getSigningKey(registeredService).isPresent();
    }

    public JwtTicketCipherExecutor getTokenTicketCipherExecutorForService(RegisteredService registeredService) {
        return createCipherExecutorInstance(getEncryptionKey(registeredService).orElse(""), getSigningKey(registeredService).orElse(""), registeredService, getCipherOperationsStrategyType(registeredService).orElse(BaseStringCipherExecutor.CipherOperationsStrategyType.ENCRYPT_AND_SIGN));
    }

    protected Optional<BaseStringCipherExecutor.CipherOperationsStrategyType> getCipherOperationsStrategyType(RegisteredService registeredService) {
        RegisteredServiceProperty.RegisteredServiceProperties cipherStrategyTypeRegisteredServiceProperty = getCipherStrategyTypeRegisteredServiceProperty(registeredService);
        return cipherStrategyTypeRegisteredServiceProperty.isAssignedTo(registeredService) ? Optional.of(BaseStringCipherExecutor.CipherOperationsStrategyType.valueOf(cipherStrategyTypeRegisteredServiceProperty.getPropertyValue(registeredService).getValue())) : Optional.empty();
    }

    protected JwtTicketCipherExecutor createCipherExecutorInstance(String str, String str2, RegisteredService registeredService, BaseStringCipherExecutor.CipherOperationsStrategyType cipherOperationsStrategyType) {
        JwtTicketCipherExecutor jwtTicketCipherExecutor = new JwtTicketCipherExecutor(str, str2, StringUtils.isNotBlank(str), StringUtils.isNotBlank(str2), 0, 0);
        jwtTicketCipherExecutor.setCustomHeaders(CollectionUtils.wrap(CUSTOM_HEADER_REGISTERED_SERVICE_ID, Long.valueOf(registeredService.getId())));
        jwtTicketCipherExecutor.setStrategyType(cipherOperationsStrategyType);
        return jwtTicketCipherExecutor;
    }

    public Optional<String> getSigningKey(RegisteredService registeredService) {
        RegisteredServiceProperty.RegisteredServiceProperties signingKeyRegisteredServiceProperty = getSigningKeyRegisteredServiceProperty();
        return signingKeyRegisteredServiceProperty.isAssignedTo(registeredService) ? Optional.of(signingKeyRegisteredServiceProperty.getPropertyValue(registeredService).getValue()) : Optional.empty();
    }

    public Optional<String> getEncryptionKey(RegisteredService registeredService) {
        RegisteredServiceProperty.RegisteredServiceProperties encryptionKeyRegisteredServiceProperty = getEncryptionKeyRegisteredServiceProperty();
        return encryptionKeyRegisteredServiceProperty.isAssignedTo(registeredService) ? Optional.of(encryptionKeyRegisteredServiceProperty.getPropertyValue(registeredService).getValue()) : Optional.empty();
    }

    protected RegisteredServiceProperty.RegisteredServiceProperties getCipherStrategyTypeRegisteredServiceProperty(RegisteredService registeredService) {
        return RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_AS_SERVICE_TICKET_CIPHER_STRATEGY_TYPE;
    }

    protected RegisteredServiceProperty.RegisteredServiceProperties getSigningKeyRegisteredServiceProperty() {
        return RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_AS_SERVICE_TICKET_SIGNING_KEY;
    }

    protected RegisteredServiceProperty.RegisteredServiceProperties getEncryptionKeyRegisteredServiceProperty() {
        return RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_AS_SERVICE_TICKET_ENCRYPTION_KEY;
    }

    @Generated
    public RegisteredServiceJwtTicketCipherExecutor() {
    }
}
