package org.apereo.cas.util.cipher;

import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.LinkedHashMap;
import java.util.Map;
import lombok.Generated;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.crypto.PrivateKeyFactoryBean;
import org.apereo.cas.util.crypto.PublicKeyFactoryBean;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.keys.AesKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.AbstractResource;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-util-api-6.5.6.jar:org/apereo/cas/util/cipher/AbstractCipherExecutor.class */
public abstract class AbstractCipherExecutor<T, R> implements CipherExecutor<T, R> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractCipherExecutor.class);
    private static final BigInteger RSA_PUBLIC_KEY_EXPONENT = BigInteger.valueOf(65537);
    private Key signingKey;
    private Map<String, Object> customHeaders = new LinkedHashMap();

    public static PrivateKey extractPrivateKeyFromResource(String str) {
        LOGGER.debug("Attempting to extract private key...");
        AbstractResource resourceFrom = ResourceUtils.getResourceFrom(str);
        PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
        privateKeyFactoryBean.setAlgorithm("RSA");
        privateKeyFactoryBean.setLocation(resourceFrom);
        privateKeyFactoryBean.setSingleton(false);
        return privateKeyFactoryBean.getObject();
    }

    public static PublicKey extractPublicKeyFromResource(String str) {
        LOGGER.debug("Attempting to extract public key from [{}]...", str);
        PublicKeyFactoryBean publicKeyFactoryBean = new PublicKeyFactoryBean(ResourceUtils.getResourceFrom(str), "RSA");
        publicKeyFactoryBean.setSingleton(false);
        return publicKeyFactoryBean.getObject();
    }

    @Override // org.apereo.cas.util.crypto.CipherExecutor
    public boolean isEnabled() {
        return this.signingKey != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] sign(byte[] bArr, Key key) {
        return key == null ? bArr : signWith(bArr, getSigningAlgorithmFor(key));
    }

    protected byte[] signWith(byte[] bArr, String str) {
        return signWith(bArr, str, this.signingKey);
    }

    protected byte[] signWith(byte[] bArr, String str, Key key) {
        return EncodingUtils.signJws(key, bArr, str, this.customHeaders);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureSigningKey(String str) {
        try {
            if (ResourceUtils.doesResourceExist(str)) {
                configureSigningKeyFromPrivateKeyResource(str);
            }
        } finally {
            if (this.signingKey == null) {
                setSigningKey(new AesKey(str.getBytes(StandardCharsets.UTF_8)));
                LOGGER.trace("Created signing key instance [{}] based on provided secret key", this.signingKey.getClass().getSimpleName());
            }
        }
    }

    protected void configureSigningKeyFromPrivateKeyResource(String str) {
        PrivateKey extractPrivateKeyFromResource = extractPrivateKeyFromResource(str);
        LOGGER.trace("Located signing key resource [{}]", str);
        setSigningKey(extractPrivateKeyFromResource);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] verifySignature(byte[] bArr, Key key) {
        if (key == null) {
            return bArr;
        }
        try {
            if (!(key instanceof RSAPrivateKey)) {
                return EncodingUtils.verifyJwsSignature(key, bArr);
            }
            return EncodingUtils.verifyJwsSignature(KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(((RSAPrivateKey) RSAPrivateKey.class.cast(key)).getModulus(), RSA_PUBLIC_KEY_EXPONENT)), bArr);
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    protected String getSigningAlgorithmFor(Key key) {
        return "RSA".equalsIgnoreCase(key.getAlgorithm()) ? AlgorithmIdentifiers.RSA_USING_SHA512 : AlgorithmIdentifiers.HMAC_SHA512;
    }

    @Generated
    public void setSigningKey(Key key) {
        this.signingKey = key;
    }

    @Generated
    public void setCustomHeaders(Map<String, Object> map) {
        this.customHeaders = map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public AbstractCipherExecutor() {
    }

    @Override // org.apereo.cas.util.crypto.CipherExecutor
    @Generated
    public Key getSigningKey() {
        return this.signingKey;
    }

    @Generated
    public Map<String, Object> getCustomHeaders() {
        return this.customHeaders;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
