package org.apereo.cas.util.cipher;

import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import lombok.Generated;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.crypto.PrivateKeyFactoryBean;
import org.apereo.cas.util.crypto.PublicKeyFactoryBean;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.keys.AesKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:org/apereo/cas/util/cipher/AbstractCipherExecutor.class */
public abstract class AbstractCipherExecutor<T, R> implements CipherExecutor<T, R> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractCipherExecutor.class);
    private Key signingKey;

    public static PrivateKey extractPrivateKeyFromResource(String str) {
        LOGGER.debug("Attempting to extract private key...");
        Resource resourceFrom = ResourceUtils.getResourceFrom(str);
        PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
        privateKeyFactoryBean.setAlgorithm("RSA");
        privateKeyFactoryBean.setLocation(resourceFrom);
        privateKeyFactoryBean.setSingleton(false);
        return (PrivateKey) privateKeyFactoryBean.getObject();
    }

    public static PublicKey extractPublicKeyFromResource(String str) {
        LOGGER.debug("Attempting to extract public key from [{}]...", str);
        Resource resourceFrom = ResourceUtils.getResourceFrom(str);
        PublicKeyFactoryBean publicKeyFactoryBean = new PublicKeyFactoryBean();
        publicKeyFactoryBean.setAlgorithm("RSA");
        publicKeyFactoryBean.setResource(resourceFrom);
        publicKeyFactoryBean.setSingleton(false);
        return (PublicKey) publicKeyFactoryBean.getObject();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] sign(byte[] bArr) {
        return this.signingKey == null ? bArr : "RSA".equalsIgnoreCase(this.signingKey.getAlgorithm()) ? EncodingUtils.signJwsRSASha512(this.signingKey, bArr) : EncodingUtils.signJwsHMACSha512(this.signingKey, bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureSigningKey(String str) {
        try {
            if (ResourceUtils.doesResourceExist(str)) {
                configureSigningKeyFromPrivateKeyResource(str);
            }
        } finally {
            if (this.signingKey == null) {
                setSigningKey(new AesKey(str.getBytes(StandardCharsets.UTF_8)));
                LOGGER.trace("Created signing key instance [{}] based on provided secret key", this.signingKey.getClass().getSimpleName());
            }
        }
    }

    protected void configureSigningKeyFromPrivateKeyResource(String str) {
        PrivateKey extractPrivateKeyFromResource = extractPrivateKeyFromResource(str);
        LOGGER.trace("Located signing key resource [{}]", str);
        setSigningKey(extractPrivateKeyFromResource);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] verifySignature(byte[] bArr) {
        return this.signingKey == null ? bArr : EncodingUtils.verifyJwsSignature(this.signingKey, bArr);
    }

    public boolean isEnabled() {
        return this.signingKey != null;
    }

    @Generated
    public void setSigningKey(Key key) {
        this.signingKey = key;
    }

    @Generated
    public AbstractCipherExecutor() {
    }

    @Generated
    public Key getSigningKey() {
        return this.signingKey;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
