package org.apereo.cas.util.cipher;

import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.PublicKey;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.function.Supplier;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.jwt.JsonWebTokenEncryptor;
import org.jose4j.json.JsonUtil;
import org.jose4j.jwk.PublicJsonWebKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/util/cipher/BaseStringCipherExecutor.class */
public abstract class BaseStringCipherExecutor extends AbstractCipherExecutor<Serializable, String> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseStringCipherExecutor.class);
    private CipherOperationsStrategyType strategyType;
    private String encryptionAlgorithm;
    private Key encryptionKey;
    private boolean encryptionEnabled;
    private boolean signingEnabled;
    private int encryptionKeySize;
    private int signingKeySize;
    private String secretKeyEncryption;
    private String secretKeySigning;
    private String contentEncryptionAlgorithmIdentifier;
    private boolean initialized;

    /* loaded from: input_file:org/apereo/cas/util/cipher/BaseStringCipherExecutor$CipherOperationsStrategyType.class */
    public enum CipherOperationsStrategyType {
        ENCRYPT_AND_SIGN,
        SIGN_AND_ENCRYPT
    }

    protected BaseStringCipherExecutor(String str, String str2, boolean z, boolean z2, int i, int i2) {
        this(str, str2, "A128CBC-HS256", z, z2, i, i2);
    }

    protected BaseStringCipherExecutor(String str, String str2, boolean z, int i, int i2) {
        this(str, str2, z, true, i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseStringCipherExecutor(String str, String str2, String str3, int i, int i2) {
        this(str, str2, str3, true, true, i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseStringCipherExecutor(String str, String str2, int i, int i2) {
        this(str, str2, "A128CBC-HS256", true, true, i, i2);
    }

    protected BaseStringCipherExecutor(String str, String str2, String str3, boolean z, boolean z2, int i, int i2) {
        this.strategyType = CipherOperationsStrategyType.ENCRYPT_AND_SIGN;
        this.encryptionAlgorithm = "dir";
        this.encryptionEnabled = true;
        this.signingEnabled = true;
        this.encryptionKeySize = 256;
        this.signingKeySize = 512;
        this.secretKeyEncryption = str;
        this.secretKeySigning = str2;
        this.signingEnabled = z2 || StringUtils.isNotBlank(str2);
        this.encryptionEnabled = z || StringUtils.isNotBlank(str);
        this.signingKeySize = i <= 0 ? 512 : i;
        this.encryptionKeySize = i2 <= 0 ? 256 : i2;
        this.contentEncryptionAlgorithmIdentifier = str3;
        initialize();
    }

    @Override // 
    public String encode(Serializable serializable, Object[] objArr) {
        return this.strategyType == CipherOperationsStrategyType.ENCRYPT_AND_SIGN ? encryptAndSign(serializable, getEncryptionKey(), getSigningKey()) : signAndEncrypt(serializable, getEncryptionKey(), getSigningKey());
    }

    @Override // 
    public String decode(Serializable serializable, Object[] objArr) {
        return decode(serializable, objArr, getEncryptionKey(), getSigningKey());
    }

    protected String decode(Serializable serializable, Object[] objArr, Key key, Key key2) {
        return this.strategyType == CipherOperationsStrategyType.ENCRYPT_AND_SIGN ? verifyAndDecrypt(serializable, key, key2) : decryptAndVerify(serializable, key, key2);
    }

    protected void initialize() {
        if (this.initialized) {
            return;
        }
        if (this.encryptionEnabled) {
            configureEncryptionParameters(this.secretKeyEncryption, this.contentEncryptionAlgorithmIdentifier);
        } else {
            LOGGER.debug("Encryption is not enabled for [{}]. The cipher [{}] will only attempt to produce signed objects", getName(), getClass().getSimpleName());
        }
        if (this.signingEnabled) {
            configureSigningParameters(this.secretKeySigning);
        } else {
            LOGGER.info("Signing is not enabled for [{}]. The cipher [{}] will attempt to produce plain objects", getName(), getClass().getSimpleName());
        }
        this.initialized = true;
    }

    @Override // org.apereo.cas.util.cipher.AbstractCipherExecutor
    public boolean isEnabled() {
        return super.isEnabled() || isEncryptionPossible(this.encryptionKey);
    }

    protected void configureEncryptionKeyFromPublicKeyResource(String str) {
        PublicKey extractPublicKeyFromResource = extractPublicKeyFromResource(str);
        LOGGER.debug("Located encryption key resource [{}]", str);
        setEncryptionKey(extractPublicKeyFromResource);
        setEncryptionAlgorithm("RSA-OAEP-256");
    }

    protected boolean isEncryptionPossible(Key key) {
        return this.encryptionEnabled && key != null;
    }

    protected String getEncryptionKeySetting() {
        return "N/A";
    }

    protected String getSigningKeySetting() {
        return "N/A";
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [org.apereo.cas.util.jwt.JsonWebTokenEncryptor$JsonWebTokenEncryptorBuilder] */
    protected String encryptValueAsJwt(Key key, Serializable serializable) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(getCommonHeaders());
        linkedHashMap.putAll(getEncryptionOpHeaders());
        return JsonWebTokenEncryptor.builder().key(key).algorithm(this.encryptionAlgorithm).encryptionMethod(this.contentEncryptionAlgorithmIdentifier).headers(linkedHashMap).build().encrypt(serializable);
    }

    private void configureSigningParameters(String str) {
        String str2 = str;
        if (StringUtils.isBlank(str2)) {
            LOGGER.warn("Secret key for signing is not defined for [{}]. CAS will attempt to auto-generate the signing key", getName());
            str2 = EncodingUtils.generateJsonWebKey(this.signingKeySize);
            LOGGER.warn("Generated signing key [{}] of size [{}] for [{}]. The generated key MUST be added to CAS settings:\n\n\t{}\n\n", new Object[]{str2, Integer.valueOf(this.signingKeySize), getName(), String.format("%s=%s", getSigningKeySetting(), str2)});
        } else {
            try {
                PublicJsonWebKey newJsonWebKey = EncodingUtils.newJsonWebKey(str2);
                LOGGER.trace("Parsed signing key as a JSON web key for [{}] with kid [{}]", getName(), newJsonWebKey.getKeyId());
                if (newJsonWebKey.getPrivateKey() == null) {
                    LOGGER.error("Provided signing key as a JSON web key does not carry a private key");
                    throw new RuntimeException("Provided signing key as a JSON web key does not carry a private key");
                }
                setSigningKey(newJsonWebKey.getPrivateKey());
            } catch (Exception e) {
                LOGGER.trace("Unable to recognize signing key for [{}] as a JSON web key: [{}].", getSigningKeySetting(), e.getMessage());
                LOGGER.debug("Using pre-defined signing key to use for [{}]", getSigningKeySetting());
            }
        }
        configureSigningKey(str2);
    }

    private void configureEncryptionParameters(String str, String str2) {
        String str3 = str;
        if (StringUtils.isBlank(str3)) {
            LOGGER.warn("Secret key for encryption is not defined for [{}]; CAS will attempt to auto-generate the encryption key", getName());
            str3 = EncodingUtils.generateJsonWebKey(this.encryptionKeySize);
            LOGGER.warn("Generated encryption key [{}] of size [{}] for [{}]. The generated key MUST be added to CAS settings:\n\n\t{}\n\n", new Object[]{str3, Integer.valueOf(this.encryptionKeySize), getName(), String.format("%s=%s", getEncryptionKeySetting(), str3)});
        } else {
            try {
                Map parseJson = JsonUtil.parseJson(str3);
                LOGGER.trace("Parsed encryption key as a JSON web key for [{}] as [{}]", getName(), parseJson);
                setEncryptionKey(EncodingUtils.generateJsonWebKey((Map<String, Object>) parseJson));
            } catch (Exception e) {
                LOGGER.trace("Unable to recognize encryption key [{}] as a JSON web key: [{}].", getEncryptionKeySetting(), e.getMessage());
                LOGGER.debug("Using pre-defined encryption key to use for [{}]", getEncryptionKeySetting());
            }
        }
        try {
            try {
                if (ResourceUtils.doesResourceExist(str3)) {
                    configureEncryptionKeyFromPublicKeyResource(str3);
                }
            } catch (Exception e2) {
                LoggingUtils.error(LOGGER, e2);
                if (this.encryptionKey == null) {
                    LOGGER.trace("Creating encryption key instance based on provided secret key");
                    setEncryptionKey(EncodingUtils.generateJsonWebKey(str3));
                }
                if (StringUtils.isBlank(str2)) {
                    setContentEncryptionAlgorithmIdentifier("A128CBC-HS256");
                } else {
                    setContentEncryptionAlgorithmIdentifier(str2);
                }
                LOGGER.trace("Initialized cipher encryption sequence via content encryption [{}] and algorithm [{}]", this.contentEncryptionAlgorithmIdentifier, this.encryptionAlgorithm);
            }
        } finally {
            if (this.encryptionKey == null) {
                LOGGER.trace("Creating encryption key instance based on provided secret key");
                setEncryptionKey(EncodingUtils.generateJsonWebKey(str3));
            }
            if (StringUtils.isBlank(str2)) {
                setContentEncryptionAlgorithmIdentifier("A128CBC-HS256");
            } else {
                setContentEncryptionAlgorithmIdentifier(str2);
            }
            LOGGER.trace("Initialized cipher encryption sequence via content encryption [{}] and algorithm [{}]", this.contentEncryptionAlgorithmIdentifier, this.encryptionAlgorithm);
        }
    }

    private String decryptAndVerify(Serializable serializable, Key key, Key key2) {
        String serializable2 = serializable.toString();
        if (isEncryptionPossible(key)) {
            LOGGER.trace("Attempting to decrypt value based on encryption key defined by [{}]", getEncryptionKeySetting());
            serializable2 = EncodingUtils.decryptJwtValue(key, serializable2);
        }
        byte[] bytes = serializable2.getBytes(StandardCharsets.UTF_8);
        return new String((byte[]) FunctionUtils.doIf(this.signingEnabled, () -> {
            LOGGER.trace("Attempting to verify signature based on signing key defined by [{}]", getSigningKeySetting());
            return verifySignature(bytes, key2);
        }, () -> {
            return bytes;
        }).get(), StandardCharsets.UTF_8);
    }

    private String verifyAndDecrypt(Serializable serializable, Key key, Key key2) {
        byte[] bytes = serializable.toString().getBytes(StandardCharsets.UTF_8);
        byte[] bArr = (byte[]) FunctionUtils.doIf(this.signingEnabled, () -> {
            LOGGER.trace("Attempting to verify signature based on signing key defined by [{}]", getSigningKeySetting());
            return verifySignature(bytes, key2);
        }, () -> {
            return bytes;
        }).get();
        if (bArr == null || bArr.length <= 0) {
            return null;
        }
        String str = new String(bArr, StandardCharsets.UTF_8);
        if (!isEncryptionPossible(key)) {
            return str;
        }
        LOGGER.trace("Attempting to decrypt value based on encryption key defined by [{}]", getEncryptionKeySetting());
        return EncodingUtils.decryptJwtValue(key, str);
    }

    private String encryptAndSign(Serializable serializable, Key key, Key key2) {
        boolean isEncryptionPossible = isEncryptionPossible(key);
        Supplier supplier = () -> {
            LOGGER.trace("Attempting to encrypt value based on encryption key defined by [{}]", getEncryptionKeySetting());
            return encryptValueAsJwt(key, serializable);
        };
        Objects.requireNonNull(serializable);
        String str = (String) FunctionUtils.doIf(isEncryptionPossible, supplier, serializable::toString).get();
        if (!this.signingEnabled) {
            return str;
        }
        LOGGER.trace("Attempting to sign value based on signing key defined by [{}]", getSigningKeySetting());
        return new String(sign(str.getBytes(StandardCharsets.UTF_8), key2), StandardCharsets.UTF_8);
    }

    private String signAndEncrypt(Serializable serializable, Key key, Key key2) {
        boolean z = this.signingEnabled;
        Supplier supplier = () -> {
            LOGGER.trace("Attempting to sign value based on signing key defined by [{}]", getSigningKeySetting());
            return new String(sign(serializable.toString().getBytes(StandardCharsets.UTF_8), key2), StandardCharsets.UTF_8);
        };
        Objects.requireNonNull(serializable);
        String str = (String) FunctionUtils.doIf(z, supplier, serializable::toString).get();
        return (String) FunctionUtils.doIf(isEncryptionPossible(key), () -> {
            LOGGER.trace("Attempting to encrypt value based on encryption key defined by [{}]", getEncryptionKeySetting());
            return encryptValueAsJwt(key, str);
        }, () -> {
            return str;
        }).get();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseStringCipherExecutor() {
        this.strategyType = CipherOperationsStrategyType.ENCRYPT_AND_SIGN;
        this.encryptionAlgorithm = "dir";
        this.encryptionEnabled = true;
        this.signingEnabled = true;
        this.encryptionKeySize = 256;
        this.signingKeySize = 512;
    }

    @Generated
    public void setStrategyType(CipherOperationsStrategyType cipherOperationsStrategyType) {
        this.strategyType = cipherOperationsStrategyType;
    }

    @Generated
    public void setEncryptionAlgorithm(String str) {
        this.encryptionAlgorithm = str;
    }

    @Generated
    public void setEncryptionKey(Key key) {
        this.encryptionKey = key;
    }

    @Generated
    public void setEncryptionEnabled(boolean z) {
        this.encryptionEnabled = z;
    }

    @Generated
    public void setSigningEnabled(boolean z) {
        this.signingEnabled = z;
    }

    @Generated
    public void setEncryptionKeySize(int i) {
        this.encryptionKeySize = i;
    }

    @Generated
    public void setSigningKeySize(int i) {
        this.signingKeySize = i;
    }

    @Generated
    public void setSecretKeyEncryption(String str) {
        this.secretKeyEncryption = str;
    }

    @Generated
    public void setSecretKeySigning(String str) {
        this.secretKeySigning = str;
    }

    @Generated
    public void setContentEncryptionAlgorithmIdentifier(String str) {
        this.contentEncryptionAlgorithmIdentifier = str;
    }

    @Generated
    public void setInitialized(boolean z) {
        this.initialized = z;
    }

    @Generated
    public CipherOperationsStrategyType getStrategyType() {
        return this.strategyType;
    }

    @Generated
    public String getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    @Generated
    public Key getEncryptionKey() {
        return this.encryptionKey;
    }

    @Generated
    public boolean isEncryptionEnabled() {
        return this.encryptionEnabled;
    }

    @Generated
    public boolean isSigningEnabled() {
        return this.signingEnabled;
    }

    @Generated
    public int getEncryptionKeySize() {
        return this.encryptionKeySize;
    }

    @Generated
    public int getSigningKeySize() {
        return this.signingKeySize;
    }

    @Generated
    public String getSecretKeyEncryption() {
        return this.secretKeyEncryption;
    }

    @Generated
    public String getSecretKeySigning() {
        return this.secretKeySigning;
    }

    @Generated
    public String getContentEncryptionAlgorithmIdentifier() {
        return this.contentEncryptionAlgorithmIdentifier;
    }

    @Generated
    public boolean isInitialized() {
        return this.initialized;
    }
}
