package org.cloudfoundry.identity.uaa.oauth;

import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cryptacular.util.PemUtil;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.jwt.crypto.sign.InvalidSignatureException;
import org.springframework.security.jwt.crypto.sign.MacSigner;
import org.springframework.security.jwt.crypto.sign.RsaSigner;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
import org.springframework.security.jwt.crypto.sign.Signer;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.1.0.jar:org/cloudfoundry/identity/uaa/oauth/SignerProvider.class */
public class SignerProvider implements InitializingBean {
    private final Log logger = LogFactory.getLog(getClass());
    private String verifierKey = new RandomValueStringGenerator().generate();
    private String signingKey = this.verifierKey;
    private Signer signer = new MacSigner(this.verifierKey);
    private String type = "MAC";

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        if (!(this.signer instanceof RsaSigner)) {
            Assert.state(this.signingKey == this.verifierKey, "For MAC signing you do not need to specify the verifier key separately, and if you do it must match the signing key");
            return;
        }
        this.type = "RSA";
        try {
            RsaVerifier rsaVerifier = new RsaVerifier(this.verifierKey);
            byte[] bytes = "test".getBytes();
            try {
                rsaVerifier.verify(bytes, this.signer.sign(bytes));
                this.logger.debug("Signing and verification RSA keys match");
            } catch (InvalidSignatureException e) {
                throw new RuntimeException("Signing and verification RSA keys do not match", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException("Unable to create an RSA verifier from verifierKey", e2);
        }
    }

    public Signer getSigner() {
        return this.signer;
    }

    public String getVerifierKey() {
        return this.verifierKey;
    }

    public String getSigningKey() {
        return this.signingKey;
    }

    public String getType() {
        return this.type;
    }

    public boolean isPublic() {
        return this.verifierKey.startsWith(PemUtil.HEADER_BEGIN);
    }

    public SignatureVerifier getVerifier() {
        return isAssymetricKey(this.signingKey) ? new RsaVerifier(this.verifierKey) : new MacSigner(this.verifierKey);
    }

    public String getRevocationHash(List<String> list) {
        String str = "";
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            byte[] bytes = (str + "###" + it.next()).getBytes();
            str = Integer.toHexString(murmurhash3x8632(bytes, 0, bytes.length, 61680));
        }
        return str;
    }

    public void setSigningKey(String str) {
        Assert.hasText(str);
        String trim = str.trim();
        this.signingKey = trim;
        if (isAssymetricKey(trim)) {
            this.signer = new RsaSigner(trim);
            this.logger.debug("Configured with RSA signing key");
        } else {
            this.verifierKey = trim;
            this.signer = new MacSigner(trim);
        }
    }

    private boolean isAssymetricKey(String str) {
        return str.startsWith(PemUtil.HEADER_BEGIN);
    }

    public void setVerifierKey(String str) {
        boolean z = false;
        try {
            new RsaSigner(str);
        } catch (Exception e) {
            z = true;
        }
        if (!z) {
            throw new IllegalArgumentException("Private key cannot be set as verifierKey property");
        }
        this.verifierKey = str;
    }

    public static int murmurhash3x8632(byte[] bArr, int i, int i2, int i3) {
        int i4 = i3;
        int i5 = i + (i2 & (-4));
        for (int i6 = i; i6 < i5; i6 += 4) {
            int i7 = ((bArr[i6] & 255) | ((bArr[i6 + 1] & 255) << 8) | ((bArr[i6 + 2] & 255) << 16) | (bArr[i6 + 3] << 24)) * (-862048943);
            int i8 = i4 ^ (((i7 << 15) | (i7 >>> 17)) * 461845907);
            i4 = (((i8 << 13) | (i8 >>> 19)) * 5) - 430675100;
        }
        int i9 = 0;
        switch (i2 & 3) {
            case 3:
                i9 = (bArr[i5 + 2] & 255) << 16;
            case 2:
                i9 |= (bArr[i5 + 1] & 255) << 8;
            case 1:
                int i10 = (i9 | (bArr[i5] & 255)) * (-862048943);
                i4 ^= ((i10 << 15) | (i10 >>> 17)) * 461845907;
                break;
        }
        int i11 = i4 ^ i2;
        int i12 = (i11 ^ (i11 >>> 16)) * (-2048144789);
        int i13 = (i12 ^ (i12 >>> 13)) * (-1028477387);
        return i13 ^ (i13 >>> 16);
    }
}
