package org.apereo.cas.util.cipher;

import java.nio.charset.StandardCharsets;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.gen.Base64RandomStringGenerator;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.OctJwkGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/util/cipher/BaseBinaryCipherExecutor.class */
public abstract class BaseBinaryCipherExecutor extends AbstractCipherExecutor<byte[], byte[]> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseBinaryCipherExecutor.class);
    protected final String cipherName;
    private String secretKeyAlgorithm = "AES";
    private byte[] encryptionSecretKey;
    private final SecretKeySpec encryptionKey;
    private final Cipher aesCipher;

    public BaseBinaryCipherExecutor(String str, String str2, int i, int i2, String str3) {
        this.cipherName = str3;
        ensureSigningKeyExists(str2, i);
        ensureEncryptionKeyExists(str, i2);
        this.encryptionKey = new SecretKeySpec(this.encryptionSecretKey, this.secretKeyAlgorithm);
        this.aesCipher = Cipher.getInstance("AES");
    }

    public byte[] encode(byte[] bArr) {
        this.aesCipher.init(1, this.encryptionKey);
        return sign(this.aesCipher.doFinal(bArr));
    }

    public byte[] decode(byte[] bArr) {
        byte[] verifySignature = verifySignature(bArr);
        this.aesCipher.init(2, this.encryptionKey);
        return this.aesCipher.doFinal(verifySignature);
    }

    private static String generateOctetJsonWebKeyOfSize(int i) {
        return OctJwkGenerator.generateJwk(i).toParams(JsonWebKey.OutputControlLevel.INCLUDE_SYMMETRIC).get(EncodingUtils.JSON_WEB_KEY).toString();
    }

    protected abstract String getEncryptionKeySetting();

    protected abstract String getSigningKeySetting();

    private void ensureEncryptionKeyExists(String str, int i) {
        byte[] bytes;
        if (StringUtils.isBlank(str)) {
            LOGGER.warn("Secret key for encryption is not defined under [{}]. CAS will attempt to auto-generate the encryption key", getEncryptionKeySetting());
            String newString = new Base64RandomStringGenerator(i).getNewString();
            LOGGER.warn("Generated encryption key [{}] of size [{}]. The generated key MUST be added to CAS settings under setting [{}].", new Object[]{newString, Integer.valueOf(i), getEncryptionKeySetting()});
            bytes = EncodingUtils.decodeBase64(newString);
        } else {
            boolean isBase64 = EncodingUtils.isBase64(str);
            byte[] bArr = new byte[0];
            if (isBase64) {
                bArr = EncodingUtils.decodeBase64(str);
            }
            if (isBase64 && bArr.length == i) {
                LOGGER.debug("Secret key for encryption defined under [{}] is Base64 encoded.", getEncryptionKeySetting());
                bytes = bArr;
            } else if (str.length() != i) {
                LOGGER.warn("Secret key for encryption defined under [{}] is Base64 encoded but the size does not match the key size [{}].", getEncryptionKeySetting(), Integer.valueOf(i));
                bytes = str.getBytes(StandardCharsets.UTF_8);
            } else {
                LOGGER.warn("Secret key for encryption defined under [{}] is not Base64 encoded. Clear the setting to regenerate (Recommended) or replace with [{}].", getEncryptionKeySetting(), EncodingUtils.encodeBase64(str));
                bytes = str.getBytes(StandardCharsets.UTF_8);
            }
        }
        this.encryptionSecretKey = bytes;
    }

    private void ensureSigningKeyExists(String str, int i) {
        String str2 = str;
        if (StringUtils.isBlank(str2)) {
            LOGGER.warn("Secret key for signing is not defined under [{}]. CAS will attempt to auto-generate the signing key", getSigningKeySetting());
            str2 = generateOctetJsonWebKeyOfSize(i);
            LOGGER.warn("Generated signing key [{}] of size [{}]. The generated key MUST be added to CAS settings under setting [{}].", new Object[]{str2, Integer.valueOf(i), getSigningKeySetting()});
        }
        configureSigningKey(str2);
    }

    @Generated
    public String getCipherName() {
        return this.cipherName;
    }

    @Generated
    public String getSecretKeyAlgorithm() {
        return this.secretKeyAlgorithm;
    }

    @Generated
    public byte[] getEncryptionSecretKey() {
        return this.encryptionSecretKey;
    }

    @Generated
    public SecretKeySpec getEncryptionKey() {
        return this.encryptionKey;
    }

    @Generated
    public Cipher getAesCipher() {
        return this.aesCipher;
    }

    @Generated
    public void setSecretKeyAlgorithm(String str) {
        this.secretKeyAlgorithm = str;
    }

    @Generated
    public void setEncryptionSecretKey(byte[] bArr) {
        this.encryptionSecretKey = bArr;
    }
}
