package org.szegedi.spring.web.jsflow.codec;

import java.security.KeyPair;
import java.security.Signature;
import java.util.Random;
import org.springframework.beans.factory.InitializingBean;
import org.szegedi.spring.web.jsflow.FlowStateStorageException;
import org.szegedi.spring.web.jsflow.codec.support.OneWayCodec;

/* loaded from: input_file:org/szegedi/spring/web/jsflow/codec/IntegrityCodec.class */
public class IntegrityCodec implements BinaryStateCodec, InitializingBean {
    private KeyPair keyPair;
    private String signatureAlgorithmName;
    private int signatureLength;

    public void setKeyPair(KeyPair keyPair) {
        this.keyPair = keyPair;
    }

    public void setSignatureAlgorithmName(String str) {
        this.signatureAlgorithmName = str;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.signatureAlgorithmName == null) {
            this.signatureAlgorithmName = "SHA1With" + this.keyPair.getPublic().getAlgorithm();
        }
        testKeys();
    }

    private void testKeys() throws Exception {
        byte[] bArr = new byte[1024];
        new Random().nextBytes(bArr);
        Signature signature = Signature.getInstance(this.signatureAlgorithmName);
        signature.initSign(this.keyPair.getPrivate());
        signature.update(bArr);
        Signature signature2 = Signature.getInstance(this.signatureAlgorithmName);
        signature2.initVerify(this.keyPair.getPublic());
        signature2.update(bArr);
        byte[] sign = signature.sign();
        if (!signature2.verify(sign)) {
            throw new IllegalArgumentException("Public and private key don't match");
        }
        this.signatureLength = sign.length;
    }

    @Override // org.szegedi.spring.web.jsflow.codec.BinaryStateCodec
    public OneWayCodec createDecoder() throws Exception {
        final Signature signature = Signature.getInstance(this.signatureAlgorithmName);
        signature.initVerify(this.keyPair.getPublic());
        return new OneWayCodec() { // from class: org.szegedi.spring.web.jsflow.codec.IntegrityCodec.1
            @Override // org.szegedi.spring.web.jsflow.codec.support.OneWayCodec
            public byte[] code(byte[] bArr) throws Exception {
                int length = bArr.length - IntegrityCodec.this.signatureLength;
                signature.update(bArr, 0, length);
                if (!signature.verify(bArr, length, IntegrityCodec.this.signatureLength)) {
                    throw new FlowStateStorageException("Invalid signature");
                }
                byte[] bArr2 = new byte[length];
                System.arraycopy(bArr, 0, bArr2, 0, length);
                return bArr2;
            }
        };
    }

    @Override // org.szegedi.spring.web.jsflow.codec.BinaryStateCodec
    public OneWayCodec createEncoder() throws Exception {
        final Signature signature = Signature.getInstance(this.signatureAlgorithmName);
        signature.initSign(this.keyPair.getPrivate());
        return new OneWayCodec() { // from class: org.szegedi.spring.web.jsflow.codec.IntegrityCodec.2
            @Override // org.szegedi.spring.web.jsflow.codec.support.OneWayCodec
            public byte[] code(byte[] bArr) throws Exception {
                int length = bArr.length;
                byte[] bArr2 = new byte[length + IntegrityCodec.this.signatureLength];
                System.arraycopy(bArr, 0, bArr2, 0, length);
                signature.update(bArr);
                signature.sign(bArr2, length, IntegrityCodec.this.signatureLength);
                return bArr2;
            }
        };
    }
}
