package org.apereo.cas.services.util;

import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.Security;
import java.util.Optional;
import javax.crypto.Cipher;
import lombok.Generated;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceCipherExecutor;
import org.apereo.cas.util.EncodingUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/cas-server-core-services-api-5.3.12.jar:org/apereo/cas/services/util/RegisteredServicePublicKeyCipherExecutor.class */
public class RegisteredServicePublicKeyCipherExecutor implements RegisteredServiceCipherExecutor {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RegisteredServicePublicKeyCipherExecutor.class);

    @Override // org.apereo.cas.services.RegisteredServiceCipherExecutor
    public String encode(String str, Optional<RegisteredService> optional) {
        try {
            if (!optional.isPresent()) {
                return null;
            }
            RegisteredService registeredService = optional.get();
            byte[] encodeInternal = encodeInternal(str, createRegisteredServicePublicKey(registeredService), registeredService);
            if (encodeInternal != null) {
                return EncodingUtils.encodeBase64(encodeInternal);
            }
            return null;
        } catch (Exception e) {
            LOGGER.warn(e.getMessage(), (Throwable) e);
            return null;
        }
    }

    @Override // org.apereo.cas.services.RegisteredServiceCipherExecutor
    public String decode(String str, Optional<RegisteredService> optional) {
        LOGGER.warn("Operation is not supported by this cipher");
        return null;
    }

    protected static byte[] encodeInternal(String str, PublicKey publicKey, RegisteredService registeredService) {
        Cipher initializeCipherBasedOnServicePublicKey = initializeCipherBasedOnServicePublicKey(publicKey, registeredService);
        if (initializeCipherBasedOnServicePublicKey == null) {
            return null;
        }
        LOGGER.debug("Initialized cipher successfully. Proceeding to finalize...");
        return initializeCipherBasedOnServicePublicKey.doFinal(str.getBytes(StandardCharsets.UTF_8));
    }

    private static PublicKey createRegisteredServicePublicKey(RegisteredService registeredService) {
        if (registeredService.getPublicKey() == null) {
            LOGGER.debug("No public key is defined for service [{}]. No encoding will take place.", registeredService);
            return null;
        }
        PublicKey createInstance = registeredService.getPublicKey().createInstance();
        if (createInstance != null) {
            return createInstance;
        }
        LOGGER.debug("No public key instance created for service [{}]. No encoding will take place.", registeredService);
        return null;
    }

    private static Cipher initializeCipherBasedOnServicePublicKey(PublicKey publicKey, RegisteredService registeredService) {
        try {
            LOGGER.debug("Using service [{}] public key [{}] to initialize the cipher", registeredService.getServiceId(), registeredService.getPublicKey());
            Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
            cipher.init(1, publicKey);
            LOGGER.debug("Initialized cipher in encrypt-mode via the public key algorithm [{}] for service [{}]", publicKey.getAlgorithm(), registeredService.getServiceId());
            return cipher;
        } catch (Exception e) {
            LOGGER.warn("Cipher could not be initialized for service [{}]. Error [{}]", registeredService, e.getMessage());
            return null;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
