package org.apereo.cas.util.cipher;

import com.google.common.base.Throwables;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.util.EncodingUtils;
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.OctetSequenceJsonWebKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-util-5.1.0.jar:org/apereo/cas/util/cipher/BaseStringCipherExecutor.class */
public abstract class BaseStringCipherExecutor extends AbstractCipherExecutor<Serializable, String> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BaseStringCipherExecutor.class);
    private static final int ENCRYPTION_KEY_SIZE = 256;
    private static final int SIGNING_KEY_SIZE = 512;
    private String contentEncryptionAlgorithmIdentifier;
    private Key secretKeyEncryptionKey;

    private BaseStringCipherExecutor() {
    }

    public BaseStringCipherExecutor(String str, String str2) {
        this(str, str2, ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);
    }

    public BaseStringCipherExecutor(String str, String str2, String str3) {
        if (StringUtils.isBlank(str3)) {
            LOGGER.debug("contentEncryptionAlgorithmIdentifier is not defined");
            return;
        }
        String str4 = str;
        if (StringUtils.isBlank(str4)) {
            LOGGER.warn("Secret key for encryption is not defined for [{}]; CAS will attempt to auto-generate the encryption key", getName());
            str4 = EncodingUtils.generateJsonWebKey(256);
            LOGGER.warn("Generated encryption key [{}] of size [{}] for [{}]. The generated key MUST be added to CAS settings.", str4, 256, getName());
        } else {
            LOGGER.debug("Located encryption key to use for [{}]", getName());
        }
        String str5 = str2;
        if (StringUtils.isBlank(str5)) {
            LOGGER.warn("Secret key for signing is not defined for [{}]. CAS will attempt to auto-generate the signing key", getName());
            str5 = EncodingUtils.generateJsonWebKey(512);
            LOGGER.warn("Generated signing key [{}] of size [{}] for [{}]. The generated key MUST be added to CAS settings.", str5, 512, getName());
        } else {
            LOGGER.debug("Located signing key to use for [{}]", getName());
        }
        setSigningKey(str5);
        this.secretKeyEncryptionKey = prepareJsonWebTokenKey(str4);
        this.contentEncryptionAlgorithmIdentifier = str3;
        LOGGER.debug("Initialized cipher encryption sequence via [{}]", str3);
    }

    @Override // org.apereo.cas.CipherExecutor
    public String encode(Serializable serializable) {
        return new String(sign(encryptValue(serializable).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
    }

    @Override // org.apereo.cas.CipherExecutor
    public String decode(Serializable serializable) {
        try {
            byte[] verifySignature = verifySignature(serializable.toString().getBytes(StandardCharsets.UTF_8));
            if (verifySignature == null || verifySignature.length <= 0) {
                return null;
            }
            return decryptValue(new String(verifySignature, StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    private static Key prepareJsonWebTokenKey(String str) {
        try {
            HashMap hashMap = new HashMap(2);
            hashMap.put(JsonWebKey.KEY_TYPE_PARAMETER, OctetSequenceJsonWebKey.KEY_TYPE);
            hashMap.put("k", str);
            return JsonWebKey.Factory.newJwk(hashMap).getKey();
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    private String encryptValue(Serializable serializable) {
        try {
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            jsonWebEncryption.setPayload(serializeValue(serializable));
            jsonWebEncryption.enableDefaultCompression();
            jsonWebEncryption.setAlgorithmHeaderValue("dir");
            jsonWebEncryption.setEncryptionMethodHeaderParameter(this.contentEncryptionAlgorithmIdentifier);
            jsonWebEncryption.setKey(this.secretKeyEncryptionKey);
            LOGGER.debug("Encrypting via [{}]", this.contentEncryptionAlgorithmIdentifier);
            return jsonWebEncryption.getCompactSerialization();
        } catch (Exception e) {
            throw new RuntimeException("Ensure that you have installed JCE Unlimited Strength Jurisdiction Policy Files. " + e.getMessage(), e);
        }
    }

    protected String serializeValue(Serializable serializable) {
        return serializable.toString();
    }

    private String decryptValue(String str) {
        try {
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            jsonWebEncryption.setKey(this.secretKeyEncryptionKey);
            jsonWebEncryption.setCompactSerialization(str);
            LOGGER.debug("Decrypting value...");
            return jsonWebEncryption.getPayload();
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }
}
