package org.apereo.cas.util.cipher;

import com.google.common.base.Throwables;
import java.nio.charset.StandardCharsets;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.crypto.AesCipherService;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.OctJwkGenerator;
import org.jose4j.keys.AesKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-util-5.1.0-RC4.jar:org/apereo/cas/util/cipher/BaseBinaryCipherExecutor.class */
public abstract class BaseBinaryCipherExecutor extends AbstractCipherExecutor<byte[], byte[]> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BaseBinaryCipherExecutor.class);
    private String secretKeyAlgorithm = AesKey.ALGORITHM;
    private String encryptionSecretKey;

    public BaseBinaryCipherExecutor(String str, String str2, int i, int i2) {
        String str3 = str2;
        if (StringUtils.isBlank(str3)) {
            LOGGER.warn("Secret key for signing is not defined. CAS will attempt to auto-generate the signing key");
            str3 = generateOctetJsonWebKeyOfSize(i);
            LOGGER.warn("Generated signing key [{}] of size [{}]. The generated key MUST be added to CAS settings.", str3, Integer.valueOf(i));
        }
        setSigningKey(str3);
        if (!StringUtils.isBlank(str)) {
            this.encryptionSecretKey = str;
            return;
        }
        LOGGER.warn("No encryption key is defined. CAS will attempt to auto-generate keys");
        this.encryptionSecretKey = RandomStringUtils.randomAlphabetic(i2);
        LOGGER.warn("Generated encryption key [{}] of size [{}]. The generated key MUST be added to CAS settings.", this.encryptionSecretKey, Integer.valueOf(i2));
    }

    public void setSecretKeyAlgorithm(String str) {
        this.secretKeyAlgorithm = str;
    }

    @Override // org.apereo.cas.CipherExecutor
    public byte[] encode(byte[] bArr) {
        try {
            return sign(new AesCipherService().encrypt(bArr, new SecretKeySpec(this.encryptionSecretKey.getBytes(StandardCharsets.UTF_8), this.secretKeyAlgorithm).getEncoded()).getBytes());
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            throw Throwables.propagate(e);
        }
    }

    @Override // org.apereo.cas.CipherExecutor
    public byte[] decode(byte[] bArr) {
        try {
            return new AesCipherService().decrypt(verifySignature(bArr), new SecretKeySpec(this.encryptionSecretKey.getBytes(StandardCharsets.UTF_8), this.secretKeyAlgorithm).getEncoded()).getBytes();
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    private static String generateOctetJsonWebKeyOfSize(int i) {
        try {
            return OctJwkGenerator.generateJwk(i).toParams(JsonWebKey.OutputControlLevel.INCLUDE_SYMMETRIC).get("k").toString();
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            throw Throwables.propagate(e);
        }
    }

    @Override // org.apereo.cas.CipherExecutor
    public String getName() {
        return null;
    }
}
