package org.jasig.cas.util;

import java.security.Key;
import java.util.HashMap;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang3.StringUtils;
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.OctJwkGenerator;
import org.jose4j.jwk.OctetSequenceJsonWebKey;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-util-4.2.7.jar:org/jasig/cas/util/BaseStringCipherExecutor.class */
public class BaseStringCipherExecutor extends AbstractCipherExecutor<String, String> {
    private static final int ENCRYPTION_KEY_SIZE = 256;
    private static final int SIGNING_KEY_SIZE = 512;
    private String contentEncryptionAlgorithmIdentifier;
    private Key secretKeyEncryptionKey;

    private BaseStringCipherExecutor() {
    }

    public BaseStringCipherExecutor(String str, String str2) {
        this(str, str2, ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);
    }

    public BaseStringCipherExecutor(String str, String str2, String str3) {
        if (StringUtils.isBlank(str3)) {
            this.logger.debug("contentEncryptionAlgorithmIdentifier is not defined");
            return;
        }
        String str4 = str;
        if (StringUtils.isBlank(str4)) {
            this.logger.warn("Secret key for encryption is not defined. CAS will attempt to auto-generate the encryption key");
            str4 = generateOctetJsonWebKeyOfSize(256);
            this.logger.warn("Generated encryption key {} of size {}. The generated key MUST be added to CAS settings.", (Object) str4, (Object) 256);
        }
        String str5 = str2;
        if (StringUtils.isBlank(str5)) {
            this.logger.warn("Secret key for signing is not defined. CAS will attempt to auto-generate the signing key");
            str5 = generateOctetJsonWebKeyOfSize(512);
            this.logger.warn("Generated signing key {} of size {}. The generated key MUST be added to CAS settings.", (Object) str5, (Object) 512);
        }
        setSigningKey(str5);
        this.secretKeyEncryptionKey = prepareJsonWebTokenKey(str4);
        this.contentEncryptionAlgorithmIdentifier = str3;
        this.logger.debug("Initialized cipher encryption sequence via [{}]", str3);
    }

    @Override // org.jasig.cas.CipherExecutor
    public String encode(String str) {
        return new String(sign(encryptValue(str).getBytes()));
    }

    @Override // org.jasig.cas.CipherExecutor
    public String decode(String str) {
        byte[] verifySignature = verifySignature(str.getBytes());
        if (verifySignature == null || verifySignature.length <= 0) {
            return null;
        }
        return decryptValue(new String(verifySignature));
    }

    private Key prepareJsonWebTokenKey(String str) {
        try {
            HashMap hashMap = new HashMap(2);
            hashMap.put(JsonWebKey.KEY_TYPE_PARAMETER, OctetSequenceJsonWebKey.KEY_TYPE);
            hashMap.put(OctetSequenceJsonWebKey.KEY_VALUE_MEMBER_NAME, str);
            return JsonWebKey.Factory.newJwk(hashMap).getKey();
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    private String encryptValue(@NotNull String str) {
        try {
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            jsonWebEncryption.setPayload(str);
            jsonWebEncryption.setAlgorithmHeaderValue("dir");
            jsonWebEncryption.setEncryptionMethodHeaderParameter(this.contentEncryptionAlgorithmIdentifier);
            jsonWebEncryption.setKey(this.secretKeyEncryptionKey);
            this.logger.debug("Encrypting via [{}]", this.contentEncryptionAlgorithmIdentifier);
            return jsonWebEncryption.getCompactSerialization();
        } catch (Exception e) {
            throw new RuntimeException("Ensure that you have installed JCE Unlimited Strength Jurisdiction Policy Files. " + e.getMessage(), e);
        }
    }

    private String decryptValue(@NotNull String str) {
        try {
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            jsonWebEncryption.setKey(this.secretKeyEncryptionKey);
            jsonWebEncryption.setCompactSerialization(str);
            this.logger.debug("Decrypting value...");
            return jsonWebEncryption.getPayload();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private String generateOctetJsonWebKeyOfSize(int i) {
        return OctJwkGenerator.generateJwk(i).toParams(JsonWebKey.OutputControlLevel.INCLUDE_SYMMETRIC).get(OctetSequenceJsonWebKey.KEY_VALUE_MEMBER_NAME).toString();
    }
}
