package co.cask.common.security.authentication;

import co.cask.common.Bytes;
import co.cask.common.io.Codec;
import co.cask.common.security.Constants;
import co.cask.common.security.authentication.KeyManager;
import co.cask.common.security.config.SecurityConfiguration;
import com.google.common.base.Throwables;
import com.google.common.util.concurrent.AbstractIdleService;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/common/security/authentication/AbstractKeyManager.class */
public abstract class AbstractKeyManager extends AbstractIdleService implements KeyManager {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractKeyManager.class);
    protected ThreadLocal<Mac> threadLocalMac;
    protected KeyGenerator keyGenerator;
    protected volatile KeyIdentifier currentKey;
    protected final String keyAlgo;
    protected final int keyLength;
    protected long keyExpirationPeriod;

    public AbstractKeyManager(SecurityConfiguration securityConfiguration) {
        this(securityConfiguration.get(Constants.TOKEN_DIGEST_ALGO), securityConfiguration.getInt(Constants.TOKEN_DIGEST_KEY_LENGTH));
    }

    public AbstractKeyManager(String str, int i) {
        this.keyExpirationPeriod = 0L;
        this.keyAlgo = str;
        this.keyLength = i;
    }

    public final void startUp() throws NoSuchAlgorithmException, IOException {
        this.keyGenerator = KeyGenerator.getInstance(this.keyAlgo);
        this.keyGenerator.init(this.keyLength);
        this.threadLocalMac = new ThreadLocal<Mac>() { // from class: co.cask.common.security.authentication.AbstractKeyManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public Mac initialValue() {
                try {
                    return Mac.getInstance(AbstractKeyManager.this.keyAlgo);
                } catch (NoSuchAlgorithmException e) {
                    throw new IllegalArgumentException("Unknown algorithm for secret keys: " + AbstractKeyManager.this.keyAlgo);
                }
            }
        };
        doInit();
    }

    protected abstract void doInit() throws IOException;

    protected abstract boolean hasKey(int i);

    protected abstract KeyIdentifier getKey(int i);

    protected abstract void addKey(KeyIdentifier keyIdentifier);

    /* JADX INFO: Access modifiers changed from: protected */
    public final KeyIdentifier generateKey() {
        int nextInt;
        Random random = new Random();
        do {
            nextInt = random.nextInt(Integer.MAX_VALUE);
        } while (hasKey(nextInt));
        KeyIdentifier keyIdentifier = new KeyIdentifier(this.keyGenerator.generateKey(), nextInt, this.keyExpirationPeriod > 0 ? System.currentTimeMillis() + this.keyExpirationPeriod : Long.MAX_VALUE);
        addKey(keyIdentifier);
        this.currentKey = keyIdentifier;
        LOG.info("Changed current key to {}", this.currentKey);
        return keyIdentifier;
    }

    @Override // co.cask.common.security.authentication.KeyManager
    public final <T> void validateMAC(Codec<T> codec, Signed<T> signed) throws InvalidDigestException, InvalidKeyException {
        try {
            if (Bytes.equals(signed.getDigestBytes(), generateMAC(signed.getKeyId(), codec.encode(signed.getMessage())))) {
            } else {
                throw new InvalidDigestException("Token signature is not valid!");
            }
        } catch (IOException e) {
            throw Throwables.propagate(e);
        }
    }

    @Override // co.cask.common.security.authentication.KeyManager
    public final KeyManager.DigestId generateMAC(byte[] bArr) throws InvalidKeyException {
        KeyIdentifier keyIdentifier = this.currentKey;
        return new KeyManager.DigestId(keyIdentifier.getKeyId(), generateMAC(keyIdentifier.getKey(), bArr));
    }

    protected final byte[] generateMAC(int i, byte[] bArr) throws InvalidKeyException {
        KeyIdentifier key = getKey(i);
        if (key == null) {
            throw new InvalidKeyException("No key found for ID " + i);
        }
        return generateMAC(key.getKey(), bArr);
    }

    protected final byte[] generateMAC(SecretKey secretKey, byte[] bArr) throws InvalidKeyException {
        Mac mac = this.threadLocalMac.get();
        mac.init(secretKey);
        return mac.doFinal(bArr);
    }
}
