package org.jasig.cas.util;

import java.security.Key;
import java.util.HashMap;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang3.StringUtils;
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.OctetSequenceJsonWebKey;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.keys.AesKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-4.1.4.jar:org/jasig/cas/util/DefaultCipherExecutor.class */
public final class DefaultCipherExecutor implements CipherExecutor {
    private final Logger logger;
    private final String contentEncryptionAlgorithmIdentifier;
    private final String signingAlgorithm;
    private final Key secretKeyEncryptionKey;
    private final Key secretKeySigningKey;

    public DefaultCipherExecutor(String str, String str2) {
        this(str, str2, ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256, AlgorithmIdentifiers.HMAC_SHA512);
    }

    public DefaultCipherExecutor(String str, String str2, String str3, String str4) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.secretKeyEncryptionKey = prepareJsonWebTokenKey(str);
        this.contentEncryptionAlgorithmIdentifier = str3;
        this.logger.debug("Initialized cipher encryption sequence via [{}]", str3);
        this.signingAlgorithm = str4;
        this.secretKeySigningKey = new AesKey(str2.getBytes());
        this.logger.debug("Initialized cipher signing sequence via [{}]", str4);
    }

    @Override // org.jasig.cas.util.CipherExecutor
    public String encode(String str) {
        return signValue(encryptValue(str));
    }

    @Override // org.jasig.cas.util.CipherExecutor
    public String decode(String str) {
        String verifySignature = verifySignature(str);
        if (StringUtils.isNotBlank(verifySignature)) {
            return decryptValue(verifySignature);
        }
        return null;
    }

    private Key prepareJsonWebTokenKey(String str) {
        try {
            HashMap hashMap = new HashMap(2);
            hashMap.put(JsonWebKey.KEY_TYPE_PARAMETER, OctetSequenceJsonWebKey.KEY_TYPE);
            hashMap.put(OctetSequenceJsonWebKey.KEY_VALUE_MEMBER_NAME, str);
            return JsonWebKey.Factory.newJwk(hashMap).getKey();
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    private String encryptValue(@NotNull String str) {
        try {
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            jsonWebEncryption.setPayload(str);
            jsonWebEncryption.setAlgorithmHeaderValue("dir");
            jsonWebEncryption.setEncryptionMethodHeaderParameter(this.contentEncryptionAlgorithmIdentifier);
            jsonWebEncryption.setKey(this.secretKeyEncryptionKey);
            this.logger.debug("Encrypting via [{}]", this.contentEncryptionAlgorithmIdentifier);
            return jsonWebEncryption.getCompactSerialization();
        } catch (Exception e) {
            throw new RuntimeException("Ensure that you have installed JCE Unlimited Strength Jurisdiction Policy Files. " + e.getMessage(), e);
        }
    }

    private String decryptValue(@NotNull String str) {
        try {
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            jsonWebEncryption.setKey(this.secretKeyEncryptionKey);
            jsonWebEncryption.setCompactSerialization(str);
            this.logger.debug("Decrypting value...");
            return jsonWebEncryption.getPayload();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private String signValue(@NotNull String str) {
        try {
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setPayload(str);
            jsonWebSignature.setAlgorithmHeaderValue(this.signingAlgorithm);
            jsonWebSignature.setKey(this.secretKeySigningKey);
            return jsonWebSignature.getCompactSerialization();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private String verifySignature(@NotNull String str) {
        try {
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setCompactSerialization(str);
            jsonWebSignature.setKey(this.secretKeySigningKey);
            if (!jsonWebSignature.verifySignature()) {
                return null;
            }
            this.logger.debug("Signature successfully verified. Payload is [{}]", jsonWebSignature.getPayload());
            return jsonWebSignature.getPayload();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
