package io.jans.as.server.service;

import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.crypto.signature.AlgorithmFamily;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.exception.CryptoProviderException;
import io.jans.as.model.jwk.Algorithm;
import io.jans.as.model.jwk.JSONWebKey;
import io.jans.as.model.jwk.JSONWebKeySet;
import io.jans.as.model.jwk.KeyOpsType;
import io.jans.as.model.jwk.Use;
import io.jans.as.server.model.config.ConfigurationFactory;
import io.jans.service.cdi.util.CdiUtil;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.json.JSONObject;
import org.msgpack.core.Preconditions;

/* loaded from: input_file:io/jans/as/server/service/ServerCryptoProvider.class */
public class ServerCryptoProvider extends AbstractCryptoProvider {
    private static final Logger LOG = Logger.getLogger(ServerCryptoProvider.class);
    private final ConfigurationFactory configurationFactory = (ConfigurationFactory) CdiUtil.bean(ConfigurationFactory.class);
    private final AbstractCryptoProvider cryptoProvider;

    public ServerCryptoProvider(AbstractCryptoProvider abstractCryptoProvider) {
        this.cryptoProvider = abstractCryptoProvider;
        Preconditions.checkNotNull(this.configurationFactory);
        Preconditions.checkNotNull(abstractCryptoProvider);
    }

    public String getKeyId(JSONWebKeySet jSONWebKeySet, Algorithm algorithm, Use use, KeyOpsType keyOpsType) throws CryptoProviderException {
        if (algorithm == null) {
            return null;
        }
        try {
            if (AlgorithmFamily.HMAC.equals(algorithm.getFamily())) {
                return null;
            }
            AppConfiguration appConfiguration = this.configurationFactory.getAppConfiguration();
            if (BooleanUtils.isTrue(appConfiguration.getKeySignWithSameKeyButDiffAlg())) {
                LOG.trace("Getting key by use: " + use);
                for (JSONWebKey jSONWebKey : jSONWebKeySet.getKeys()) {
                    if (use != null && use == jSONWebKey.getUse()) {
                        LOG.trace("Found " + jSONWebKey.getKid() + ", use: " + use);
                        return jSONWebKey.getKid();
                    }
                }
            }
            String staticKid = appConfiguration.getStaticKid();
            if (StringUtils.isNotBlank(staticKid)) {
                LOG.trace("Use staticKid: " + staticKid);
                return staticKid;
            }
            String keyId = this.cryptoProvider.getKeyId(jSONWebKeySet, algorithm, use, keyOpsType);
            return (this.cryptoProvider.getKeys().contains(keyId) || !this.configurationFactory.reloadConfFromLdap()) ? keyId : this.cryptoProvider.getKeyId(jSONWebKeySet, algorithm, use, keyOpsType);
        } catch (CryptoProviderException e) {
            LOG.trace("Try to re-load configuration due to keystore exception (it can be rotated).");
            if (this.configurationFactory.reloadConfFromLdap()) {
                return this.cryptoProvider.getKeyId(jSONWebKeySet, algorithm, use, keyOpsType);
            }
            return null;
        }
    }

    public JSONObject generateKey(Algorithm algorithm, Long l, int i) throws CryptoProviderException {
        return this.cryptoProvider.generateKey(algorithm, l, i);
    }

    public JSONObject generateKey(Algorithm algorithm, Long l, int i, KeyOpsType keyOpsType) throws CryptoProviderException {
        return this.cryptoProvider.generateKey(algorithm, l, i, keyOpsType);
    }

    public JSONObject generateKey(Algorithm algorithm, Long l) throws CryptoProviderException {
        return generateKey(algorithm, l, 2048);
    }

    public String sign(String str, String str2, String str3, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
        if (this.configurationFactory.getAppConfiguration().getRejectJwtWithNoneAlg().booleanValue() && signatureAlgorithm == SignatureAlgorithm.NONE) {
            throw new UnsupportedOperationException("None algorithm is forbidden by `rejectJwtWithNoneAlg` configuration property.");
        }
        return this.cryptoProvider.sign(str, str2, str3, signatureAlgorithm);
    }

    public boolean verifySignature(String str, String str2, String str3, JSONObject jSONObject, String str4, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
        if (!this.configurationFactory.getAppConfiguration().getRejectJwtWithNoneAlg().booleanValue() || signatureAlgorithm != SignatureAlgorithm.NONE) {
            return this.cryptoProvider.verifySignature(str, str2, str3, jSONObject, str4, signatureAlgorithm);
        }
        LOG.trace("None algorithm is forbidden by `rejectJwtWithNoneAlg` configuration property.");
        return false;
    }

    public boolean deleteKey(String str) throws CryptoProviderException {
        return this.cryptoProvider.deleteKey(str);
    }

    public boolean containsKey(String str) {
        return this.cryptoProvider.containsKey(str);
    }

    public PrivateKey getPrivateKey(String str) throws CryptoProviderException {
        PrivateKey privateKey = this.cryptoProvider.getPrivateKey(str);
        if (privateKey == null) {
            AppConfiguration appConfiguration = this.configurationFactory.getAppConfiguration();
            if (StringUtils.isNotBlank(appConfiguration.getStaticDecryptionKid())) {
                privateKey = this.cryptoProvider.getPrivateKey(appConfiguration.getStaticDecryptionKid());
            }
        }
        return privateKey;
    }

    public PublicKey getPublicKey(String str) throws CryptoProviderException {
        PublicKey publicKey = this.cryptoProvider.getPublicKey(str);
        if (publicKey == null) {
            AppConfiguration appConfiguration = this.configurationFactory.getAppConfiguration();
            if (StringUtils.isNotBlank(appConfiguration.getStaticDecryptionKid())) {
                publicKey = this.cryptoProvider.getPublicKey(appConfiguration.getStaticDecryptionKid());
            }
        }
        return publicKey;
    }
}
