package de.trustable.ca3s.acmeproxy.service;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.GeneralSecurityException;
import java.util.Base64;
import java.util.Date;
import javax.annotation.PostConstruct;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/de/trustable/ca3s/acmeproxy/service/JWSService.class */
public class JWSService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JWSService.class);
    private final long requestProxyConfigId;
    private final String secretPassphrase;
    private final String salt;
    private final int iterations;
    private final String pbeAlgo;
    private byte[] sharedSecret = new byte[0];

    public JWSService(@Value("${acme.proxy.id:-1}") long j, @Value("${acme.proxy.connection.secret:#{null}}") String str, @Value("${acme.proxy.connection.salt:ca3sSalt}") String str2, @Value("${acme.proxy.connection.iterations:4567}") int i, @Value("${acme.proxy.connection.pbeAlgo:PBKDF2WithHmacSHA256}") String str3) {
        this.requestProxyConfigId = j;
        this.secretPassphrase = str;
        this.salt = str2;
        this.iterations = i;
        this.pbeAlgo = str3;
    }

    byte[] getSalt() {
        return this.salt.getBytes();
    }

    int getIterations() {
        return this.iterations;
    }

    public String buildEmbeddingJWS(String str) throws JOSEException {
        MACSigner mACSigner = new MACSigner(this.sharedSecret);
        JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.HS256).keyID("rid-" + this.requestProxyConfigId).build(), new Payload(str));
        jWSObject.sign(mACSigner);
        String serialize = jWSObject.serialize(false);
        log.debug("JWS: '{}'", serialize);
        return serialize;
    }

    public String buildJWT() throws JOSEException {
        MACSigner mACSigner = new MACSigner(this.sharedSecret);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.HS256).keyID("rid-" + this.requestProxyConfigId).build(), new JWTClaimsSet.Builder().expirationTime(new Date(new Date().getTime() + 60000)).build());
        signedJWT.sign(mACSigner);
        String serialize = signedJWT.serialize();
        log.debug("JWT: '{}'", serialize);
        return serialize;
    }

    public byte[] getSharedSecret() throws GeneralSecurityException {
        return getSharedSecret(getPassphrase());
    }

    public byte[] getSharedSecret(String str) throws GeneralSecurityException {
        byte[] encoded = SecretKeyFactory.getInstance(this.pbeAlgo).generateSecret(new PBEKeySpec(str.toCharArray(), getSalt(), getIterations(), 256)).getEncoded();
        log.debug("NOT FOR PRODUCTION: calculated secret as " + Base64.getEncoder().encodeToString(encoded));
        return encoded;
    }

    private String getPassphrase() {
        String str = "s3cr3t";
        if (this.secretPassphrase != null) {
            str = this.secretPassphrase;
        } else {
            int length = str.length();
            log.debug("NOT FOR PRODUCTION: default secret used : '{}'", "*****" + str.substring(length - 3, length));
        }
        return str;
    }

    @PostConstruct
    public void init() {
        try {
            this.sharedSecret = getSharedSecret();
        } catch (GeneralSecurityException e) {
            log.warn("problem starting the JWSService", (Throwable) e);
        }
    }
}
