package de.trustable.ca3s.adcs.proxy.service;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.crypto.MACVerifier;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.text.ParseException;
import java.util.Base64;
import java.util.prefs.Preferences;
import javax.annotation.PostConstruct;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/de/trustable/ca3s/adcs/proxy/service/JWSService.class */
public class JWSService {
    public static final String PREF_KEY = "de.trustable.ca3s.adcsproxy";
    public static final String PREF_KEY_SECRET = "de.trustable.ca3s.adcsproxy.secret";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JWSService.class);
    private final String secretPassphrase;
    private final String salt;
    private final int iterations;
    private final String apiKeySalt;
    private final int apiKeyIterations;
    private final String pbeAlgo;

    public JWSService(@Value("${adcs-proxy.connection.secret:#{null}}") String str, @Value("${adcs-proxy.connection.salt:ca3sSalt}") String str2, @Value("${adcs-proxy.connection.iterations:4567}") int i, @Value("${adcs-proxy.connection.api-key-salt:apiKeySalt}") String str3, @Value("${adcs-proxy.connection.api-key-iterations:3756}") int i2, @Value("${adcs-proxy.connection.pbeAlgo:PBKDF2WithHmacSHA256}") String str4) {
        this.secretPassphrase = str;
        this.salt = str2;
        this.iterations = i;
        this.apiKeySalt = str3;
        this.apiKeyIterations = i2;
        this.pbeAlgo = str4;
    }

    byte[] getSalt() {
        return this.salt.getBytes();
    }

    int getIterations() {
        return this.iterations;
    }

    byte[] getAPIKeySalt() {
        return this.apiKeySalt.getBytes();
    }

    int getAPIKeyIterations() {
        return this.apiKeyIterations;
    }

    public String getJWSPayload(String str) throws JOSEException, ParseException, GeneralSecurityException {
        JWSObject parse = JWSObject.parse(str);
        if (parse.verify(new MACVerifier(getSharedSecret()))) {
            return parse.getPayload().toString();
        }
        log.debug("jws '{}' failed verification", str);
        throw new JOSEException("verification of JWS failed");
    }

    byte[] getSharedSecret() throws GeneralSecurityException {
        return SecretKeyFactory.getInstance(this.pbeAlgo).generateSecret(new PBEKeySpec(getPassphrase().toCharArray(), getSalt(), getIterations(), 256)).getEncoded();
    }

    public String getAPIKey() throws GeneralSecurityException {
        PBEKeySpec pBEKeySpec = new PBEKeySpec(getPassphrase().toCharArray(), getAPIKeySalt(), getAPIKeyIterations(), 256);
        return Base64.getEncoder().encodeToString(SecretKeyFactory.getInstance(this.pbeAlgo).generateSecret(pBEKeySpec).getEncoded());
    }

    private String getPassphrase() {
        String str;
        if (this.secretPassphrase == null || this.secretPassphrase.trim().length() < 6) {
            log.warn("connection secret missing / too short!");
            return "";
        }
        int length = this.secretPassphrase.length();
        log.debug("NOT FOR PRODUCTION: connection secret provided from command line / property file : '{}'", "*****" + this.secretPassphrase.substring(length - 3, length));
        if (this.secretPassphrase != null) {
            str = this.secretPassphrase;
            log.debug("connection secret provided from command line / property file. To take advantage of the registry key '{}', insert your secret in registry folder 'Computer\\\\HKEY_CURRENT_USER\\\\Software\\\\JavaSoft\\\\Prefs' !", PREF_KEY_SECRET);
        } else {
            Preferences userRoot = Preferences.userRoot();
            str = userRoot.get(PREF_KEY_SECRET, null);
            if (str == null) {
                log.warn("connection secret not available in registry entry '{}' !", PREF_KEY_SECRET);
                str = createRandomString();
                userRoot.put(PREF_KEY_SECRET, str);
                log.info("new registry key '{}' populated with random secret", PREF_KEY_SECRET);
            } else {
                int length2 = str.length();
                log.debug("NOT FOR PRODUCTION: connection secret provided from registry : '{}'", "*****" + str.substring(length2 - 3, length2));
            }
        }
        return str;
    }

    public String createRandomString() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return Base64.getEncoder().encodeToString(bArr).toLowerCase().replaceAll("=", "");
    }

    @PostConstruct
    public void init() {
        try {
            getSharedSecret();
        } catch (GeneralSecurityException e) {
            log.warn("problem starting the JWSService", (Throwable) e);
        }
    }
}
