package cern.accsoft.security.rba;

import cern.accsoft.security.rba.authorization.AccessChecker;
import cern.accsoft.security.rba.authorization.AccessException;
import cern.accsoft.security.rba.request.MCSKeyRequest;
import cern.accsoft.security.rba.request.ServerRequestInvoker;
import cern.accsoft.security.rba.spi.Configuration;
import cern.accsoft.security.rba.spi.Constants;
import cern.accsoft.security.rba.spi.request.MCSKeyRequestBuilder;
import cern.accsoft.security.rba.spi.request.MCSSignRequestBuilder;
import cern.accsoft.security.rba.spi.request.ServerRequestInvokerImpl;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cern/accsoft/security/rba/MCS.class */
public class MCS {
    private static final Logger LOGGER = LoggerFactory.getLogger(MCS.class);
    private final KeyFactory keyFac;
    private final ServerRequestInvoker requestInvoker = new ServerRequestInvokerImpl();

    public MCS() {
        LOGGER.debug("MCS-Client: {} = '{}'", Configuration.SYSTEM_PROPERTY_RBAC_SETUP, Configuration.getInstance().getRuntimeSetup());
        try {
            this.keyFac = KeyFactory.getInstance(Constants.KEY_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Can't initialize key generator: " + e.getMessage(), e);
        }
    }

    public boolean isAuthorized(RBAToken rBAToken, String str, String str2, String str3) throws AccessException {
        return new AccessChecker().isAuthorized(rBAToken, str, str2, str3, "set");
    }

    public byte[] sign(RBAToken rBAToken, byte[] bArr) throws MCSException {
        MCSSignRequestBuilder newInstance = MCSSignRequestBuilder.newInstance();
        newInstance.setToken(rBAToken);
        newInstance.setSignBuffer(Base64.encodeBase64(bArr));
        try {
            return Base64.decodeBase64(this.requestInvoker.invokeRequest(newInstance.buildRequest()));
        } catch (Exception e) {
            LOGGER.info("MCS sign request failed: {}", e.getMessage(), e);
            throw new MCSException(e);
        }
    }

    public boolean verify(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws GeneralSecurityException {
        Signature signature = Signature.getInstance(Constants.SIGNATURE_ALGORITHM);
        signature.initVerify(publicKey);
        signature.update(bArr, 0, bArr.length);
        return signature.verify(bArr2);
    }

    public PublicKey getMCSPublicKey(String str, String str2, String str3) throws MCSException, IOException {
        MCSKeyRequestBuilder newInstance = MCSKeyRequestBuilder.newInstance();
        newInstance.setDeviceClass(str);
        newInstance.setDevice(str2);
        newInstance.setProperty(str3);
        return getMCSPublicKeyImpl(newInstance.buildRequest());
    }

    public PublicKey getMCSPublicKey(String str) throws MCSException {
        MCSKeyRequestBuilder newInstance = MCSKeyRequestBuilder.newInstance();
        newInstance.setMCSRole(str);
        return getMCSPublicKeyImpl(newInstance.buildRequest());
    }

    private PublicKey getMCSPublicKeyImpl(MCSKeyRequest mCSKeyRequest) throws MCSException {
        try {
            return this.keyFac.generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(this.requestInvoker.invokeRequest(mCSKeyRequest))));
        } catch (Exception e) {
            LOGGER.info("MCS generatePublic key failed: {}", e.getMessage(), e);
            throw new MCSException(e);
        }
    }
}
