package cern.rbac.common.impl.serialization;

import cern.accsoft.commons.util.Assert;
import cern.rbac.common.RbacConfiguration;
import cern.rbac.common.impl.RbaConstants;
import cern.rbac.common.impl.keys.RbaKeyStore;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collection;
import java.util.Iterator;

/* loaded from: input_file:BOOT-INF/lib/rbac-common-2.0.2.jar:cern/rbac/common/impl/serialization/TokenSerialization.class */
public final class TokenSerialization {
    public static final int SIGNATURE_LENGTH_SIZE = 4;
    public static final int TOKEN_LENGTH_SIZE = 4;
    public static final String SERIAL_ID = "SerialId";
    public static final String AUTHENTICATION_TIME = "AuthenticationTime";
    public static final String EXPIRATION_TIME = "ExpirationTime";
    public static final String APPLICATION_NAME = "ApplicationName";
    public static final String APPLICATION_CRITICAL = "ApplicationCritical";
    public static final String APPLICATION_TIMEOUT = "ApplicationTimeout";
    public static final String LOCATION_NAME = "LocationName";
    public static final String LOCATION_ADDRESS = "LocationAddress";
    public static final String LOCATION_AUTH_REQ = "LocationAuthReq";
    public static final String USER_NAME = "UserName";
    public static final String USER_FULLNAME = "UserFullName";
    public static final String USER_EMAIL = "UserEmail";
    public static final String USER_ACCOUNT_TYPE = "UserAccountType";
    public static final String USER_ROLES = "Roles";
    public static final String USER_ROLES_LIFETIME = "RolesLifeTime";
    public static final String EXTRA_FIELDS = "ExtraFields";
    public static final String TOKEN_TYPE = "TokenType";
    public static final String ROLES_HINT = "RolesHint";
    public static final String ROLES_EXPIRATION = "RolesExpiration";
    public static final String RENEW_TILL = "RenewTill";

    private TokenSerialization() {
    }

    public static String toString(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        try {
            return new String(bArr, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Could not convert bytes into String using charset: UTF-8", e);
        }
    }

    public static int toInt(byte[] bArr) {
        Assert.notNull(bArr, "Encoded byte array is null");
        Assert.isTrue(bArr.length == 4, "encoded byte array length = " + bArr.length + ", but must be = 4");
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        wrap.order(ByteOrder.LITTLE_ENDIAN);
        return wrap.getInt();
    }

    public static byte[] extractSignature(byte[] bArr) {
        int extractSignatureSize = extractSignatureSize(bArr);
        Assert.isTrue(extractSignatureSize < bArr.length + 4);
        byte[] bArr2 = new byte[extractSignatureSize];
        System.arraycopy(bArr, (bArr.length - 4) - bArr2.length, bArr2, 0, bArr2.length);
        return bArr2;
    }

    public static int extractSignatureSize(byte[] bArr) {
        byte[] bArr2 = new byte[4];
        System.arraycopy(bArr, bArr.length - bArr2.length, bArr2, 0, bArr2.length);
        return toInt(bArr2);
    }

    public static byte[] extractBody(byte[] bArr) {
        byte[] bArr2 = new byte[(bArr.length - 4) - extractSignatureSize(bArr)];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    public static byte[] getBytes(String str) {
        if (str == null) {
            return new byte[0];
        }
        try {
            return str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] getBytes(int i) {
        ByteBuffer allocate = ByteBuffer.allocate(4);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putInt(i);
        return allocate.array();
    }

    public static byte[] sign(PrivateKey privateKey, byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(RbaConstants.SIGNATURE_ALGORITHM);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Security exception while signing the token: " + e.getMessage(), e);
        }
    }

    public static boolean verifySignature(byte[] bArr, byte[] bArr2, RbacConfiguration rbacConfiguration) {
        try {
            return verifySignature(bArr, bArr2, RbaKeyStore.getPublicKeys(rbacConfiguration.getEnvironment()));
        } catch (SignatureException e) {
            throw new RuntimeException("Token's signature is invalid - only tokens issued by the RBAC " + rbacConfiguration.getEnvironment() + " Server are accepted.");
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    static boolean verifySignature(byte[] bArr, byte[] bArr2, Collection<PublicKey> collection) throws GeneralSecurityException {
        Signature signature = Signature.getInstance(RbaConstants.SIGNATURE_ALGORITHM);
        Iterator<PublicKey> it = collection.iterator();
        while (it.hasNext()) {
            signature.initVerify(it.next());
            signature.update(bArr);
            if (signature.verify(bArr2)) {
                return true;
            }
        }
        return false;
    }
}
