package org.cloudfoundry.identity.uaa.oauth.token;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.jwt.crypto.sign.InvalidSignatureException;
import org.springframework.security.jwt.crypto.sign.MacSigner;
import org.springframework.security.jwt.crypto.sign.RsaSigner;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
import org.springframework.security.jwt.crypto.sign.Signer;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-1.6.0.jar:org/cloudfoundry/identity/uaa/oauth/token/SignerProvider.class */
public class SignerProvider implements InitializingBean {
    private final Log logger = LogFactory.getLog(getClass());
    private String verifierKey = new RandomValueStringGenerator().generate();
    private String signingKey = this.verifierKey;
    private Signer signer = new MacSigner(this.verifierKey);

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        if (!(this.signer instanceof RsaSigner)) {
            Assert.state(this.signingKey == this.verifierKey, "For MAC signing you do not need to specify the verifier key separately, and if you do it must match the signing key");
            return;
        }
        try {
            RsaVerifier rsaVerifier = new RsaVerifier(this.verifierKey);
            byte[] bytes = "test".getBytes();
            try {
                rsaVerifier.verify(bytes, this.signer.sign(bytes));
                this.logger.debug("Signing and verification RSA keys match");
            } catch (InvalidSignatureException e) {
                throw new RuntimeException("Signing and verification RSA keys do not match", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException("Unable to create an RSA verifier from verifierKey", e2);
        }
    }

    public Signer getSigner() {
        return this.signer;
    }

    public String getVerifierKey() {
        return this.verifierKey;
    }

    public boolean isPublic() {
        return this.verifierKey.startsWith("-----BEGIN");
    }

    public SignatureVerifier getVerifier() {
        return isAssymetricKey(this.signingKey) ? new RsaVerifier(this.verifierKey) : new MacSigner(this.verifierKey);
    }

    public void setSigningKey(String str) {
        Assert.hasText(str);
        String trim = str.trim();
        this.signingKey = trim;
        if (isAssymetricKey(trim)) {
            this.signer = new RsaSigner(trim);
            this.logger.debug("Configured with RSA signing key");
        } else {
            this.verifierKey = trim;
            this.signer = new MacSigner(trim);
        }
    }

    private boolean isAssymetricKey(String str) {
        return str.startsWith("-----BEGIN");
    }

    public void setVerifierKey(String str) {
        boolean z = false;
        try {
            new RsaSigner(str);
        } catch (Exception e) {
            z = true;
        }
        if (!z) {
            throw new IllegalArgumentException("Private key cannot be set as verifierKey property");
        }
        this.verifierKey = str;
    }
}
