package com.appiancorp.oauth.inbound.crypto;

import com.appiancorp.ag.security.Sha1PrngSaltGenerator;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthConfigGenerationException;
import com.appiancorp.oauth.inbound.credentials.OAuthConfigForNewCredentials;
import java.nio.charset.StandardCharsets;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/oauth/inbound/crypto/OAuthClientSecretServiceImpl.class */
public class OAuthClientSecretServiceImpl implements OAuthClientSecretService {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthClientSecretServiceImpl.class);
    public static final String SHA_512_WITH_RSA = "SHA512withRSA";
    private static final int OAUTH_SALT_LENGTH = 16;
    private final Sha1PrngSaltGenerator sha1PrngSaltGenerator = new Sha1PrngSaltGenerator();
    private final OAuthClientSecretRepository oAuthClientSecretRepository;

    public OAuthClientSecretServiceImpl(OAuthClientSecretRepository oAuthClientSecretRepository) {
        this.oAuthClientSecretRepository = oAuthClientSecretRepository;
    }

    public boolean verify(String str, String str2) {
        try {
            Signature signature = Signature.getInstance(SHA_512_WITH_RSA);
            signature.initVerify(this.oAuthClientSecretRepository.getPublicKey());
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return signature.verify(Base64.getUrlDecoder().decode(str2));
        } catch (SignatureException e) {
            LOG.debug("OAuth client ID and secret failed verification: ", e);
            return false;
        } catch (Exception e2) {
            LOG.error("An unexpected error occurred during OAuth client secret verification: ", e2);
            return false;
        }
    }

    public OAuthConfigForNewCredentials generateSecret(String str) {
        try {
            String generateSalt = generateSalt();
            String str2 = str + generateSalt;
            Signature signature = Signature.getInstance(SHA_512_WITH_RSA);
            signature.initSign(this.oAuthClientSecretRepository.getKeyPair().getPrivate());
            signature.update(str2.getBytes(StandardCharsets.UTF_8));
            return new OAuthConfigForNewCredentials(str, Base64.getUrlEncoder().encodeToString(signature.sign()), generateSalt);
        } catch (Exception e) {
            LOG.error("An unexpected error occurred during OAuth client secret generation: ", e);
            throw new OAuthConfigGenerationException(e);
        }
    }

    private String generateSalt() {
        return this.sha1PrngSaltGenerator.generateNewSalt(OAUTH_SALT_LENGTH);
    }
}
