package org.spin.tools.crypto;

import java.security.SignatureException;
import java.security.cert.X509Certificate;
import javax.crypto.SecretKey;
import org.apache.log4j.Logger;
import org.spin.tools.PKITool;
import org.spin.tools.SymmetricCryptoTool;
import org.spin.tools.config.ConfigException;
import org.spin.tools.crypto.signature.CertData;
import org.spin.tools.crypto.signature.CertID;

/* loaded from: input_file:WEB-INF/lib/tools-1.16.jar:org/spin/tools/crypto/PKCryptor.class */
public class PKCryptor extends Cryptor {
    private static final Logger log = Logger.getLogger(PKCryptor.class);
    private static final boolean INFO = log.isInfoEnabled();
    private final PKITool pkiTool;

    public PKCryptor() throws ConfigException {
        this(PKITool.getInstance());
    }

    public PKCryptor(PKITool pKITool) {
        this.pkiTool = pKITool;
    }

    private Envelope encrypt(String str, X509Certificate x509Certificate) throws CryptoException {
        SecretKey generateSecretKey = SymmetricCryptoTool.generateSecretKey();
        return Envelope.encrypted(this.pkiTool.encrypt(generateSecretKey.getEncoded(), x509Certificate.getPublicKey()), SymmetricCryptoTool.encrypt(str.getBytes(), generateSecretKey), new CertID(x509Certificate.getSerialNumber()));
    }

    @Override // org.spin.tools.crypto.Encryptor
    public Envelope encrypt(String str, CertID certID) throws CryptoException {
        if (str == null) {
            throw new CryptoException("Null plaintext; can't encrypt");
        }
        if (certID == null) {
            throw new CryptoException("Null recipient x509 serial");
        }
        str.getBytes();
        if (this.pkiTool.containsX509Certificate(certID)) {
            return encrypt(str, this.pkiTool.getX509Certificate(certID));
        }
        throw new CryptoException("No certificate found with key ID: " + certID);
    }

    @Override // org.spin.tools.crypto.Encryptor
    public Envelope encrypt(String str, CertData certData) throws CryptoException {
        return encrypt(str, this.pkiTool.getX509Certificate(certData));
    }

    @Override // org.spin.tools.crypto.Decryptor
    public String decrypt(Envelope envelope) throws CryptoException {
        if (envelope == null) {
            throw new CryptoException("Null encrypted data passed in");
        }
        if (!envelope.isEncrypted()) {
            throw new CryptoException("Not encrypted, can't decrypt");
        }
        return new String(SymmetricCryptoTool.decrypt(envelope.getDataBytes(), SymmetricCryptoTool.getSecretKey(this.pkiTool.decrypt(envelope.getEncryptedKey()))));
    }

    @Override // org.spin.tools.crypto.SignerVerifier
    public Envelope sign(Envelope envelope) throws CryptoException {
        if (envelope == null) {
            throw new CryptoException("Null encrypted data passed in");
        }
        try {
            return Envelope.signed(envelope, this.pkiTool.sign(envelope.getData()), this.pkiTool.getMyCertID());
        } catch (SignatureException e) {
            throw new CryptoException("Error signing: ", e);
        }
    }

    @Override // org.spin.tools.crypto.SignerVerifier
    public boolean verify(Envelope envelope) throws CryptoException {
        if (envelope == null) {
            throw new CryptoException("Null encrypted data passed in");
        }
        if (!envelope.isSigned()) {
            log.warn("Can't verify envelope with no signature");
            return false;
        }
        if (envelope.getSignedBy() == null) {
            log.warn("Data with signature, but no signedBy field. Can't verify signature");
            return false;
        }
        try {
            return this.pkiTool.verifySignature(envelope.getData(), envelope.getSignature(), envelope.getSignedBy());
        } catch (SignatureException e) {
            throw new BadSignatureException("Error verifying: ", e);
        }
    }

    public final PKITool getPKITool() {
        return this.pkiTool;
    }
}
