package blackboard.platform.security;

import blackboard.persist.PersistenceException;
import blackboard.platform.context.ContextManagerFactory;
import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.security.authentication.BbSecurityException;
import blackboard.platform.session.BbSession;
import blackboard.util.Base64Codec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:blackboard/platform/security/DigitalSignatureSecretUtil.class */
final class DigitalSignatureSecretUtil {
    protected static final String HMAC_SHA256_ALGO = "HmacSHA256";
    protected static final String UTF_8_ENCODING = "UTF-8";
    protected static final String SESSION_ATTRIBUTE = "cpR7wuy9BZk";

    DigitalSignatureSecretUtil() {
    }

    private static BbSession getSession() {
        return ContextManagerFactory.getInstance().getContext().getSession();
    }

    private static Object getStoredKey() {
        Object globalKey;
        HttpSession httpSession;
        Object attribute;
        BbSession session = getSession();
        Object obj = null;
        if (session == null) {
            globalKey = null;
        } else {
            try {
                globalKey = session.getGlobalKey(SESSION_ATTRIBUTE);
            } catch (PersistenceException e) {
                LogServiceFactory.getInstance().logError("Unable to retrieve secure signature data due to error.", e);
            }
        }
        obj = globalKey;
        if (obj == null && (attribute = (httpSession = ContextManagerFactory.getInstance().getContext().getHttpSession()).getAttribute(SESSION_ATTRIBUTE)) != null && (attribute instanceof SecretKey)) {
            obj = attribute;
            if (session != null) {
                obj = Base64Codec.encode(((SecretKey) attribute).getEncoded());
                session.setGlobalKey(SESSION_ATTRIBUTE, (String) obj);
                httpSession.removeAttribute(SESSION_ATTRIBUTE);
            }
        }
        return obj;
    }

    private static Object getOrGenerateKey() throws NoSuchAlgorithmException {
        Object storedKey = getStoredKey();
        if (storedKey == null) {
            storedKey = generateKey();
        }
        return storedKey;
    }

    private static Object generateKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(HMAC_SHA256_ALGO);
        keyGenerator.init(new SecureRandom());
        SecretKey generateKey = keyGenerator.generateKey();
        String encode = Base64Codec.encode(generateKey.getEncoded());
        boolean z = false;
        BbSession session = getSession();
        if (session != null) {
            try {
                session.setGlobalKey(SESSION_ATTRIBUTE, encode);
                z = true;
            } catch (PersistenceException e) {
                LogServiceFactory.getInstance().logError("Error persisting digital signature.", e);
            }
        }
        if (!z) {
            ContextManagerFactory.getInstance().getContext().getHttpSession().setAttribute(SESSION_ATTRIBUTE, generateKey);
        }
        return generateKey;
    }

    private static SecretKey getSecretKey() throws Exception {
        Object orGenerateKey = getOrGenerateKey();
        if (orGenerateKey instanceof SecretKey) {
            return (SecretKey) orGenerateKey;
        }
        byte[] decodeString = orGenerateKey instanceof String ? Base64Codec.decodeString((String) orGenerateKey) : null;
        if (decodeString == null) {
            throw new BbSecurityException("Unable to retrieve digital signature due to compromised data.");
        }
        return new SecretKeySpec(decodeString, HMAC_SHA256_ALGO);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getSignature(String str) throws BbSecurityException {
        try {
            SecretKey secretKey = getSecretKey();
            Mac mac = Mac.getInstance(secretKey.getAlgorithm());
            mac.init(secretKey);
            return Base64Codec.encode(mac.doFinal(str.getBytes("UTF-8")));
        } catch (Exception e) {
            throw new BbSecurityException("Unable to sign String due to an error.", e);
        }
    }

    protected static boolean verifySignature(String str, String str2) throws BbSecurityException {
        Object storedKey = getStoredKey();
        if (storedKey == null || !((storedKey instanceof String) || (storedKey instanceof SecretKey))) {
            throw new BbSecurityException("SECURITY EVENT: Signature valdiation failure. No stored signature to match.");
        }
        try {
            if (str2.equals(getSignature(str))) {
                return true;
            }
            throw new BbSecurityException("SECURITY EVENT: Signature valdiation failure. Signatures do not match.");
        } catch (Exception e) {
            throw new BbSecurityException("Unable to verify signature due to an error.", e);
        }
    }
}
