package org.apereo.cas.util;

import java.util.Objects;
import java.util.function.Supplier;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties;
import org.apereo.cas.util.cipher.DefaultTicketCipherExecutor;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.function.FunctionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-tickets-api-6.6.9.jar:org/apereo/cas/util/CoreTicketUtils.class */
public final class CoreTicketUtils {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CoreTicketUtils.class);

    public static CipherExecutor newTicketRegistryCipherExecutor(EncryptionRandomizedSigningJwtCryptographyProperties encryptionRandomizedSigningJwtCryptographyProperties, String str) {
        return newTicketRegistryCipherExecutor(encryptionRandomizedSigningJwtCryptographyProperties, false, str);
    }

    public static CipherExecutor newTicketRegistryCipherExecutor(EncryptionRandomizedSigningJwtCryptographyProperties encryptionRandomizedSigningJwtCryptographyProperties, boolean z, String str) {
        boolean z2 = !encryptionRandomizedSigningJwtCryptographyProperties.isEnabled() && StringUtils.isNotBlank(encryptionRandomizedSigningJwtCryptographyProperties.getEncryption().getKey()) && StringUtils.isNotBlank(encryptionRandomizedSigningJwtCryptographyProperties.getSigning().getKey());
        Supplier supplier = () -> {
            LOGGER.warn("Ticket registry encryption/signing for [{}] is not enabled explicitly in the configuration, yet signing/encryption keys are defined for ticket operations. CAS will proceed to enable the ticket registry encryption/signing functionality. If you intend to turn off this behavior, consider removing/disabling the signing/encryption keys defined in settings", str);
            LOGGER.debug("Defined signing key is [{}], and defined encryption key is [{}]", encryptionRandomizedSigningJwtCryptographyProperties.getSigning().getKey(), encryptionRandomizedSigningJwtCryptographyProperties.getEncryption().getKey());
            return Boolean.TRUE;
        };
        Objects.requireNonNull(encryptionRandomizedSigningJwtCryptographyProperties);
        if (((Boolean) FunctionUtils.doIf(z2, supplier, encryptionRandomizedSigningJwtCryptographyProperties::isEnabled).get()).booleanValue() || z) {
            LOGGER.debug("Ticket registry encryption/signing is enabled for [{}]", str);
            return new DefaultTicketCipherExecutor(encryptionRandomizedSigningJwtCryptographyProperties.getEncryption().getKey(), encryptionRandomizedSigningJwtCryptographyProperties.getSigning().getKey(), encryptionRandomizedSigningJwtCryptographyProperties.getAlg(), encryptionRandomizedSigningJwtCryptographyProperties.getSigning().getKeySize(), encryptionRandomizedSigningJwtCryptographyProperties.getEncryption().getKeySize(), str);
        }
        LOGGER.info("Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using other choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.");
        return CipherExecutor.noOp();
    }

    @Generated
    private CoreTicketUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
