/*
    * Copyright 2008 Web Cohesion
    *
    * Licensed under the Apache License, Version 2.0 (the "License");
    * you may not use this file except in compliance with the License.
    * You may obtain a copy of the License at
    *
    *   https://www.apache.org/licenses/LICENSE-2.0
    *
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  
  package org.springframework.security.oauth.common.signature;
  
  import org.apache.commons.codec.binary.Base64;
  
  import java.security.PrivateKey;
  import java.security.PublicKey;
  import java.security.KeyFactory;
  import java.security.NoSuchAlgorithmException;
  import java.security.cert.X509Certificate;
  import java.security.spec.EncodedKeySpec;
  import java.security.spec.X509EncodedKeySpec;
  import java.security.spec.InvalidKeySpecException;
  import java.security.spec.PKCS8EncodedKeySpec;
  import java.io.UnsupportedEncodingException;
  
  /**
   * Signature secret for RSA.
   *
   * @author Ryan Heaton
   */
  @SuppressWarnings("serial")
  public class RSAKeySecret implements SignatureSecret {
  
    private final PrivateKey privateKey;
    private final PublicKey publicKey;
  
    public RSAKeySecret(PrivateKey privateKey, PublicKey publicKey) {
      this.privateKey = privateKey;
      this.publicKey = publicKey;
    }
  
    /**
     * Create an RSA public key secret with the given private and public key value. The value of the private key is
     * assumed to be the PKCS#8-encoded bytes of the private key. The value of the public key is assumed to be
     * the X509-encoded bytes of the public key.
     *
     * @param privateKey The value of the private key.
     * @param publicKey The value of the public key.
     */
    public RSAKeySecret(byte[] privateKey, byte[] publicKey) {
      this(createPrivateKey(privateKey), createPublicKey(publicKey));
    }
  
    /**
     * Create an RSA public key secret with the given private and public key.  The values are assumed to be
     * the Base64-encoded values of the bytes of the keys, X509-encoded for the public key and PKCS#8-encoded
     * for the private key.
     *
     * @param privateKey The value of the private key.
     * @param publicKey The value of the public key.
     */
    public RSAKeySecret(String privateKey, String publicKey) {
      this(base64Decode(privateKey), base64Decode(publicKey));
    }
  
    /**
     * Construct an RSA public key secret with the given public key. The private key will be null.
     *
     * @param publicKey The public key.
     */
    public RSAKeySecret(PublicKey publicKey) {
      this(null, publicKey);
    }
  
    /**
     * Create an RSA public key secret with the given public key value.  The value is assumed to be
     * the X509-encoded bytes of the public key. The private key will be null.
     *
     * @param publicKey The value of the public key.
     */
    public RSAKeySecret(byte[] publicKey) {
      this(null, createPublicKey(publicKey));
    }
  
    /**
     * Create an RSA public key secret with the given public key value.  The value is assumed to be
     * the Base64-encoded value of the X509-encoded bytes of the public key. The private key will be null.
     *
     * @param publicKey The value of the public key.
     */
    public RSAKeySecret(String publicKey) {
      this(base64Decode(publicKey));
    }
 
   /**
    * Create an RSA public key secret with the given X509 certificate. The private key will be null.
    *
    * @param certificate The certificate.
    */
   public RSAKeySecret(X509Certificate certificate) {
     this(certificate.getPublicKey());
   }
 
   /**
    * Creates a public key from the X509-encoded value of the given bytes.
    *
    * @param publicKey The X509-encoded public key bytes.
    * @return The public key.
    */
   public static PublicKey createPublicKey(byte[] publicKey) {
     if (publicKey == null) {
       return null;
     }
     
     try {
       KeyFactory fac = KeyFactory.getInstance("RSA");
       EncodedKeySpec spec = new X509EncodedKeySpec(publicKey);
       return fac.generatePublic(spec);
     }
     catch (NoSuchAlgorithmException e) {
       throw new IllegalStateException(e);
     }
     catch (InvalidKeySpecException e) {
       throw new IllegalStateException(e);
     }
   }
 
   /**
    * Creates a private key from the PKCS#8-encoded value of the given bytes.
    *
    * @param privateKey The PKCS#8-encoded private key bytes.
    * @return The private key.
    */
   public static PrivateKey createPrivateKey(byte[] privateKey) {
     if (privateKey == null) {
       return null;
     }
 
     try {
       KeyFactory fac = KeyFactory.getInstance("RSA");
       EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKey);
       return fac.generatePrivate(spec);
     }
     catch (NoSuchAlgorithmException e) {
       throw new IllegalStateException(e);
     }
     catch (InvalidKeySpecException e) {
       throw new IllegalStateException(e);
     }
   }
 
   /**
    * Utility method for decoding a base-64-encoded string.
    *
    * @param value The base-64-encoded string.
    * @return The decoded value.
    */
   private static byte[] base64Decode(String value) {
     if (value == null) {
       return null;
     }
     
     try {
       return Base64.decodeBase64(value.getBytes("UTF-8"));
     }
     catch (UnsupportedEncodingException e) {
       throw new RuntimeException(e);
     }
   }
 
   /**
    * The private key.
    *
    * @return The private key.
    */
   public PrivateKey getPrivateKey() {
     return privateKey;
   }
 
   /**
    * The public key.
    *
    * @return The public key.
    */
   public PublicKey getPublicKey() {
     return publicKey;
   }
 }