package be.atbash.runtime.security.jwt.principal;

import be.atbash.ee.security.octopus.keys.AbstractKeyManager;
import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.keys.KeyManager;
import be.atbash.ee.security.octopus.keys.ListKeyManager;
import be.atbash.ee.security.octopus.keys.reader.KeyReader;
import be.atbash.ee.security.octopus.keys.reader.UnknownKeyResourceTypeException;
import be.atbash.ee.security.octopus.keys.reader.password.KeyResourcePasswordLookup;
import be.atbash.ee.security.octopus.keys.selector.AsymmetricPart;
import be.atbash.ee.security.octopus.keys.selector.SelectorCriteria;
import be.atbash.ee.security.octopus.keys.selector.filter.AsymmetricPartKeyFilter;
import be.atbash.runtime.security.jwt.JWTAuthContextInfoProvider;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

@ApplicationScoped
/* loaded from: input_file:be/atbash/runtime/security/jwt/principal/RuntimeKeyManager.class */
public class RuntimeKeyManager extends AbstractKeyManager implements KeyManager {
    private ListKeyManager keyManager;
    private LocalDateTime keysLoaded;
    private LocalDateTime forcedRefresh;

    @Inject
    private KeyReader keyReader;

    @Inject
    private JWTAuthContextInfoProvider contextInfoProvider;

    public List<AtbashKey> retrieveKeys(SelectorCriteria selectorCriteria) {
        loadKeysIfNeeded();
        List<AtbashKey> atbashKeys = getAtbashKeys(selectorCriteria);
        if (atbashKeys.isEmpty() && forcedRefreshAllowed()) {
            loadKeys();
            this.forcedRefresh = LocalDateTime.now();
            atbashKeys = getAtbashKeys(selectorCriteria);
        }
        return atbashKeys;
    }

    private boolean forcedRefreshAllowed() {
        if (this.forcedRefresh == null && isLongerThenForcedRefreshPeriod(this.keysLoaded)) {
            return true;
        }
        return this.forcedRefresh != null && isLongerThenForcedRefreshPeriod(this.forcedRefresh);
    }

    private boolean isLongerThenForcedRefreshPeriod(LocalDateTime localDateTime) {
        return localDateTime.plusSeconds(this.contextInfoProvider.getContextInfo().getForcedKeysRefreshInterval()).isBefore(LocalDateTime.now());
    }

    private List<AtbashKey> getAtbashKeys(SelectorCriteria selectorCriteria) {
        List<AtbashKey> retrieveKeys = this.keyManager.retrieveKeys(selectorCriteria);
        if (retrieveKeys.isEmpty()) {
            retrieveKeys = this.keyManager.retrieveKeys(SelectorCriteria.newBuilder(selectorCriteria).withId((String) null).build());
        }
        return retrieveKeys;
    }

    private void loadKeysIfNeeded() {
        if (refreshNeeded()) {
            loadKeys();
            this.keysLoaded = LocalDateTime.now();
            this.forcedRefresh = null;
        }
    }

    private boolean refreshNeeded() {
        boolean z = this.keysLoaded == null;
        if (!z) {
            z = this.keysLoaded.plusSeconds(this.contextInfoProvider.getContextInfo().getKeysRefreshInterval()).isBefore(LocalDateTime.now());
        }
        return z;
    }

    private void loadKeys() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.contextInfoProvider.getContextInfo().getPublicKeyLocation()) {
            try {
                arrayList.addAll(this.keyReader.readKeyResource(str));
            } catch (UnknownKeyResourceTypeException e) {
                arrayList.addAll(this.keyReader.tryToReadKeyResource(str, (KeyResourcePasswordLookup) null));
            }
        }
        Iterator<String> it = this.contextInfoProvider.getContextInfo().getDecryptionKeyLocation().iterator();
        while (it.hasNext()) {
            arrayList.addAll(new AsymmetricPartKeyFilter(AsymmetricPart.PRIVATE).filter(this.keyReader.tryToReadKeyResource(it.next(), (KeyResourcePasswordLookup) null)));
        }
        this.keyManager = new ListKeyManager(arrayList);
    }
}
