package com.nimbusds.jose.jwk.loader;

import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.PasswordLookup;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.IOUtils;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.util.ArrayList;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import net.jcip.annotations.ThreadSafe;
import sun.security.pkcs11.SunPKCS11;

@ThreadSafe
/* loaded from: input_file:com/nimbusds/jose/jwk/loader/JWKSetLoader.class */
public class JWKSetLoader implements ServletContextListener {
    public static final String JWK_SET_FILENAME = "/WEB-INF/jwkSet.json";
    public static final String JWK_SET_CTX_ATTRIBUTE_NAME = "com.nimbusds.jose.jwk.JWKSet";
    static final /* synthetic */ boolean $assertionsDisabled;

    public static JWKSet loadPKCS11Keys(InputStream inputStream, char[] cArr) {
        SunPKCS11 sunPKCS11 = new SunPKCS11(inputStream);
        Loggers.MAIN_LOG.info("[SE1006] Loaded PKCS#11 provider {}", sunPKCS11.getName());
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS11", (Provider) sunPKCS11);
            keyStore.load(null, cArr);
            Loggers.MAIN_LOG.info("[SE1007] Loaded PKCS#11 key store with {} keys", Integer.valueOf(keyStore.size()));
            try {
                JWKSet load = JWKSet.load(keyStore, (PasswordLookup) null);
                ArrayList arrayList = new ArrayList();
                for (RSAKey rSAKey : load.getKeys()) {
                    if ((rSAKey instanceof RSAKey) && rSAKey.getKeyUse() == null) {
                        arrayList.add(new RSAKey.Builder(rSAKey).keyUse(KeyUse.SIGNATURE).build());
                    }
                    if ((rSAKey instanceof ECKey) && rSAKey.getKeyUse() == null) {
                        arrayList.add(new ECKey.Builder((ECKey) rSAKey).keyUse(KeyUse.SIGNATURE).build());
                    }
                }
                JWKSet jWKSet = new JWKSet(arrayList);
                Loggers.MAIN_LOG.info("[SE1004] Imported {} JWK instances from PKCS#11 store {}", Integer.valueOf(jWKSet.getKeys().size()), keyStore.getProvider().getName());
                return jWKSet;
            } catch (KeyStoreException e) {
                String str = "Couldn't load JWK set from PKCS#11 key store: " + e.getMessage();
                Loggers.MAIN_LOG.fatal("[SE1003] {}", str, e);
                throw new RuntimeException(str, e);
            }
        } catch (Exception e2) {
            String str2 = "Couldn't load PKCS#11 key store: " + e2.getMessage();
            Loggers.MAIN_LOG.fatal("[SE1002] {}", str2, e2);
            throw new RuntimeException(str2, e2);
        }
    }

    public void contextInitialized(ServletContextEvent servletContextEvent) {
        JWKSet jWKSet;
        ServletContext servletContext = servletContextEvent.getServletContext();
        if (!$assertionsDisabled && servletContext == null) {
            throw new AssertionError();
        }
        Configuration load = Configuration.load(servletContext);
        load.log(Loggers.MAIN_LOG);
        try {
            InputStream resourceAsStream = servletContext.getResourceAsStream(JWK_SET_FILENAME);
            if (resourceAsStream != null) {
                jWKSet = JWKSet.parse(IOUtils.readInputStreamToString(resourceAsStream, Charset.forName("UTF-8")));
                Loggers.MAIN_LOG.info("[SE1001] Loaded JWK set file with {} keys: {}", Integer.valueOf(jWKSet.getKeys().size()), JWK_SET_FILENAME);
            } else {
                Loggers.MAIN_LOG.warn("Didn't find JWK set file: {}", JWK_SET_FILENAME);
                jWKSet = new JWKSet();
            }
            if (load.isPKCS11Enabled()) {
                InputStream resourceAsStream2 = servletContext.getResourceAsStream(load.getPKCS11ConfigurationFile());
                if (resourceAsStream2 == null) {
                    String str = "Couldn't find PKCS#11 configuration file: " + load.getPKCS11ConfigurationFile();
                    Loggers.MAIN_LOG.fatal("[SE1005] {}", str);
                    throw new RuntimeException(str);
                }
                jWKSet = JWKSetMerge.merge(jWKSet, loadPKCS11Keys(resourceAsStream2, load.getPKCS11KeyStorePassword()));
            }
            Loggers.MAIN_LOG.info("[SE1008] Loaded JWK set:");
            for (int i = 0; i < jWKSet.getKeys().size(); i++) {
                JWKMetaLogger.log(i + 1, (JWK) jWKSet.getKeys().get(i));
            }
            servletContext.setAttribute(JWK_SET_CTX_ATTRIBUTE_NAME, jWKSet);
        } catch (Exception e) {
            String str2 = "Couldn't load JWK set file : /WEB-INF/jwkSet.json: " + e.getMessage();
            Loggers.MAIN_LOG.fatal("[SE1000] {}", str2, e);
            throw new RuntimeException(str2, e);
        }
    }

    public void contextDestroyed(ServletContextEvent servletContextEvent) {
    }

    static {
        $assertionsDisabled = !JWKSetLoader.class.desiredAssertionStatus();
    }
}
