package com.nimbusds.jose.jwk.loader;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.PasswordLookup;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.IOUtils;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.text.ParseException;
import java.util.ArrayList;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import net.jcip.annotations.ThreadSafe;
import sun.security.pkcs11.SunPKCS11;

@ThreadSafe
/* loaded from: input_file:com/nimbusds/jose/jwk/loader/JWKSetLoader.class */
public class JWKSetLoader implements ServletContextListener {
    public static final String JWK_SET_FILENAME = "/WEB-INF/jwkSet.json";
    public static final String JWK_SET_SYSTEM_PROPERTY_NAME = "jose.jwkSet";
    public static final String JWK_SET_CTX_ATTRIBUTE_NAME = "com.nimbusds.jose.jwk.JWKSet";
    static final /* synthetic */ boolean $assertionsDisabled;

    public static JWKSet loadPKCS11Keys(InputStream inputStream, char[] cArr) {
        SunPKCS11 sunPKCS11 = new SunPKCS11(inputStream);
        Loggers.MAIN_LOG.info("[SE1006] Loaded PKCS#11 provider {}", sunPKCS11.getName());
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS11", (Provider) sunPKCS11);
            keyStore.load(null, cArr);
            Loggers.MAIN_LOG.info("[SE1007] Loaded PKCS#11 key store with {} entries", Integer.valueOf(keyStore.size()));
            try {
                JWKSet load = JWKSet.load(keyStore, (PasswordLookup) null);
                Loggers.MAIN_LOG.info("[SE1009] Extracted JWK set with {} keys from PKCS#11 key store {}", Integer.valueOf(load.getKeys().size()), keyStore.getProvider().getName());
                ArrayList arrayList = new ArrayList();
                for (RSAKey rSAKey : load.getKeys()) {
                    if ((rSAKey instanceof RSAKey) && rSAKey.getKeyUse() == null) {
                        Loggers.MAIN_LOG.debug("[SE1010] Assuming signature key use for RSA PKCS#11 JWK with ID {}", rSAKey.getKeyID());
                        arrayList.add(new RSAKey.Builder(rSAKey).keyUse(KeyUse.SIGNATURE).build());
                    } else if ((rSAKey instanceof ECKey) && rSAKey.getKeyUse() == null) {
                        Loggers.MAIN_LOG.debug("[SE1011] Assuming signature key use for EC PKCS#11 JWK with ID {}", rSAKey.getKeyID());
                        arrayList.add(new ECKey.Builder((ECKey) rSAKey).keyUse(KeyUse.SIGNATURE).build());
                    } else {
                        arrayList.add(rSAKey);
                    }
                }
                if ($assertionsDisabled || load.getKeys().size() == arrayList.size()) {
                    return new JWKSet(arrayList);
                }
                throw new AssertionError();
            } catch (KeyStoreException e) {
                String str = "Couldn't load JWK set from PKCS#11 key store: " + e.getMessage();
                Loggers.MAIN_LOG.fatal("[SE1003] {}", str, e);
                throw new RuntimeException(str, e);
            }
        } catch (Exception e2) {
            String str2 = "Couldn't load PKCS#11 key store: " + e2.getMessage();
            Loggers.MAIN_LOG.fatal("[SE1002] {}", str2, e2);
            throw new RuntimeException(str2, e2);
        }
    }

    public static JWKSet loadJWKSetFromSystemProperty() throws JOSEException {
        String property = System.getProperty(JWK_SET_SYSTEM_PROPERTY_NAME);
        if (null == property || property.trim().isEmpty()) {
            return null;
        }
        System.clearProperty(JWK_SET_SYSTEM_PROPERTY_NAME);
        if (!property.trim().startsWith("{")) {
            property = new Base64URL(property).decodeToString();
        }
        try {
            return JWKSet.parse(property);
        } catch (ParseException e) {
            throw new JOSEException(e.getMessage(), e);
        }
    }

    public static JWKSet loadJWKSetFromLocalResource(ServletContext servletContext) throws JOSEException {
        InputStream resourceAsStream = servletContext.getResourceAsStream(JWK_SET_FILENAME);
        if (resourceAsStream == null) {
            return null;
        }
        try {
            return JWKSet.parse(IOUtils.readInputStreamToString(resourceAsStream, Charset.forName("UTF-8")));
        } catch (IOException | ParseException e) {
            throw new JOSEException(e.getMessage(), e);
        }
    }

    public void contextInitialized(ServletContextEvent servletContextEvent) {
        ServletContext servletContext = servletContextEvent.getServletContext();
        if (!$assertionsDisabled && servletContext == null) {
            throw new AssertionError();
        }
        Configuration load = Configuration.load(servletContext);
        load.log(Loggers.MAIN_LOG);
        try {
            JWKSet loadJWKSetFromSystemProperty = loadJWKSetFromSystemProperty();
            boolean z = loadJWKSetFromSystemProperty != null;
            if (!z) {
                try {
                    loadJWKSetFromSystemProperty = loadJWKSetFromLocalResource(servletContext);
                    if (loadJWKSetFromSystemProperty == null) {
                        loadJWKSetFromSystemProperty = new JWKSet();
                    }
                } catch (JOSEException e) {
                    String str = "Couldn't load JWK set file: /WEB-INF/jwkSet.json: " + e.getMessage();
                    Loggers.MAIN_LOG.fatal("[SE1000] {}", str, e);
                    throw new RuntimeException(str, e);
                }
            }
            Loggers.MAIN_LOG.info("[SE1021] Loaded JWK set from {} {} with {} keys", z ? JWK_SET_SYSTEM_PROPERTY_NAME : JWK_SET_FILENAME, z ? "system property" : "file resource", Integer.valueOf(loadJWKSetFromSystemProperty.getKeys().size()));
            if (load.isPKCS11Enabled()) {
                InputStream resourceAsStream = servletContext.getResourceAsStream(load.getPKCS11ConfigurationFile());
                if (resourceAsStream == null) {
                    String str2 = "Couldn't find PKCS#11 configuration file: " + load.getPKCS11ConfigurationFile();
                    Loggers.MAIN_LOG.fatal("[SE1005] {}", str2);
                    throw new RuntimeException(str2);
                }
                loadJWKSetFromSystemProperty = JWKSetMerge.merge(loadJWKSetFromSystemProperty, loadPKCS11Keys(resourceAsStream, load.getPKCS11KeyStorePassword()));
            }
            Loggers.MAIN_LOG.info("[SE1008] Loaded JWK set:");
            for (int i = 0; i < loadJWKSetFromSystemProperty.getKeys().size(); i++) {
                JWKMetaLogger.log(i + 1, (JWK) loadJWKSetFromSystemProperty.getKeys().get(i));
            }
            servletContext.setAttribute(JWK_SET_CTX_ATTRIBUTE_NAME, loadJWKSetFromSystemProperty);
        } catch (JOSEException e2) {
            String str3 = "Couldn't load JWK set from system property: jose.jwkSet: " + e2.getMessage();
            Loggers.MAIN_LOG.fatal("[SE1020] {}", str3, e2);
            throw new RuntimeException(str3, e2);
        }
    }

    public void contextDestroyed(ServletContextEvent servletContextEvent) {
    }

    static {
        $assertionsDisabled = !JWKSetLoader.class.desiredAssertionStatus();
    }
}
