package com.nimbusds.jose.jwk.loader;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.PasswordLookup;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.IOUtils;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Properties;
import net.jcip.annotations.ThreadSafe;
import sun.security.pkcs11.SunPKCS11;

@ThreadSafe
/* loaded from: input_file:com/nimbusds/jose/jwk/loader/JWKSetLoader.class */
public class JWKSetLoader {
    public static final String JWK_SET_FILENAME = "/WEB-INF/jwkSet.json";
    public static final String JWK_SET_PROPERTY_NAME = "jose.jwkSet";
    static final /* synthetic */ boolean $assertionsDisabled;

    public static JWKSet loadPKCS11Keys(InputStream inputStream, char[] cArr) throws JOSEException {
        SunPKCS11 sunPKCS11 = new SunPKCS11(inputStream);
        Loggers.MAIN_LOG.info("[SE1006] Loaded PKCS#11 provider {}", sunPKCS11.getName());
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS11", (Provider) sunPKCS11);
            keyStore.load(null, cArr);
            Loggers.MAIN_LOG.info("[SE1007] Loaded PKCS#11 key store with {} entries", Integer.valueOf(keyStore.size()));
            try {
                JWKSet load = JWKSet.load(keyStore, (PasswordLookup) null);
                Loggers.MAIN_LOG.info("[SE1009] Extracted JWK set with {} keys from PKCS#11 key store {}", Integer.valueOf(load.getKeys().size()), keyStore.getProvider().getName());
                ArrayList arrayList = new ArrayList();
                for (RSAKey rSAKey : load.getKeys()) {
                    if ((rSAKey instanceof RSAKey) && rSAKey.getKeyUse() == null) {
                        Loggers.MAIN_LOG.warn("[SE1010] Assuming signature key use for RSA PKCS#11 JWK with ID {}", rSAKey.getKeyID());
                        arrayList.add(new RSAKey.Builder(rSAKey).keyUse(KeyUse.SIGNATURE).build());
                    } else if ((rSAKey instanceof ECKey) && rSAKey.getKeyUse() == null) {
                        Loggers.MAIN_LOG.warn("[SE1011] Assuming signature key use for EC PKCS#11 JWK with ID {}", rSAKey.getKeyID());
                        arrayList.add(new ECKey.Builder((ECKey) rSAKey).keyUse(KeyUse.SIGNATURE).build());
                    } else {
                        arrayList.add(rSAKey);
                    }
                }
                if ($assertionsDisabled || load.getKeys().size() == arrayList.size()) {
                    return new JWKSet(arrayList);
                }
                throw new AssertionError();
            } catch (KeyStoreException e) {
                throw new JOSEException("Couldn't load JWK set from PKCS#11 key store: " + e.getMessage(), e);
            }
        } catch (Exception e2) {
            throw new JOSEException("Couldn't load PKCS#11 key store: " + e2.getMessage(), e2);
        }
    }

    public static JWKSet loadFromSystemProperty() throws JOSEException {
        return loadFromProperty(System.getProperties());
    }

    public static JWKSet loadFromProperty(Properties properties) throws JOSEException {
        String property = properties.getProperty(JWK_SET_PROPERTY_NAME);
        if (null == property || property.trim().isEmpty()) {
            return null;
        }
        if (!property.trim().startsWith("{")) {
            property = new Base64URL(property).decodeToString();
        }
        try {
            return JWKSet.parse(property);
        } catch (ParseException e) {
            throw new JOSEException("Invalid JWK set: " + e.getMessage(), e);
        }
    }

    public static JWKSet loadFromInputStream(InputStream inputStream) throws JOSEException {
        if (inputStream == null) {
            return null;
        }
        try {
            return JWKSet.parse(IOUtils.readInputStreamToString(inputStream, StandardCharsets.UTF_8));
        } catch (IOException | ParseException e) {
            throw new JOSEException(e.getMessage(), e);
        }
    }

    public static JWKSet loadWithSystemPropertyOverrideAndPKCS11Support(FileInputStreamSource fileInputStreamSource) {
        try {
            JWKSet loadFromSystemProperty = loadFromSystemProperty();
            boolean z = loadFromSystemProperty != null;
            if (!z) {
                try {
                    loadFromSystemProperty = loadFromInputStream(fileInputStreamSource.getInputSteam(JWK_SET_FILENAME));
                    if (loadFromSystemProperty == null) {
                        loadFromSystemProperty = new JWKSet();
                    }
                } catch (JOSEException e) {
                    String str = "Couldn't load JWK set file: /WEB-INF/jwkSet.json: " + e.getMessage();
                    Loggers.MAIN_LOG.fatal("[SE1000] {}", str, e);
                    throw new RuntimeException(str, e);
                }
            }
            Loggers.MAIN_LOG.info("[SE1021] Loaded JWK set from {} {} with {} keys", z ? JWK_SET_PROPERTY_NAME : JWK_SET_FILENAME, z ? "system property" : "file resource", Integer.valueOf(loadFromSystemProperty.getKeys().size()));
            try {
                PKCS11Configuration load = PKCS11Configuration.load(fileInputStreamSource);
                load.log(Loggers.MAIN_LOG);
                if (load.isPKCS11Enabled()) {
                    InputStream load2 = PKCS11ProviderConfigurationLoader.load(load.getPKCS11ConfigurationFile(), fileInputStreamSource);
                    if (load2 == null) {
                        String str2 = "Couldn't find PKCS#11 configuration: " + load.getPKCS11ConfigurationFile();
                        Loggers.MAIN_LOG.fatal("[SE1005] {}", str2);
                        throw new RuntimeException(str2);
                    }
                    try {
                        JWKSet loadPKCS11Keys = loadPKCS11Keys(load2, load.getPKCS11KeyStorePassword());
                        loadFromSystemProperty = JWKSetMerge.merge(loadFromSystemProperty, loadPKCS11Keys);
                        Loggers.MAIN_LOG.info("[SE1003] Merged PKCS#11 based JWK set with {} keys", Integer.valueOf(loadPKCS11Keys.getKeys().size()));
                    } catch (JOSEException e2) {
                        Loggers.MAIN_LOG.fatal("[SE1002] {}", e2.getMessage(), e2);
                        throw new RuntimeException(e2.getMessage(), e2);
                    }
                }
                JWKMetaLogger.log(loadFromSystemProperty);
                return loadFromSystemProperty;
            } catch (IOException e3) {
                String str3 = "Couldn't load PKCS#11 configuration: " + e3.getMessage();
                Loggers.MAIN_LOG.fatal("[SE1001] {}", str3, e3);
                throw new RuntimeException(str3, e3);
            }
        } catch (JOSEException e4) {
            String str4 = "Couldn't load JWK set from system property: jose.jwkSet: " + e4.getMessage();
            Loggers.MAIN_LOG.fatal("[SE1020] {}", str4, e4);
            throw new RuntimeException(str4, e4);
        }
    }

    private JWKSetLoader() {
    }

    static {
        $assertionsDisabled = !JWKSetLoader.class.desiredAssertionStatus();
    }
}
