package net.leanix.dropkit.oauth.jwks;

import com.auth0.jwk.GuavaCachedJwkProvider;
import com.auth0.jwk.Jwk;
import com.auth0.jwk.JwkException;
import com.auth0.jwk.JwkProvider;
import com.auth0.jwk.UrlJwkProvider;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SigningKeyResolver;
import java.security.Key;
import java.util.concurrent.TimeUnit;
import net.leanix.dropkit.oauth.OAuth2ResourceServerConfig;
import net.leanix.dropkit.oauth.token.ConfigException;
import net.leanix.dropkit.oauth.token.OAuth2TokenConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/leanix/dropkit/oauth/jwks/SigningKeyResolverJWKS.class */
public class SigningKeyResolverJWKS implements SigningKeyResolver {
    private static final Logger LOG = LoggerFactory.getLogger(SigningKeyResolverJWKS.class);
    private final JwkProvider provider;
    private final Key fallbackPublicKey;

    public SigningKeyResolverJWKS(OAuth2TokenConfig oAuth2TokenConfig) {
        this(new GuavaCachedJwkProvider(new UrlJwkProvider(oAuth2TokenConfig.getJwksUri()), 20L, 30L, TimeUnit.MINUTES), tryReadingPublicKeyFromConfiguration(oAuth2TokenConfig));
    }

    SigningKeyResolverJWKS(JwkProvider jwkProvider, Key key) {
        this.provider = jwkProvider;
        this.fallbackPublicKey = key;
    }

    private static Key tryReadingPublicKeyFromConfiguration(OAuth2TokenConfig oAuth2TokenConfig) {
        if (oAuth2TokenConfig == null) {
            return null;
        }
        if ((oAuth2TokenConfig instanceof OAuth2ResourceServerConfig) && ((OAuth2ResourceServerConfig) oAuth2TokenConfig).getPublicKeyPath() == null) {
            return null;
        }
        try {
            return oAuth2TokenConfig.getSigningKey();
        } catch (ConfigException e) {
            LOG.info("Unable to load JWT public key from 'oauth' configuration. Try JWKS url lookup.");
            return null;
        }
    }

    public Key resolveSigningKey(JwsHeader jwsHeader, String str) {
        throw new UnsupportedOperationException();
    }

    public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
        try {
            Jwk jwk = this.provider.get(jwsHeader.getKeyId());
            if (jwk != null) {
                return jwk.getPublicKey();
            }
        } catch (JwkException e) {
            LOG.error("Can't resolve JWK for keyId: " + jwsHeader.getKeyId(), e);
        }
        LOG.debug("Unable to lookup JWK for keyId '{}'. Try legacy deployed public key.", jwsHeader.getKeyId());
        return this.fallbackPublicKey;
    }
}
