package org.apereo.cas.oidc.jwks;

import com.github.benmanes.caffeine.cache.CacheLoader;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.RsaJsonWebKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:org/apereo/cas/oidc/jwks/OidcDefaultJsonWebKeystoreCacheLoader.class */
public class OidcDefaultJsonWebKeystoreCacheLoader implements CacheLoader<String, Optional<RsaJsonWebKey>> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcDefaultJsonWebKeystoreCacheLoader.class);
    private final Resource jwksFile;

    private static RsaJsonWebKey getJsonSigningWebKeyFromJwks(JsonWebKeySet jsonWebKeySet) {
        if (jsonWebKeySet.getJsonWebKeys().isEmpty()) {
            LOGGER.warn("No JSON web keys are available in the keystore");
            return null;
        }
        RsaJsonWebKey rsaJsonWebKey = (RsaJsonWebKey) jsonWebKeySet.getJsonWebKeys().get(0);
        if (StringUtils.isBlank(rsaJsonWebKey.getAlgorithm())) {
            LOGGER.warn("Located JSON web key [{}] has no algorithm defined", rsaJsonWebKey);
        }
        if (StringUtils.isBlank(rsaJsonWebKey.getKeyId())) {
            LOGGER.warn("Located JSON web key [{}] has no key id defined", rsaJsonWebKey);
        }
        if (rsaJsonWebKey.getPrivateKey() != null) {
            return rsaJsonWebKey;
        }
        LOGGER.warn("Located JSON web key [{}] has no private key", rsaJsonWebKey);
        return null;
    }

    private static JsonWebKeySet buildJsonWebKeySet(Resource resource) throws Exception {
        String iOUtils = IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8);
        LOGGER.debug("Retrieved JSON web key from [{}] as [{}]", resource, iOUtils);
        return buildJsonWebKeySet(iOUtils);
    }

    private Optional<JsonWebKeySet> buildJsonWebKeySet() {
        try {
            LOGGER.debug("Loading default JSON web key from [{}]", this.jwksFile);
            if (this.jwksFile != null) {
                LOGGER.debug("Retrieving default JSON web key from [{}]", this.jwksFile);
                JsonWebKeySet buildJsonWebKeySet = buildJsonWebKeySet(this.jwksFile);
                if (buildJsonWebKeySet == null || buildJsonWebKeySet.getJsonWebKeys().isEmpty()) {
                    LOGGER.warn("No JSON web keys could be found");
                    return Optional.empty();
                }
                if (buildJsonWebKeySet.getJsonWebKeys().stream().filter(jsonWebKey -> {
                    return StringUtils.isBlank(jsonWebKey.getAlgorithm()) && StringUtils.isBlank(jsonWebKey.getKeyId()) && StringUtils.isBlank(jsonWebKey.getKeyType());
                }).count() == buildJsonWebKeySet.getJsonWebKeys().size()) {
                    LOGGER.warn("No valid JSON web keys could be found");
                    return Optional.empty();
                }
                RsaJsonWebKey jsonSigningWebKeyFromJwks = getJsonSigningWebKeyFromJwks(buildJsonWebKeySet);
                if (jsonSigningWebKeyFromJwks.getPrivateKey() != null) {
                    return Optional.of(buildJsonWebKeySet);
                }
                LOGGER.warn("JSON web key retrieved [{}] has no associated private key", jsonSigningWebKeyFromJwks.getKeyId());
                return Optional.empty();
            }
        } catch (Exception e) {
            LOGGER.debug(e.getMessage(), e);
        }
        return Optional.empty();
    }

    private static JsonWebKeySet buildJsonWebKeySet(String str) throws Exception {
        JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(str);
        RsaJsonWebKey jsonSigningWebKeyFromJwks = getJsonSigningWebKeyFromJwks(jsonWebKeySet);
        if (jsonSigningWebKeyFromJwks != null && jsonSigningWebKeyFromJwks.getPrivateKey() != null) {
            return jsonWebKeySet;
        }
        LOGGER.warn("JSON web key retrieved [{}] is not found or has no associated private key", jsonSigningWebKeyFromJwks);
        return null;
    }

    public Optional<RsaJsonWebKey> load(String str) {
        Optional<JsonWebKeySet> buildJsonWebKeySet = buildJsonWebKeySet();
        if (buildJsonWebKeySet.isEmpty() || buildJsonWebKeySet.get().getJsonWebKeys().isEmpty()) {
            return Optional.empty();
        }
        RsaJsonWebKey jsonSigningWebKeyFromJwks = getJsonSigningWebKeyFromJwks(buildJsonWebKeySet.get());
        return jsonSigningWebKeyFromJwks == null ? Optional.empty() : Optional.of(jsonSigningWebKeyFromJwks);
    }

    @Generated
    public OidcDefaultJsonWebKeystoreCacheLoader(Resource resource) {
        this.jwksFile = resource;
    }
}
