package leap.oauth2;

import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Map;
import leap.core.security.token.TokenVerifyException;
import leap.core.security.token.jwt.JwtVerifier;
import leap.core.security.token.jwt.RsaVerifier;
import leap.lang.Assert;
import leap.lang.Strings;
import leap.lang.http.client.HttpClient;
import leap.lang.http.client.HttpResponse;
import leap.lang.http.client.JdkHttpClient;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.lang.security.RSA;

/* loaded from: input_file:leap/oauth2/TokenVerifierFactory.class */
public class TokenVerifierFactory {

    /* loaded from: input_file:leap/oauth2/TokenVerifierFactory$NetPublicKeyGetter.class */
    protected static class NetPublicKeyGetter implements PublicKeyGetter<RSAPublicKey> {
        private final String url;
        private final HttpClient client = new JdkHttpClient();
        private String publicKeyStr;

        public NetPublicKeyGetter(String str) {
            this.url = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // leap.oauth2.TokenVerifierFactory.PublicKeyGetter
        public RSAPublicKey getPublicKey() {
            this.publicKeyStr = getPublicKeyStr();
            return RSA.decodePublicKey(this.publicKeyStr);
        }

        protected String getPublicKeyStr() {
            HttpResponse httpResponse = this.client.request(this.url).get();
            if (!httpResponse.is2xx()) {
                throw new RuntimeException("get public key from url error,error status:" + httpResponse.getStatus() + ", error message:" + httpResponse.getString());
            }
            String string = httpResponse.getString();
            if (Strings.isEmpty(string)) {
                throw new RuntimeException("get public key from url error, the public key is empty!");
            }
            return string;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:leap/oauth2/TokenVerifierFactory$PublicKeyGetter.class */
    public interface PublicKeyGetter<T extends PublicKey> {
        T getPublicKey();
    }

    /* loaded from: input_file:leap/oauth2/TokenVerifierFactory$PublicKeyGetterRSAJwtVerifier.class */
    protected static class PublicKeyGetterRSAJwtVerifier implements JwtVerifier {
        protected int repeatCount;
        protected PublicKeyGetter<RSAPublicKey> getter;
        protected final Log log = LogFactory.get(PublicKeyGetterRSAJwtVerifier.class);
        protected JwtVerifier verifier = null;
        private Object lock = new Object();

        public PublicKeyGetterRSAJwtVerifier(PublicKeyGetter<RSAPublicKey> publicKeyGetter, int i) {
            Assert.notNull(publicKeyGetter, "public key getter can not be null.");
            this.getter = publicKeyGetter;
            this.repeatCount = i;
        }

        public Map<String, Object> verify(String str) throws TokenVerifyException {
            initVerifier();
            Map<String, Object> map = null;
            TokenVerifyException tokenVerifyException = null;
            for (int i = 0; i < this.repeatCount; i++) {
                try {
                    map = this.verifier.verify(str);
                    break;
                } catch (TokenVerifyException e) {
                    this.log.info("verifier token error for " + i + " times.");
                    tokenVerifyException = e;
                    this.verifier = getVerifier();
                }
            }
            if (map != null || tokenVerifyException == null) {
                return map;
            }
            throw tokenVerifyException;
        }

        public void initVerifier() {
            if (null == this.verifier) {
                synchronized (this.lock) {
                    if (null == this.verifier) {
                        try {
                            this.verifier = getVerifier();
                        } catch (Throwable th) {
                            this.log.error("create verifier error", th);
                        }
                    }
                }
            }
        }

        public void setRepeatCount(int i) {
            this.repeatCount = i;
        }

        protected JwtVerifier getVerifier() {
            return new RsaVerifier(this.getter.getPublicKey());
        }
    }

    public static <T extends RSAPublicKey> JwtVerifier createRSAJwtVerifier(T t) {
        return new RsaVerifier(t);
    }

    public static <T extends RSAPublicKey> JwtVerifier createRSAJwtVerifier(PublicKeyGetter<T> publicKeyGetter) {
        return new RsaVerifier(publicKeyGetter.getPublicKey());
    }

    public static JwtVerifier createNetPublicKeyRSAJwtVerifier(String str) {
        return new PublicKeyGetterRSAJwtVerifier(new NetPublicKeyGetter(str), 2);
    }
}
