package org.omnifaces.jwt.eesecurity;

import jakarta.enterprise.inject.spi.DeploymentException;
import jakarta.json.JsonArray;
import jakarta.json.JsonObject;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.time.Duration;
import java.util.Base64;
import java.util.Optional;
import java.util.function.Supplier;
import org.eclipse.microprofile.config.Config;
import org.eclipse.microprofile.config.ConfigProvider;

/* loaded from: input_file:org/omnifaces/jwt/eesecurity/JwtPrivateKeyStore.class */
public class JwtPrivateKeyStore {
    private final Config config;
    private final Supplier<Optional<String>> cacheSupplier;
    private final Duration defaultCacheTTL;
    private String keyLocation;

    public JwtPrivateKeyStore(Duration duration) {
        this.keyLocation = "/privateKey.pem";
        this.config = ConfigProvider.getConfig();
        this.defaultCacheTTL = duration;
        KeyLoadingCache keyLoadingCache = new KeyLoadingCache(this::readRawPrivateKey);
        this.cacheSupplier = keyLoadingCache::get;
    }

    public JwtPrivateKeyStore(Duration duration, Optional<String> optional) {
        this(duration);
        this.keyLocation = optional.orElse(this.keyLocation);
    }

    private CacheableString readRawPrivateKey() {
        CacheableString readKeyFromLocation = JwtKeyStoreUtils.readKeyFromLocation(this.keyLocation, this.defaultCacheTTL);
        if (!readKeyFromLocation.isPresent()) {
            readKeyFromLocation = JwtKeyStoreUtils.readMPKeyFromLocation(this.config, "mp.jwt.decrypt.key.location", this.defaultCacheTTL);
        }
        return readKeyFromLocation;
    }

    public PrivateKey getPrivateKey(String str) {
        return (PrivateKey) this.cacheSupplier.get().map(str2 -> {
            return createPrivateKey(str2, str);
        }).orElseThrow(() -> {
            return new IllegalStateException("No PrivateKey found");
        });
    }

    private PrivateKey createPrivateKey(String str, String str2) {
        try {
            return createPrivateKeyFromPem(str);
        } catch (Exception e) {
            try {
                return createPrivateKeyFromJWKS(str, str2);
            } catch (Exception e2) {
                throw new DeploymentException(e2);
            }
        }
    }

    private PrivateKey createPrivateKeyFromPem(String str) throws Exception {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(JwtKeyStoreUtils.trimPem(str))));
    }

    private PrivateKey createPrivateKeyFromJWKS(String str, String str2) throws Exception {
        JsonObject parseJwks = JwtKeyStoreUtils.parseJwks(str);
        JsonArray jsonArray = parseJwks.getJsonArray("keys");
        JsonObject findJwk = jsonArray != null ? JwtKeyStoreUtils.findJwk(jsonArray, str2) : parseJwks;
        String string = findJwk.getString("kty");
        if (string == null) {
            throw new DeploymentException("Could not determine key type - kty field not present");
        }
        if (string.equals("RSA")) {
            return KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(new BigInteger(1, Base64.getUrlDecoder().decode(findJwk.getString("n"))), new BigInteger(1, Base64.getUrlDecoder().decode(findJwk.getString("d")))));
        }
        throw new DeploymentException("Could not determine key type - JWKS kty field does not equal RSA or EC");
    }
}
