package org.sdase.commons.server.auth.key;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.client.Client;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  
 */
/* loaded from: input_file:org/sdase/commons/server/auth/key/JwksKeySource.class */
public class JwksKeySource implements KeySource {
    private static final Logger LOGGER = LoggerFactory.getLogger(JwksKeySource.class);
    private String jwksUri;
    private Client client;

    /* JADX WARN: Classes with same name are omitted:
      
     */
    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:org/sdase/commons/server/auth/key/JwksKeySource$Jwks.class */
    private static class Jwks {
        private List<Key> keys;

        private Jwks() {
        }

        public List<Key> getKeys() {
            return this.keys;
        }

        public Jwks setKeys(List<Key> list) {
            this.keys = list;
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      
     */
    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:org/sdase/commons/server/auth/key/JwksKeySource$Key.class */
    public static class Key {
        private String kid;
        private String kty;
        private String alg;
        private String use;
        private String n;
        private String e;

        private Key() {
        }

        public String getKid() {
            return this.kid;
        }

        public Key setKid(String str) {
            this.kid = str;
            return this;
        }

        public String getKty() {
            return this.kty;
        }

        public Key setKty(String str) {
            this.kty = str;
            return this;
        }

        public String getAlg() {
            return this.alg;
        }

        public Key setAlg(String str) {
            this.alg = str;
            return this;
        }

        public String getUse() {
            return this.use;
        }

        public Key setUse(String str) {
            this.use = str;
            return this;
        }

        public String getN() {
            return this.n;
        }

        public Key setN(String str) {
            this.n = str;
            return this;
        }

        public String getE() {
            return this.e;
        }

        public Key setE(String str) {
            this.e = str;
            return this;
        }
    }

    public JwksKeySource(String str, Client client) {
        this.jwksUri = str;
        this.client = client;
    }

    @Override // org.sdase.commons.server.auth.key.KeySource
    public List<LoadedPublicKey> loadKeysFromSource() {
        try {
            return (List) ((Jwks) this.client.target(this.jwksUri).request(new String[]{"application/json"}).get(Jwks.class)).getKeys().stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter(this::isForSigning).filter(this::isRsaKeyType).filter(this::isRsa256Key).map(this::toPublicKey).collect(Collectors.toList());
        } catch (Exception e) {
            throw new KeyLoadFailedException(e);
        } catch (WebApplicationException e2) {
            try {
                e2.getResponse().close();
            } catch (ProcessingException e3) {
                LOGGER.warn("Error while loading keys from JWKS while closing response", e3);
            }
            throw new KeyLoadFailedException((Throwable) e2);
        } catch (KeyLoadFailedException e4) {
            throw e4;
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        JwksKeySource jwksKeySource = (JwksKeySource) obj;
        return Objects.equals(this.jwksUri, jwksKeySource.jwksUri) && Objects.equals(this.client, jwksKeySource.client);
    }

    public int hashCode() {
        return Objects.hash(this.jwksUri, this.client);
    }

    public String toString() {
        return "JwksKeySource{jwksUri='" + this.jwksUri + "'}";
    }

    private boolean isForSigning(Key key) {
        return StringUtils.isBlank(key.getUse()) || "sig".equals(key.getUse());
    }

    private boolean isRsaKeyType(Key key) {
        return "RSA".equals(key.getKty());
    }

    private boolean isRsa256Key(Key key) {
        return StringUtils.isBlank(key.getAlg()) || "RS256".equals(key.getAlg());
    }

    private LoadedPublicKey toPublicKey(Key key) throws KeyLoadFailedException {
        try {
            String kid = key.getKid();
            PublicKey generatePublic = KeyFactory.getInstance(key.getKty()).generatePublic(new RSAPublicKeySpec(readBase64AsBigInt(key.getN()), readBase64AsBigInt(key.getE())));
            if (generatePublic instanceof RSAPublicKey) {
                return new LoadedPublicKey(kid, (RSAPublicKey) generatePublic, this);
            }
            throw new KeyLoadFailedException("Only RSA keys are supported but loaded a " + generatePublic.getClass() + " from " + this.jwksUri);
        } catch (NullPointerException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new KeyLoadFailedException(e);
        }
    }

    private static BigInteger readBase64AsBigInt(String str) {
        return new BigInteger(1, Base64.getUrlDecoder().decode(str));
    }
}
