package org.sdase.commons.server.auth.key;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sdase/commons/server/auth/key/PemKeySource.class */
public class PemKeySource implements KeySource {
    private static final Logger LOG = LoggerFactory.getLogger(PemKeySource.class);
    private final String kid;
    private final URI pemKeyLocation;
    private final String requiredIssuer;

    public PemKeySource(String str, URI uri, String str2) {
        this.kid = str;
        this.pemKeyLocation = uri;
        this.requiredIssuer = str2;
    }

    @Override // org.sdase.commons.server.auth.key.KeySource
    public List<LoadedPublicKey> loadKeysFromSource() {
        try {
            LOG.info("Loading public key for token signature verification from PEM {}", this.pemKeyLocation);
            if (isPublicKey(this.pemKeyLocation)) {
                return Collections.singletonList(new LoadedPublicKey(this.kid, loadPublicKey(this.pemKeyLocation), this, this.requiredIssuer));
            }
            RSAPublicKey extractRsaPublicKeyFromCertificate = extractRsaPublicKeyFromCertificate(loadCertificate(this.pemKeyLocation));
            LOG.info("Loaded public key for token signature verification from PEM {}", this.pemKeyLocation);
            return Collections.singletonList(new LoadedPublicKey(this.kid, extractRsaPublicKeyFromCertificate, this, this.requiredIssuer));
        } catch (IOException | ClassCastException | NullPointerException | CertificateException e) {
            throw new KeyLoadFailedException("Failed to load public key for token signature verification from PEM " + this.pemKeyLocation, e);
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        PemKeySource pemKeySource = (PemKeySource) obj;
        return Objects.equals(this.kid, pemKeySource.kid) && Objects.equals(this.pemKeyLocation, pemKeySource.pemKeyLocation);
    }

    public int hashCode() {
        return Objects.hash(this.kid, this.pemKeyLocation);
    }

    public String toString() {
        return "PemKeySource{kid='" + this.kid + "', pemKeyLocation=" + this.pemKeyLocation + '}';
    }

    private X509Certificate loadCertificate(URI uri) throws CertificateException, IOException {
        InputStream openStream = uri.toURL().openStream();
        Throwable th = null;
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(openStream);
            if (!(generateCertificate instanceof X509Certificate)) {
                throw new KeyLoadFailedException("Only X509Certificate certificates are supported but loaded a " + generateCertificate.getClass() + " from " + this.pemKeyLocation);
            }
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    openStream.close();
                }
            }
            return x509Certificate;
        } catch (Throwable th3) {
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    private RSAPublicKey extractRsaPublicKeyFromCertificate(X509Certificate x509Certificate) throws KeyLoadFailedException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (publicKey instanceof RSAPublicKey) {
            return (RSAPublicKey) publicKey;
        }
        throw new KeyLoadFailedException("Only RSA keys are supported but loaded a " + publicKey.getClass() + " from " + this.pemKeyLocation);
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0033  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean isPublicKey(java.net.URI r6) {
        /*
            r5 = this;
            r0 = r6
            java.net.URL r0 = r0.toURL()     // Catch: java.io.IOException -> L7b
            java.io.InputStream r0 = r0.openStream()     // Catch: java.io.IOException -> L7b
            r7 = r0
            r0 = 0
            r8 = r0
            r0 = r5
            r1 = r7
            java.lang.String r0 = r0.readContent(r1)     // Catch: java.lang.Throwable -> L50 java.lang.Throwable -> L58 java.io.IOException -> L7b
            java.lang.String r0 = r0.trim()     // Catch: java.lang.Throwable -> L50 java.lang.Throwable -> L58 java.io.IOException -> L7b
            r9 = r0
            r0 = r9
            java.lang.String r1 = "-----BEGIN PUBLIC KEY-----"
            boolean r0 = r0.startsWith(r1)     // Catch: java.lang.Throwable -> L50 java.lang.Throwable -> L58 java.io.IOException -> L7b
            if (r0 == 0) goto L2c
            r0 = r9
            java.lang.String r1 = "-----END PUBLIC KEY-----"
            boolean r0 = r0.endsWith(r1)     // Catch: java.lang.Throwable -> L50 java.lang.Throwable -> L58 java.io.IOException -> L7b
            if (r0 == 0) goto L2c
            r0 = 1
            goto L2d
        L2c:
            r0 = 0
        L2d:
            r10 = r0
            r0 = r7
            if (r0 == 0) goto L4d
            r0 = r8
            if (r0 == 0) goto L49
            r0 = r7
            r0.close()     // Catch: java.lang.Throwable -> L3e java.io.IOException -> L7b
            goto L4d
        L3e:
            r11 = move-exception
            r0 = r8
            r1 = r11
            r0.addSuppressed(r1)     // Catch: java.io.IOException -> L7b
            goto L4d
        L49:
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L7b
        L4d:
            r0 = r10
            return r0
        L50:
            r9 = move-exception
            r0 = r9
            r8 = r0
            r0 = r9
            throw r0     // Catch: java.lang.Throwable -> L58 java.io.IOException -> L7b
        L58:
            r12 = move-exception
            r0 = r7
            if (r0 == 0) goto L78
            r0 = r8
            if (r0 == 0) goto L74
            r0 = r7
            r0.close()     // Catch: java.lang.Throwable -> L69 java.io.IOException -> L7b
            goto L78
        L69:
            r13 = move-exception
            r0 = r8
            r1 = r13
            r0.addSuppressed(r1)     // Catch: java.io.IOException -> L7b
            goto L78
        L74:
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L7b
        L78:
            r0 = r12
            throw r0     // Catch: java.io.IOException -> L7b
        L7b:
            r7 = move-exception
            org.sdase.commons.server.auth.key.KeyLoadFailedException r0 = new org.sdase.commons.server.auth.key.KeyLoadFailedException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Failed to read key from "
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r6
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r3 = r7
            r1.<init>(r2, r3)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.sdase.commons.server.auth.key.PemKeySource.isPublicKey(java.net.URI):boolean");
    }

    private RSAPublicKey loadPublicKey(URI uri) {
        LOG.info("Loading public key for token signature verification from PEM {}", uri);
        try {
            InputStream openStream = uri.toURL().openStream();
            Throwable th = null;
            try {
                try {
                    RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(readContent(openStream).replace("-----BEGIN PUBLIC KEY-----", "").replaceAll("(\\r\\n|\\r|\\n)", "").replace("-----END PUBLIC KEY-----", ""))));
                    if (openStream != null) {
                        if (0 != 0) {
                            try {
                                openStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            openStream.close();
                        }
                    }
                    return rSAPublicKey;
                } finally {
                }
            } catch (Throwable th3) {
                if (openStream != null) {
                    if (th != null) {
                        try {
                            openStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        openStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException | ClassCastException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new KeyLoadFailedException("Failed to load public key at " + uri, e);
        }
    }

    private String readContent(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr, 0, bArr.length);
            if (read == -1) {
                return new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }
}
