package org.sdase.commons.server.auth.key;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  
 */
/* loaded from: input_file:org/sdase/commons/server/auth/key/PemKeySource.class */
public class PemKeySource implements KeySource {
    private static final Logger LOG = LoggerFactory.getLogger(PemKeySource.class);
    private String kid;
    private URI pemKeyLocation;

    public PemKeySource(String str, URI uri) {
        this.kid = str;
        this.pemKeyLocation = uri;
    }

    @Override // org.sdase.commons.server.auth.key.KeySource
    public List<LoadedPublicKey> loadKeysFromSource() {
        try {
            LOG.info("Loading public key for token signature verification from PEM {}", this.pemKeyLocation);
            RSAPublicKey extractRsaPublicKey = extractRsaPublicKey(loadCertificate(this.pemKeyLocation));
            LOG.info("Loaded public key for token signature verification from PEM {}", this.pemKeyLocation);
            return Collections.singletonList(new LoadedPublicKey(this.kid, extractRsaPublicKey, this));
        } catch (IOException | ClassCastException | NullPointerException | CertificateException e) {
            throw new KeyLoadFailedException("Failed to load public key for token signature verification from PEM " + this.pemKeyLocation, e);
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        PemKeySource pemKeySource = (PemKeySource) obj;
        return Objects.equals(this.kid, pemKeySource.kid) && Objects.equals(this.pemKeyLocation, pemKeySource.pemKeyLocation);
    }

    public int hashCode() {
        return Objects.hash(this.kid, this.pemKeyLocation);
    }

    public String toString() {
        return "PemKeySource{kid='" + this.kid + "', pemKeyLocation=" + this.pemKeyLocation + '}';
    }

    private X509Certificate loadCertificate(URI uri) throws CertificateException, IOException {
        InputStream openStream = uri.toURL().openStream();
        Throwable th = null;
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(openStream);
            if (!(generateCertificate instanceof X509Certificate)) {
                throw new KeyLoadFailedException("Only X509Certificate certificates are supported but loaded a " + generateCertificate.getClass() + " from " + this.pemKeyLocation);
            }
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    openStream.close();
                }
            }
            return x509Certificate;
        } catch (Throwable th3) {
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    private RSAPublicKey extractRsaPublicKey(X509Certificate x509Certificate) throws KeyLoadFailedException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (publicKey instanceof RSAPublicKey) {
            return (RSAPublicKey) publicKey;
        }
        throw new KeyLoadFailedException("Only RSA keys are supported but loaded a " + publicKey.getClass() + " from " + this.pemKeyLocation);
    }
}
