package org.sdase.commons.server.auth.key;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.client.Client;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sdase/commons/server/auth/key/JwksKeySource.class */
public class JwksKeySource implements KeySource {
    private static final Logger LOGGER = LoggerFactory.getLogger(JwksKeySource.class);
    private static final String RSA_KTY = "RSA";
    private static final String EC_KTY = "EC";
    private static final Set<String> SUPPORTED_KTY = Set.of(RSA_KTY, EC_KTY);
    private static final Set<String> SUPPORTED_ALG = Set.of("RS256", "RS384", "RS512", "ES256", "ES384", "ES512");
    private final String jwksUri;
    private final Client client;
    private final String requiredIssuer;

    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:org/sdase/commons/server/auth/key/JwksKeySource$Jwks.class */
    private static class Jwks {
        private List<Key> keys;

        private Jwks() {
        }

        public List<Key> getKeys() {
            return this.keys;
        }

        public Jwks setKeys(List<Key> list) {
            this.keys = list;
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:org/sdase/commons/server/auth/key/JwksKeySource$Key.class */
    public static class Key {
        private String kid;
        private String kty;
        private String x5t;
        private String alg;
        private String use;
        private String n;
        private String e;
        private String x;
        private String y;
        private String crv;

        private Key() {
        }

        public String getKid() {
            return this.kid;
        }

        public Key setKid(String str) {
            this.kid = str;
            return this;
        }

        public String getX5t() {
            return this.x5t;
        }

        public Key setX5t(String str) {
            this.x5t = str;
            return this;
        }

        public String getKty() {
            return this.kty;
        }

        public Key setKty(String str) {
            this.kty = str;
            return this;
        }

        public String getAlg() {
            return this.alg;
        }

        public Key setAlg(String str) {
            this.alg = str;
            return this;
        }

        public String getUse() {
            return this.use;
        }

        public Key setUse(String str) {
            this.use = str;
            return this;
        }

        public String getN() {
            return this.n;
        }

        public Key setN(String str) {
            this.n = str;
            return this;
        }

        public String getE() {
            return this.e;
        }

        public Key setE(String str) {
            this.e = str;
            return this;
        }

        public String getX() {
            return this.x;
        }

        public Key setX(String str) {
            this.x = str;
            return this;
        }

        public String getY() {
            return this.y;
        }

        public Key setY(String str) {
            this.y = str;
            return this;
        }

        public String getCrv() {
            return this.crv;
        }

        public Key setCrv(String str) {
            this.crv = str;
            return this;
        }
    }

    public JwksKeySource(String str, Client client, String str2) {
        this.jwksUri = str;
        this.client = client;
        this.requiredIssuer = str2;
    }

    @Override // org.sdase.commons.server.auth.key.KeySource
    public List<LoadedPublicKey> loadKeysFromSource() {
        try {
            return (List) ((Jwks) this.client.target(this.jwksUri).request(new String[]{"application/json"}).get(Jwks.class)).getKeys().stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter(this::isForSigning).filter(this::isSupportedKeyType).filter(this::isSupportedAlg).map(this::toPublicKey).collect(Collectors.toList());
        } catch (Exception e) {
            throw new KeyLoadFailedException(e);
        } catch (WebApplicationException e2) {
            try {
                e2.getResponse().close();
            } catch (ProcessingException e3) {
                LOGGER.warn("Error while loading keys from JWKS while closing response", e3);
            }
            throw new KeyLoadFailedException((Throwable) e2);
        } catch (KeyLoadFailedException e4) {
            throw e4;
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        JwksKeySource jwksKeySource = (JwksKeySource) obj;
        return Objects.equals(this.jwksUri, jwksKeySource.jwksUri) && Objects.equals(this.client, jwksKeySource.client);
    }

    public int hashCode() {
        return Objects.hash(this.jwksUri, this.client);
    }

    public String toString() {
        return "JwksKeySource{jwksUri='" + this.jwksUri + "'}";
    }

    private boolean isForSigning(Key key) {
        return StringUtils.isBlank(key.getUse()) || "sig".equals(key.getUse());
    }

    private boolean isSupportedKeyType(Key key) {
        return key.getKty() != null && SUPPORTED_KTY.contains(key.getKty());
    }

    private boolean isSupportedAlg(Key key) {
        return key.getAlg() != null && SUPPORTED_ALG.contains(key.getAlg());
    }

    private static String mapCrvToStdName(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 75272022:
                if (str.equals("P-256")) {
                    z = false;
                    break;
                }
                break;
            case 75273074:
                if (str.equals("P-384")) {
                    z = true;
                    break;
                }
                break;
            case 75274807:
                if (str.equals("P-521")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "secp256r1";
            case true:
                return "secp384r1";
            case true:
                return "secp521r1";
            default:
                throw new KeyLoadFailedException("EC keys are supported but loaded an unsupported EC curve: '" + str + "'");
        }
    }

    private LoadedPublicKey toPublicKey(Key key) throws KeyLoadFailedException {
        try {
            String kty = key.getKty();
            KeyFactory keyFactory = KeyFactory.getInstance(kty);
            boolean z = -1;
            switch (kty.hashCode()) {
                case 2206:
                    if (kty.equals(EC_KTY)) {
                        z = true;
                        break;
                    }
                    break;
                case 81440:
                    if (kty.equals(RSA_KTY)) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return toRsaPublicKey(key, keyFactory);
                case true:
                    return toEcPublicKey(key, keyFactory);
                default:
                    throw new KeyLoadFailedException("Unsupported key: " + key.getClass() + " from " + this.jwksUri);
            }
        } catch (NullPointerException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
            throw new KeyLoadFailedException(e);
        }
    }

    private LoadedPublicKey toRsaPublicKey(Key key, KeyFactory keyFactory) throws InvalidKeySpecException {
        return new LoadedPublicKey(key.getKid(), key.getX5t(), keyFactory.generatePublic(new RSAPublicKeySpec(readBase64AsBigInt(key.getN()), readBase64AsBigInt(key.getE()))), this, this.requiredIssuer, key.getAlg());
    }

    private LoadedPublicKey toEcPublicKey(Key key, KeyFactory keyFactory) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidParameterSpecException {
        BigInteger readBase64AsBigInt = readBase64AsBigInt(key.getX());
        BigInteger readBase64AsBigInt2 = readBase64AsBigInt(key.getY());
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(EC_KTY);
        algorithmParameters.init(new ECGenParameterSpec(mapCrvToStdName(key.getCrv())));
        return new LoadedPublicKey(key.getKid(), key.getX5t(), keyFactory.generatePublic(new ECPublicKeySpec(new ECPoint(readBase64AsBigInt, readBase64AsBigInt2), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class))), this, this.requiredIssuer, key.getAlg());
    }

    private static BigInteger readBase64AsBigInt(String str) {
        return new BigInteger(1, Base64.getUrlDecoder().decode(str));
    }
}
