package io.jans.as.server.service;

import io.jans.as.model.config.Conf;
import io.jans.as.model.config.WebKeysConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.server.model.config.ConfigurationFactory;
import io.jans.as.server.service.cdi.event.KeyGenerationEvent;
import io.jans.as.server.util.ServerUtil;
import io.jans.orm.PersistenceEntryManager;
import io.jans.service.cdi.async.Asynchronous;
import io.jans.service.cdi.event.Scheduled;
import io.jans.service.timer.event.TimerEvent;
import io.jans.service.timer.schedule.TimerSchedule;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.event.Event;
import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import java.lang.annotation.Annotation;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;

@ApplicationScoped
@Named
/* loaded from: input_file:io/jans/as/server/service/KeyGeneratorTimer.class */
public class KeyGeneratorTimer {
    private static final int DEFAULT_INTERVAL = 60;

    @Inject
    private Logger log;

    @Inject
    private Event<TimerEvent> timerEvent;

    @Inject
    private ConfigurationFactory configurationFactory;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private AbstractCryptoProvider cryptoProvider;
    private AtomicBoolean isActive;
    private long lastFinishedTime;

    public void initTimer() {
        this.log.debug("Initializing Key Generator Timer");
        this.isActive = new AtomicBoolean(false);
        this.timerEvent.fire(new TimerEvent(new TimerSchedule(60, 60), new KeyGenerationEvent(), new Annotation[]{Scheduled.Literal.INSTANCE}));
        this.lastFinishedTime = System.currentTimeMillis();
    }

    @Asynchronous
    public void process(@Observes @Scheduled KeyGenerationEvent keyGenerationEvent) {
        if (this.appConfiguration.getKeyRegenerationEnabled().booleanValue() && !this.isActive.get() && this.isActive.compareAndSet(false, true)) {
            try {
                updateKeys();
            } catch (Exception e) {
                this.log.error("Exception happened while executing keys update", e);
            } finally {
                this.isActive.set(false);
            }
        }
    }

    private void updateKeys() throws Exception {
        if (isStartUpdateKeys()) {
            updateKeysImpl();
            this.lastFinishedTime = System.currentTimeMillis();
        }
    }

    private boolean isStartUpdateKeys() {
        long keyRegenerationInterval = this.appConfiguration.getKeyRegenerationInterval();
        if (keyRegenerationInterval <= 0) {
            keyRegenerationInterval = 60;
        }
        return System.currentTimeMillis() - this.lastFinishedTime >= (keyRegenerationInterval * 3600) * 1000;
    }

    private void updateKeysImpl() throws Exception {
        this.log.info("Updating JWKS keys ...");
        Conf conf = (Conf) this.ldapEntryManager.find(Conf.class, this.configurationFactory.getBaseConfiguration().getString("jansAuth_ConfigurationEntryDN"));
        conf.setWebKeys((WebKeysConfiguration) ServerUtil.createJsonMapper().readValue(updateKeys(conf.getWebKeys().toJSONObject()).toString(), WebKeysConfiguration.class));
        conf.setRevision(conf.getRevision() + 1);
        this.ldapEntryManager.merge(conf);
        this.log.info("Updated JWKS successfully");
        this.log.trace("JWKS keys: " + conf.getWebKeys().getKeys().stream().map((v0) -> {
            return v0.getKid();
        }).collect(Collectors.toList()));
        this.log.trace("KeyStore keys: " + this.cryptoProvider.getKeys());
    }

    private JSONObject updateKeys(JSONObject jSONObject) throws Exception {
        JSONObject generateJwks = AbstractCryptoProvider.generateJwks(this.cryptoProvider, this.appConfiguration);
        JSONArray jSONArray = jSONObject.getJSONArray("keys");
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            if (jSONObject2.has("exp") && !jSONObject2.isNull("exp")) {
                GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                GregorianCalendar gregorianCalendar2 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                gregorianCalendar2.setTimeInMillis(jSONObject2.getLong("exp"));
                if (gregorianCalendar2.before(gregorianCalendar)) {
                    this.log.trace("Removing JWK: {}, Expiration date: {}", jSONObject2.getString("kid"), Long.valueOf(jSONObject2.getLong("exp")));
                    this.cryptoProvider.deleteKey(jSONObject2.getString("kid"));
                } else if (this.cryptoProvider.containsKey(jSONObject2.getString("kid"))) {
                    this.log.trace("Contains kid: {}", jSONObject2.getString("kid"));
                    generateJwks.getJSONArray("keys").put(jSONObject2);
                }
            } else if (this.cryptoProvider.containsKey(jSONObject2.getString("kid"))) {
                GregorianCalendar gregorianCalendar3 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                gregorianCalendar3.add(10, this.appConfiguration.getKeyRegenerationInterval());
                gregorianCalendar3.add(13, this.appConfiguration.getIdTokenLifetime());
                jSONObject2.put("exp", gregorianCalendar3.getTimeInMillis());
                this.log.trace("Contains kid {} without exp {}", jSONObject2.getString("kid"), gregorianCalendar3);
                generateJwks.getJSONArray("keys").put(jSONObject2);
            }
        }
        return generateJwks;
    }
}
