package io.jans.ca.server.service;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.Lists;
import com.google.inject.Inject;
import io.dropwizard.util.Strings;
import io.jans.as.client.JwkClient;
import io.jans.as.client.JwkResponse;
import io.jans.as.model.crypto.PublicKey;
import io.jans.as.model.crypto.signature.ECDSAPublicKey;
import io.jans.as.model.crypto.signature.RSAPublicKey;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.jwk.JSONWebKey;
import io.jans.as.model.jwk.JSONWebKeySet;
import io.jans.as.model.jwk.Use;
import io.jans.ca.server.op.OpClientFactory;
import io.jans.util.Pair;
import java.util.ArrayList;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/ca/server/service/PublicOpKeyService.class */
public class PublicOpKeyService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) PublicOpKeyService.class);
    private final Cache<Pair<String, String>, PublicKey> cache;
    private final HttpService httpService;
    private OpClientFactory opClientFactory;

    @Inject
    public PublicOpKeyService(ConfigurationService configurationService, HttpService httpService, OpClientFactory opClientFactory) {
        this.cache = CacheBuilder.newBuilder().expireAfterWrite(configurationService.get().getPublicOpKeyCacheExpirationInMinutes(), TimeUnit.MINUTES).build();
        this.httpService = httpService;
        this.opClientFactory = opClientFactory;
    }

    public PublicKey getPublicKey(String str, String str2, SignatureAlgorithm signatureAlgorithm, Use use) {
        Optional<PublicKey> cachedKey = getCachedKey(str, str2);
        if (cachedKey.isPresent()) {
            LOG.debug("Taken public key from cache. jwks_url: {}, kid : {} ", str, str2);
            return cachedKey.get();
        }
        JwkClient createJwkClient = this.opClientFactory.createJwkClient(str);
        createJwkClient.setExecutor(new ApacheHttpClient43Engine(this.httpService.getHttpClient()));
        JwkResponse exec = createJwkClient.exec();
        if (exec == null || exec.getStatus() != 200) {
            LOG.error("Failed to fetch public key from OP. Obtained Response : {}", exec == null ? exec : Integer.valueOf(exec.getStatus()));
            throw new RuntimeException("Failed to fetch public key from OP. Obtained Response : " + (exec == null ? exec : Integer.valueOf(exec.getStatus())));
        }
        if (Strings.isNullOrEmpty(str2)) {
            JSONWebKeySet jwks = exec.getJwks();
            ArrayList newArrayList = Lists.newArrayList();
            for (JSONWebKey jSONWebKey : jwks.getKeys()) {
                if (jSONWebKey.getKty() != null && signatureAlgorithm.getFamily().toString().equals(jSONWebKey.getKty().toString()) && (use == null || use == jSONWebKey.getUse())) {
                    newArrayList.add(getPublicKey(jSONWebKey));
                }
            }
            if (newArrayList.size() > 1) {
                LOG.error("Multiple matching keys found in issuer's jwks_uri for algorithm : {}. `kid` must be provided in this case.", signatureAlgorithm.getName());
                throw new RuntimeException("Multiple matching keys found in issuer's jwks_uri for algorithm : " + signatureAlgorithm.getName() + ". `kid` must be provided in this case.");
            }
            if (newArrayList.size() == 1) {
                if (!Strings.isNullOrEmpty(((PublicKey) newArrayList.get(0)).getKeyId())) {
                    this.cache.put(new Pair<>(str, ((PublicKey) newArrayList.get(0)).getKeyId()), (PublicKey) newArrayList.get(0));
                }
                return (PublicKey) newArrayList.get(0);
            }
        } else {
            PublicKey publicKey = exec.getPublicKey(str2);
            if (publicKey != null) {
                this.cache.put(new Pair<>(str, str2), publicKey);
                return publicKey;
            }
        }
        LOG.error("Failed to fetch public key from OP.");
        throw new RuntimeException("Failed to fetch public key from OP.");
    }

    private Optional<PublicKey> getCachedKey(String str, String str2) {
        if (Strings.isNullOrEmpty(str2)) {
            return Optional.empty();
        }
        return Optional.ofNullable(this.cache.getIfPresent(new Pair(str, str2)));
    }

    public PublicKey getPublicKey(JSONWebKey jSONWebKey) {
        PublicKey publicKey = null;
        if (jSONWebKey != null) {
            switch (jSONWebKey.getKty()) {
                case RSA:
                    publicKey = new RSAPublicKey(jSONWebKey.getN(), jSONWebKey.getE());
                    break;
                case EC:
                    publicKey = new ECDSAPublicKey(SignatureAlgorithm.fromString(jSONWebKey.getAlg().getParamName()), jSONWebKey.getX(), jSONWebKey.getY());
                    break;
            }
        }
        return publicKey;
    }
}
