package io.jans.lock.service;

import io.jans.as.client.JwkClient;
import io.jans.as.client.OpenIdConfigurationResponse;
import io.jans.as.client.StatusListClient;
import io.jans.as.client.StatusListRequest;
import io.jans.as.client.StatusListResponse;
import io.jans.as.model.crypto.signature.AlgorithmFamily;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.jws.ECDSASigner;
import io.jans.as.model.jws.RSASigner;
import io.jans.as.model.jwt.Jwt;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/lock/service/TokenStsatusListService.class */
public class TokenStsatusListService {
    public static final String CONTENT_TYPE_STATUSLIST_JSON = "application/statuslist+json";
    public static final String CONTENT_TYPE_STATUSLIST_JWT = "application/statuslist+jwt";

    @Inject
    private Logger log;

    @Inject
    private OpenIdService openIdService;

    public StatusListResponse loadTokenStatusList() {
        RSASigner eCDSASigner;
        OpenIdConfigurationResponse openIdConfiguration = this.openIdService.getOpenIdConfiguration();
        this.log.debug("Loaded OpenIdConfiguration: {}", openIdConfiguration);
        StatusListResponse requestTokenStatusList = requestTokenStatusList(openIdConfiguration.getStatusListEndpoint());
        if (requestTokenStatusList == null) {
            return null;
        }
        Jwt jwt = requestTokenStatusList.getJwt();
        SignatureAlgorithm signatureAlgorithm = jwt.getHeader().getSignatureAlgorithm();
        AlgorithmFamily family = signatureAlgorithm.getFamily();
        if (AlgorithmFamily.RSA == family) {
            eCDSASigner = new RSASigner(signatureAlgorithm, JwkClient.getRSAPublicKey(openIdConfiguration.getJwksUri(), jwt.getHeader().getClaimAsString("kid")));
        } else {
            if (AlgorithmFamily.EC != family) {
                this.log.error("Unsupported signature algorithm family: '{}'", family);
                return null;
            }
            eCDSASigner = new ECDSASigner(signatureAlgorithm, JwkClient.getECDSAPublicKey(openIdConfiguration.getJwksUri(), jwt.getHeader().getClaimAsString("kid")));
        }
        if (eCDSASigner.validate(jwt)) {
            return requestTokenStatusList;
        }
        this.log.error("Token status list JWT signature is invalid");
        return null;
    }

    private StatusListResponse requestTokenStatusList(String str) {
        StatusListResponse exec = new StatusListClient(str).exec(new StatusListRequest());
        if (exec.getStatus() == 200) {
            return exec;
        }
        this.log.debug("Faield to load token status list");
        return null;
    }
}
