package io.scalecube.security.tokens.jwt;

import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.LocatorAdapter;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.math.BigInteger;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.http.HttpTimeoutException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.time.Duration;
import java.util.Base64;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.ReentrantLock;

/* loaded from: input_file:io/scalecube/security/tokens/jwt/JwksKeyLocator.class */
public class JwksKeyLocator extends LocatorAdapter<Key> {
    private static final ObjectMapper OBJECT_MAPPER = newObjectMapper();
    private final URI jwksUri;
    private final Duration connectTimeout;
    private final Duration requestTimeout;
    private final int keyTtl;
    private final Map<String, CachedKey> keyResolutions = new ConcurrentHashMap();
    private final ReentrantLock cleanupLock = new ReentrantLock();

    /* loaded from: input_file:io/scalecube/security/tokens/jwt/JwksKeyLocator$Builder.class */
    public static class Builder {
        private URI jwksUri;
        private Duration connectTimeout = Duration.ofSeconds(10);
        private Duration requestTimeout = Duration.ofSeconds(10);
        private int keyTtl = 60000;

        private Builder() {
        }

        public Builder jwksUri(String str) {
            this.jwksUri = URI.create(str);
            return this;
        }

        public Builder connectTimeout(Duration duration) {
            this.connectTimeout = duration;
            return this;
        }

        public Builder requestTimeout(Duration duration) {
            this.requestTimeout = duration;
            return this;
        }

        public Builder keyTtl(int i) {
            this.keyTtl = i;
            return this;
        }

        public JwksKeyLocator build() {
            return new JwksKeyLocator(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/scalecube/security/tokens/jwt/JwksKeyLocator$CachedKey.class */
    public static final class CachedKey extends Record {
        private final Key key;
        private final long expirationDeadline;

        private CachedKey(Key key, long j) {
            this.key = key;
            this.expirationDeadline = j;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean hasExpired(long j) {
            return j >= this.expirationDeadline;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CachedKey.class), CachedKey.class, "key;expirationDeadline", "FIELD:Lio/scalecube/security/tokens/jwt/JwksKeyLocator$CachedKey;->key:Ljava/security/Key;", "FIELD:Lio/scalecube/security/tokens/jwt/JwksKeyLocator$CachedKey;->expirationDeadline:J").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CachedKey.class), CachedKey.class, "key;expirationDeadline", "FIELD:Lio/scalecube/security/tokens/jwt/JwksKeyLocator$CachedKey;->key:Ljava/security/Key;", "FIELD:Lio/scalecube/security/tokens/jwt/JwksKeyLocator$CachedKey;->expirationDeadline:J").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CachedKey.class, Object.class), CachedKey.class, "key;expirationDeadline", "FIELD:Lio/scalecube/security/tokens/jwt/JwksKeyLocator$CachedKey;->key:Ljava/security/Key;", "FIELD:Lio/scalecube/security/tokens/jwt/JwksKeyLocator$CachedKey;->expirationDeadline:J").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Key key() {
            return this.key;
        }

        public long expirationDeadline() {
            return this.expirationDeadline;
        }
    }

    private JwksKeyLocator(Builder builder) {
        this.jwksUri = builder.jwksUri;
        this.connectTimeout = builder.connectTimeout;
        this.requestTimeout = builder.requestTimeout;
        this.keyTtl = builder.keyTtl;
    }

    public static Builder builder() {
        return new Builder();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: locate, reason: merged with bridge method [inline-methods] */
    public Key m2locate(JwsHeader jwsHeader) {
        try {
            return this.keyResolutions.computeIfAbsent(jwsHeader.getKeyId(), str -> {
                PublicKey findKeyById = findKeyById(computeKeyList(), str);
                if (findKeyById == null) {
                    throw new JwtUnavailableException("Cannot find key by kid: " + str);
                }
                return new CachedKey(findKeyById, System.currentTimeMillis() + this.keyTtl);
            }).key();
        } finally {
            tryCleanup();
        }
    }

    private JwkInfoList computeKeyList() {
        try {
            HttpResponse send = HttpClient.newBuilder().connectTimeout(this.connectTimeout).build().send(HttpRequest.newBuilder(this.jwksUri).GET().timeout(this.requestTimeout).build(), HttpResponse.BodyHandlers.ofInputStream());
            int statusCode = send.statusCode();
            if (statusCode != 200) {
                throw new RuntimeException("Failed to retrive jwk keys, status: " + statusCode);
            }
            return toJwkInfoList((InputStream) send.body());
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new RuntimeException(e);
        } catch (HttpTimeoutException e2) {
            throw new JwtUnavailableException("Failed to retrive jwk keys", e2);
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        }
    }

    private static JwkInfoList toJwkInfoList(InputStream inputStream) {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
            try {
                JwkInfoList jwkInfoList = (JwkInfoList) OBJECT_MAPPER.readValue(bufferedInputStream, JwkInfoList.class);
                bufferedInputStream.close();
                return jwkInfoList;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static PublicKey findKeyById(JwkInfoList jwkInfoList, String str) {
        if (jwkInfoList.keys() != null) {
            return (PublicKey) jwkInfoList.keys().stream().filter(jwkInfo -> {
                return str.equals(jwkInfo.kid());
            }).map(jwkInfo2 -> {
                return toRsaPublicKey(jwkInfo2.modulus(), jwkInfo2.exponent());
            }).findFirst().orElse(null);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PublicKey toRsaPublicKey(String str, String str2) {
        Base64.Decoder urlDecoder = Base64.getUrlDecoder();
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, urlDecoder.decode(str)), new BigInteger(1, urlDecoder.decode(str2))));
        } catch (Exception e) {
            throw new RuntimeException(str2);
        }
    }

    private static ObjectMapper newObjectMapper() {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        objectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
        objectMapper.configure(DeserializationFeature.READ_UNKNOWN_ENUM_VALUES_AS_NULL, true);
        objectMapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);
        objectMapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY);
        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        return objectMapper;
    }

    private void tryCleanup() {
        if (this.cleanupLock.tryLock()) {
            long currentTimeMillis = System.currentTimeMillis();
            try {
                this.keyResolutions.entrySet().removeIf(entry -> {
                    return ((CachedKey) entry.getValue()).hasExpired(currentTimeMillis);
                });
            } finally {
                this.cleanupLock.unlock();
            }
        }
    }
}
