package io.quarkus.oidc.runtime;

import io.quarkus.oidc.OIDCException;
import java.security.Key;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:io/quarkus/oidc/runtime/JsonWebKeySet.class */
public class JsonWebKeySet {
    private static final String RSA_KEY_TYPE = "RSA";
    private static final String ELLIPTIC_CURVE_KEY_TYPE = "EC";
    private static final String OCTET_KEY_PAIR_TYPE = "OKP";
    private static final Set<String> KEY_TYPES = Set.of(RSA_KEY_TYPE, ELLIPTIC_CURVE_KEY_TYPE, OCTET_KEY_PAIR_TYPE);
    private static final String SIGNATURE_USE = "sig";
    private Map<String, Key> keysWithKeyId = new HashMap();
    private Map<String, Key> keysWithThumbprints = new HashMap();
    private Map<String, Key> keysWithS256Thumbprints = new HashMap();
    private Map<String, List<Key>> keysWithoutKeyIdAndThumbprint = new HashMap();

    public JsonWebKeySet(String str) {
        initKeys(str);
    }

    private void initKeys(String str) {
        try {
            for (PublicJsonWebKey publicJsonWebKey : new org.jose4j.jwk.JsonWebKeySet(str).getJsonWebKeys()) {
                if (isSupportedJwkKey(publicJsonWebKey)) {
                    if (publicJsonWebKey.getKeyId() != null) {
                        this.keysWithKeyId.put(publicJsonWebKey.getKeyId(), publicJsonWebKey.getKey());
                    }
                    String x509CertificateSha1Thumbprint = publicJsonWebKey.getX509CertificateSha1Thumbprint(true);
                    if (x509CertificateSha1Thumbprint != null && publicJsonWebKey.getKey() != null) {
                        this.keysWithThumbprints.put(x509CertificateSha1Thumbprint, publicJsonWebKey.getKey());
                    }
                    String x509CertificateSha256Thumbprint = publicJsonWebKey.getX509CertificateSha256Thumbprint(true);
                    if (x509CertificateSha256Thumbprint != null && publicJsonWebKey.getKey() != null) {
                        this.keysWithS256Thumbprints.put(x509CertificateSha256Thumbprint, publicJsonWebKey.getKey());
                    }
                    if (publicJsonWebKey.getKeyId() == null && x509CertificateSha1Thumbprint == null && x509CertificateSha256Thumbprint == null && publicJsonWebKey.getKeyType() != null) {
                        List<Key> list = this.keysWithoutKeyIdAndThumbprint.get(publicJsonWebKey.getKeyType());
                        if (list == null) {
                            list = new ArrayList();
                            this.keysWithoutKeyIdAndThumbprint.put(publicJsonWebKey.getKeyType(), list);
                        }
                        list.add(publicJsonWebKey.getKey());
                    }
                }
            }
        } catch (JoseException e) {
            throw new OIDCException((Throwable) e);
        }
    }

    private static boolean isSupportedJwkKey(JsonWebKey jsonWebKey) {
        return (jsonWebKey.getKeyType() == null || KEY_TYPES.contains(jsonWebKey.getKeyType())) && (SIGNATURE_USE.equals(jsonWebKey.getUse()) || jsonWebKey.getUse() == null);
    }

    public Key getKeyWithId(String str) {
        return this.keysWithKeyId.get(str);
    }

    public Key getKeyWithThumbprint(String str) {
        return this.keysWithThumbprints.get(str);
    }

    public Key getKeyWithS256Thumbprint(String str) {
        return this.keysWithS256Thumbprints.get(str);
    }

    public Key getKeyWithoutKeyIdAndThumbprint(String str) {
        List<Key> list = this.keysWithoutKeyIdAndThumbprint.get(str);
        if (list == null || list.size() != 1) {
            return null;
        }
        return list.get(0);
    }
}
