package org.apache.nifi.web.security.jwt.key.service;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.components.state.StateMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/key/service/StandardVerificationKeyService.class */
public class StandardVerificationKeyService implements VerificationKeyService {
    private static final Logger LOGGER = LoggerFactory.getLogger(StandardVerificationKeyService.class);
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper().registerModule(new JavaTimeModule());
    private static final Scope SCOPE = Scope.LOCAL;
    private final StateManager stateManager;

    public StandardVerificationKeyService(StateManager stateManager) {
        this.stateManager = stateManager;
    }

    @Override // org.apache.nifi.web.security.jwt.key.service.VerificationKeyService
    public Optional<Key> findById(String str) {
        return findSerializedKey(str).map(this::getVerificationKey).map(this::getKey);
    }

    @Override // org.apache.nifi.web.security.jwt.key.service.VerificationKeyService
    public synchronized void deleteExpired() {
        Map map = getStateMap().toMap();
        Instant now = Instant.now();
        Map map2 = (Map) map.values().stream().map(this::getVerificationKey).filter(verificationKey -> {
            return verificationKey.getExpiration().isAfter(now);
        }).collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, this::serializeVerificationKey));
        if (map2.equals(map)) {
            LOGGER.debug("Expired Verification Keys not found");
            return;
        }
        try {
            this.stateManager.setState(map2, SCOPE);
            LOGGER.debug("Delete Expired Verification Keys Completed: Keys Before [{}] Keys After [{}]", Integer.valueOf(map.size()), Integer.valueOf(map2.size()));
        } catch (IOException e) {
            throw new UncheckedIOException("Delete Expired Verification Keys Failed", e);
        }
    }

    @Override // org.apache.nifi.web.security.jwt.key.service.VerificationKeyService
    public void save(String str, Key key, Instant instant) {
        VerificationKey verificationKey = new VerificationKey();
        verificationKey.setId(str);
        verificationKey.setEncoded(key.getEncoded());
        verificationKey.setAlgorithm(key.getAlgorithm());
        verificationKey.setExpiration(instant);
        setVerificationKey(verificationKey);
    }

    @Override // org.apache.nifi.web.security.jwt.key.service.VerificationKeyService
    public void setExpiration(String str, Instant instant) {
        Optional<String> findSerializedKey = findSerializedKey(str);
        if (findSerializedKey.isPresent()) {
            VerificationKey verificationKey = getVerificationKey(findSerializedKey.get());
            verificationKey.setExpiration(instant);
            setVerificationKey(verificationKey);
        }
    }

    private synchronized void setVerificationKey(VerificationKey verificationKey) {
        try {
            String serializeVerificationKey = serializeVerificationKey(verificationKey);
            HashMap hashMap = new HashMap(getStateMap().toMap());
            hashMap.put(verificationKey.getId(), serializeVerificationKey);
            this.stateManager.setState(hashMap, SCOPE);
            LOGGER.debug("Stored Verification Key [{}] Expiration [{}]", verificationKey.getId(), verificationKey.getExpiration());
        } catch (IOException e) {
            throw new UncheckedIOException("Set Verification Key State Failed", e);
        }
    }

    private Optional<String> findSerializedKey(String str) {
        return Optional.ofNullable(getStateMap().get(str));
    }

    private String serializeVerificationKey(VerificationKey verificationKey) {
        try {
            return OBJECT_MAPPER.writeValueAsString(verificationKey);
        } catch (JsonProcessingException e) {
            throw new UncheckedIOException("Serialize Verification Key Failed", e);
        }
    }

    private VerificationKey getVerificationKey(String str) {
        try {
            return (VerificationKey) OBJECT_MAPPER.readValue(str, VerificationKey.class);
        } catch (JsonProcessingException e) {
            throw new UncheckedIOException("Read Verification Key Failed", e);
        }
    }

    private Key getKey(VerificationKey verificationKey) {
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(verificationKey.getEncoded());
        String algorithm = verificationKey.getAlgorithm();
        try {
            return KeyFactory.getInstance(algorithm).generatePublic(x509EncodedKeySpec);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException(String.format("Parsing Encoded Key [%s] Algorithm [%s] Failed", verificationKey.getId(), algorithm), e);
        }
    }

    private StateMap getStateMap() {
        try {
            return this.stateManager.getState(SCOPE);
        } catch (IOException e) {
            throw new UncheckedIOException("Get State Failed", e);
        }
    }
}
