package org.apereo.cas.oidc.jwks;

import com.github.benmanes.caffeine.cache.CacheLoader;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.services.OidcRegisteredService;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.RsaJsonWebKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;

/* loaded from: input_file:org/apereo/cas/oidc/jwks/OidcServiceJsonWebKeystoreCacheLoader.class */
public class OidcServiceJsonWebKeystoreCacheLoader implements CacheLoader<OidcRegisteredService, Optional<RsaJsonWebKey>> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcServiceJsonWebKeystoreCacheLoader.class);

    @Autowired
    private ResourceLoader resourceLoader;

    public Optional<RsaJsonWebKey> load(OidcRegisteredService oidcRegisteredService) throws Exception {
        Optional<JsonWebKeySet> buildJsonWebKeySet = buildJsonWebKeySet(oidcRegisteredService);
        if (!buildJsonWebKeySet.isPresent() || buildJsonWebKeySet.get().getJsonWebKeys().isEmpty()) {
            return Optional.empty();
        }
        RsaJsonWebKey jsonSigningWebKeyFromJwks = getJsonSigningWebKeyFromJwks(buildJsonWebKeySet.get());
        return jsonSigningWebKeyFromJwks == null ? Optional.empty() : Optional.of(jsonSigningWebKeyFromJwks);
    }

    private static RsaJsonWebKey getJsonSigningWebKeyFromJwks(JsonWebKeySet jsonWebKeySet) {
        if (jsonWebKeySet.getJsonWebKeys().isEmpty()) {
            LOGGER.warn("No JSON web keys are available in the keystore");
            return null;
        }
        RsaJsonWebKey rsaJsonWebKey = (RsaJsonWebKey) jsonWebKeySet.getJsonWebKeys().get(0);
        if (StringUtils.isBlank(rsaJsonWebKey.getAlgorithm())) {
            LOGGER.warn("Located JSON web key [{}] has no algorithm defined", rsaJsonWebKey);
        }
        if (StringUtils.isBlank(rsaJsonWebKey.getKeyId())) {
            LOGGER.warn("Located JSON web key [{}] has no key id defined", rsaJsonWebKey);
        }
        if (rsaJsonWebKey.getPublicKey() != null) {
            return rsaJsonWebKey;
        }
        LOGGER.warn("Located JSON web key [{}] has no public key", rsaJsonWebKey);
        return null;
    }

    private Optional<JsonWebKeySet> buildJsonWebKeySet(OidcRegisteredService oidcRegisteredService) {
        try {
            LOGGER.debug("Loading JSON web key from [{}]", oidcRegisteredService.getJwks());
            JsonWebKeySet buildJsonWebKeySet = buildJsonWebKeySet(this.resourceLoader.getResource(oidcRegisteredService.getJwks()));
            if (buildJsonWebKeySet == null || buildJsonWebKeySet.getJsonWebKeys().isEmpty()) {
                LOGGER.warn("No JSON web keys could be found for [{}]", oidcRegisteredService);
                return Optional.empty();
            }
            if (buildJsonWebKeySet.getJsonWebKeys().stream().filter(jsonWebKey -> {
                return StringUtils.isBlank(jsonWebKey.getAlgorithm()) && StringUtils.isBlank(jsonWebKey.getKeyId()) && StringUtils.isBlank(jsonWebKey.getKeyType());
            }).count() == buildJsonWebKeySet.getJsonWebKeys().size()) {
                LOGGER.warn("No valid JSON web keys could be found for [{}]", oidcRegisteredService);
                return Optional.empty();
            }
            RsaJsonWebKey jsonSigningWebKeyFromJwks = getJsonSigningWebKeyFromJwks(buildJsonWebKeySet);
            if (jsonSigningWebKeyFromJwks.getPublicKey() != null) {
                return Optional.of(buildJsonWebKeySet);
            }
            LOGGER.warn("JSON web key retrieved [{}] has no associated public key", jsonSigningWebKeyFromJwks.getKeyId());
            return Optional.empty();
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            return Optional.empty();
        }
    }

    private static JsonWebKeySet buildJsonWebKeySet(Resource resource) throws Exception {
        LOGGER.debug("Loading JSON web key from [{}]", resource);
        String iOUtils = IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8);
        LOGGER.debug("Retrieved JSON web key from [{}] as [{}]", resource, iOUtils);
        return buildJsonWebKeySet(iOUtils);
    }

    private static JsonWebKeySet buildJsonWebKeySet(String str) throws Exception {
        JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(str);
        RsaJsonWebKey jsonSigningWebKeyFromJwks = getJsonSigningWebKeyFromJwks(jsonWebKeySet);
        if (jsonSigningWebKeyFromJwks != null && jsonSigningWebKeyFromJwks.getPublicKey() != null) {
            return jsonWebKeySet;
        }
        LOGGER.warn("JSON web key retrieved [{}] is not found or has no associated public key", jsonSigningWebKeyFromJwks);
        return null;
    }
}
