package org.springframework.security.oauth2.provider.token.store.jwk;

import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.springframework.security.jwt.codec.Codecs;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
import org.springframework.security.oauth2.provider.token.store.jwk.JwkDefinition;

/* loaded from: input_file:org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.class */
class JwkDefinitionSource {
    private final URL jwkSetUrl;
    private final Map<String, JwkDefinitionHolder> jwkDefinitions = new ConcurrentHashMap();
    private static final JwkSetConverter jwkSetConverter = new JwkSetConverter();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource$JwkDefinitionHolder.class */
    public static class JwkDefinitionHolder {
        private final JwkDefinition jwkDefinition;
        private final SignatureVerifier signatureVerifier;

        private JwkDefinitionHolder(JwkDefinition jwkDefinition, SignatureVerifier signatureVerifier) {
            this.jwkDefinition = jwkDefinition;
            this.signatureVerifier = signatureVerifier;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public JwkDefinition getJwkDefinition() {
            return this.jwkDefinition;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public SignatureVerifier getSignatureVerifier() {
            return this.signatureVerifier;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwkDefinitionSource(String str) {
        try {
            this.jwkSetUrl = new URL(str);
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException("Invalid JWK Set URL: " + e.getMessage(), e);
        }
    }

    JwkDefinition getDefinition(String str) {
        JwkDefinition jwkDefinition = null;
        JwkDefinitionHolder jwkDefinitionHolder = this.jwkDefinitions.get(str);
        if (jwkDefinitionHolder != null) {
            jwkDefinition = jwkDefinitionHolder.getJwkDefinition();
        }
        return jwkDefinition;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwkDefinition getDefinitionLoadIfNecessary(String str) {
        JwkDefinition definition = getDefinition(str);
        if (definition != null) {
            return definition;
        }
        this.jwkDefinitions.clear();
        this.jwkDefinitions.putAll(loadJwkDefinitions(this.jwkSetUrl));
        return getDefinition(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignatureVerifier getVerifier(String str) {
        SignatureVerifier signatureVerifier = null;
        if (getDefinitionLoadIfNecessary(str) != null) {
            signatureVerifier = this.jwkDefinitions.get(str).getSignatureVerifier();
        }
        return signatureVerifier;
    }

    static Map<String, JwkDefinitionHolder> loadJwkDefinitions(URL url) {
        try {
            Set<JwkDefinition> convert = jwkSetConverter.convert(url.openStream());
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            for (JwkDefinition jwkDefinition : convert) {
                if (JwkDefinition.KeyType.RSA.equals(jwkDefinition.getKeyType())) {
                    linkedHashMap.put(jwkDefinition.getKeyId(), new JwkDefinitionHolder(jwkDefinition, createRsaVerifier((RsaJwkDefinition) jwkDefinition)));
                }
            }
            return linkedHashMap;
        } catch (IOException e) {
            throw new JwkException("An I/O error occurred while reading from the JWK Set source: " + e.getMessage(), e);
        }
    }

    private static RsaVerifier createRsaVerifier(RsaJwkDefinition rsaJwkDefinition) {
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Codecs.b64UrlDecode(rsaJwkDefinition.getModulus())), new BigInteger(1, Codecs.b64UrlDecode(rsaJwkDefinition.getExponent()))));
            return rsaJwkDefinition.getAlgorithm() != null ? new RsaVerifier(rSAPublicKey, rsaJwkDefinition.getAlgorithm().standardName()) : new RsaVerifier(rSAPublicKey);
        } catch (Exception e) {
            throw new JwkException("An error occurred while creating a RSA Public Key Verifier for " + rsaJwkDefinition.getKeyId() + " : " + e.getMessage(), e);
        }
    }
}
