package org.wso2.carbon.identity.oauth2.validators.jwt;

import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.cache.JWKSCache;
import org.wso2.carbon.identity.oauth2.cache.JWKSCacheEntry;
import org.wso2.carbon.identity.oauth2.cache.JWKSCacheKey;
import org.wso2.carbon.identity.oauth2.device.constants.Constants;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/validators/jwt/JWKSourceDataProvider.class */
public class JWKSourceDataProvider {
    private static final int DEFAULT_HTTP_CONNECTION_TIMEOUT = 1000;
    private static final int DEFAULT_HTTP_READ_TIMEOUT = 1000;
    private static final String HTTP_CONNECTION_TIMEOUT_XPATH = "JWTValidatorConfigs.JWKSEndpoint.HTTPConnectionTimeout";
    private static final String HTTP_READ_TIMEOUT_XPATH = "JWTValidatorConfigs.JWKSEndpoint.HTTPReadTimeout";
    private static final String HTTP_SIZE_LIMIT_XPATH = "JWTValidatorConfigs.JWKSEndpoint.HTTPSizeLimit";
    private static final Log log = LogFactory.getLog(JWKSourceDataProvider.class);
    private static JWKSourceDataProvider jwkSourceDataProvider = new JWKSourceDataProvider();

    private JWKSourceDataProvider() {
    }

    public static JWKSourceDataProvider getInstance() {
        return jwkSourceDataProvider;
    }

    public RemoteJWKSet<SecurityContext> getJWKSource(String str) throws MalformedURLException {
        Serializable jWKSCacheKey = new JWKSCacheKey(str);
        JWKSCacheEntry jWKSCacheEntry = (JWKSCacheEntry) JWKSCache.getInstance().getValueFromCache(jWKSCacheKey);
        RemoteJWKSet<SecurityContext> remoteJWKSet = null;
        if (jWKSCacheEntry != null) {
            remoteJWKSet = jWKSCacheEntry.getValue();
            if (log.isDebugEnabled()) {
                log.debug("Retrieving JWKS for " + str + " from cache.");
            }
        }
        if (remoteJWKSet == null) {
            remoteJWKSet = retrieveJWKSFromJWKSEndpoint(str);
            JWKSCache.getInstance().addToCache(jWKSCacheKey, new JWKSCacheEntry(remoteJWKSet));
            if (log.isDebugEnabled()) {
                log.debug("Fetching JWKS from remote endpoint.");
            }
        }
        return remoteJWKSet;
    }

    public void refreshJWKSResource(String str) throws IdentityOAuth2Exception {
        try {
            Serializable jWKSCacheKey = new JWKSCacheKey(str);
            JWKSCache.getInstance().clearCacheEntry(jWKSCacheKey);
            JWKSCache.getInstance().addToCache(jWKSCacheKey, new JWKSCacheEntry(retrieveJWKSFromJWKSEndpoint(str)));
        } catch (MalformedURLException e) {
            throw new IdentityOAuth2Exception("Provided URI is malformed. jwks_uri: " + str, e);
        }
    }

    private RemoteJWKSet<SecurityContext> retrieveJWKSFromJWKSEndpoint(String str) throws MalformedURLException {
        int readHTTPConnectionConfigValue = readHTTPConnectionConfigValue(HTTP_CONNECTION_TIMEOUT_XPATH);
        int readHTTPConnectionConfigValue2 = readHTTPConnectionConfigValue(HTTP_READ_TIMEOUT_XPATH);
        int readHTTPConnectionConfigValue3 = readHTTPConnectionConfigValue(HTTP_SIZE_LIMIT_XPATH);
        String property = IdentityUtil.getProperty(Constants.PROXY_ENABLE);
        if (readHTTPConnectionConfigValue <= 0) {
            readHTTPConnectionConfigValue = 1000;
        }
        if (readHTTPConnectionConfigValue2 <= 0) {
            readHTTPConnectionConfigValue2 = 1000;
        }
        if (readHTTPConnectionConfigValue3 <= 0) {
            readHTTPConnectionConfigValue3 = 51200;
        }
        if (Boolean.parseBoolean(property)) {
            return new RemoteJWKSet<>(new URL(str), new ExtendedDefaultResourceRetriever(readHTTPConnectionConfigValue, readHTTPConnectionConfigValue2, readHTTPConnectionConfigValue3));
        }
        return new RemoteJWKSet<>(new URL(str), new DefaultResourceRetriever(readHTTPConnectionConfigValue, readHTTPConnectionConfigValue2, readHTTPConnectionConfigValue3));
    }

    private int readHTTPConnectionConfigValue(String str) {
        int i = 0;
        String property = IdentityUtil.getProperty(str);
        if (StringUtils.isNotBlank(property)) {
            try {
                i = Integer.parseInt(property);
            } catch (NumberFormatException e) {
                log.error("Provided HTTP connection config value in " + str + " should be an integer type. Value : " + property);
            }
        }
        return i;
    }
}
