package com.kumuluz.ee.jwt.auth.cdi;

import com.auth0.jwt.interfaces.RSAKeyProvider;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.kumuluz.ee.configuration.utils.ConfigurationUtil;
import com.kumuluz.ee.jwt.auth.helper.JwksRSAKeyProvider;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;

@ApplicationScoped
/* loaded from: input_file:com/kumuluz/ee/jwt/auth/cdi/JWTContextInfo.class */
public class JWTContextInfo {
    private static final Logger LOG = Logger.getLogger(JWTContextInfo.class.getName());
    private RSAPublicKey publicKeyDecoded;
    private String jwksUri;
    private JwksRSAKeyProvider jwkProvider;
    private String issuer;
    private int maximumLeeway;

    @PostConstruct
    public void init() {
        String str;
        URL resource;
        ConfigurationUtil configurationUtil = ConfigurationUtil.getInstance();
        String str2 = (String) configurationUtil.get("mp.jwt.verify.publickey").orElse(configurationUtil.get("kumuluzee.jwt-auth.public-key").orElse(null));
        if (str2 == null && (str = (String) configurationUtil.get("mp.jwt.verify.publickey.location").orElse(null)) != null) {
            try {
                resource = new URL(str);
            } catch (MalformedURLException e) {
                resource = getClass().getClassLoader().getResource(str.substring(1));
            }
            if (resource != null) {
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resource.openStream()));
                    Throwable th = null;
                    try {
                        str2 = (String) bufferedReader.lines().collect(Collectors.joining("\n"));
                        if (bufferedReader != null) {
                            if (0 != 0) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                    } finally {
                    }
                } catch (IOException e2) {
                    LOG.log(Level.SEVERE, "Could not resolve public key from " + resource.toExternalForm(), (Throwable) e2);
                }
            }
        }
        this.publicKeyDecoded = decodeJWK(str2);
        if (str2 != null && this.publicKeyDecoded == null) {
            str2 = str2.replaceAll("-+BEGIN PUBLIC KEY-+", "").replaceAll("-+END PUBLIC KEY-+", "").replaceAll("[^A-Za-z0-9+/=]", "");
            this.publicKeyDecoded = decodeJWK(new String(Base64.getDecoder().decode(str2)));
        }
        if (str2 != null && this.publicKeyDecoded == null) {
            try {
                this.publicKeyDecoded = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str2)));
            } catch (Exception e3) {
            }
        }
        this.jwksUri = (String) configurationUtil.get("kumuluzee.jwt-auth.jwks-uri").orElse(null);
        this.issuer = (String) configurationUtil.get("mp.jwt.verify.issuer").orElse(configurationUtil.get("kumuluzee.jwt-auth.issuer").orElse(null));
        this.maximumLeeway = Integer.parseInt((String) configurationUtil.get("kumuluzee.jwt-auth.maximum-leeway").orElse("5"));
        initJwks();
    }

    public void initJwks() {
        if (this.jwksUri != null) {
            try {
                this.jwkProvider = new JwksRSAKeyProvider(new URL(this.jwksUri));
            } catch (MalformedURLException e) {
                throw new IllegalArgumentException("The provided kumuluzee.jwt-auth.jwks-uri is not a valid URL.", e);
            }
        }
    }

    public RSAPublicKey getDecodedPublicKey() {
        return this.publicKeyDecoded;
    }

    public String getJwksUri() {
        return this.jwksUri;
    }

    public void setJwksUri(String str) {
        this.jwksUri = str;
    }

    public RSAKeyProvider getJwkProvider() {
        return this.jwkProvider;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public int getMaximumLeeway() {
        return this.maximumLeeway;
    }

    public void setMaximumLeeway(int i) {
        this.maximumLeeway = i;
    }

    private RSAPublicKey decodeJWK(String str) {
        try {
            Map map = (Map) new ObjectMapper().readValue(str, new TypeReference<Map<String, Object>>() { // from class: com.kumuluz.ee.jwt.auth.cdi.JWTContextInfo.1
            });
            if (map.containsKey("keys") && (map.get("keys") instanceof List) && (((List) map.get("keys")).get(0) instanceof Map)) {
                map = (Map) ((List) map.get("keys")).get(0);
            }
            if (!map.containsKey("n") || !map.containsKey("e") || !(map.get("n") instanceof String) || !(map.get("e") instanceof String)) {
                return null;
            }
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.getUrlDecoder().decode((String) map.get("n"))), new BigInteger(1, Base64.getUrlDecoder().decode((String) map.get("e")))));
        } catch (Exception e) {
            return null;
        }
    }
}
