package be.looorent.keycloak;

import be.looorent.micronaut.security.PublicKeyService;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.micronaut.context.annotation.Context;
import io.micronaut.context.annotation.Value;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.PublicKey;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Context
/* loaded from: input_file:be/looorent/keycloak/KeycloakPublicKeyService.class */
public class KeycloakPublicKeyService implements PublicKeyService {
    private static final Logger LOG = LoggerFactory.getLogger(KeycloakPublicKeyService.class);
    private final URL publicCertificateUrl;
    private final boolean eagerLoadPublicKeys;
    private Map<String, PublicKey> keyPerKeycloakId;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeycloakPublicKeyService(@Value("${keycloak.base-url}") String str, @Value("${keycloak.realm-id}") String str2, @Value("${keycloak.eager-load-public-keys}") Boolean bool) throws MalformedURLException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("Property keycloak.base-url (string) must be defined");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new IllegalArgumentException("Property keycloak.realm-id (string) must be defined");
        }
        if (bool == null) {
            throw new IllegalArgumentException("Property keycloak.eager-load-public-keys (boolean) must be defined");
        }
        this.publicCertificateUrl = createPublicCertificateUrl(str, str2);
        this.eagerLoadPublicKeys = bool.booleanValue();
    }

    @Override // be.looorent.micronaut.security.PublicKeyService
    public Optional<PublicKey> findPublicKey(String str) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("kid must not be null or empty");
        }
        if (!publicKeyHasBeenLoaded()) {
            loadPublicKeys();
        }
        return Optional.ofNullable(this.keyPerKeycloakId.get(str));
    }

    @PostConstruct
    public void initialize() {
        if (this.eagerLoadPublicKeys) {
            LOG.info("Public keys are eager loaded from Keycloak");
            loadPublicKeys();
        }
    }

    boolean publicKeyHasBeenLoaded() {
        return this.keyPerKeycloakId != null;
    }

    private synchronized void loadPublicKeys() {
        LOG.info("Retrieving public keys from keycloak at {}", this.publicCertificateUrl);
        long currentTimeMillis = System.currentTimeMillis();
        this.keyPerKeycloakId = retrievePublicKeysFromKeycloak();
        LOG.info("Public keys retrieved in {} ms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
    }

    private URL createPublicCertificateUrl(String str, String str2) throws MalformedURLException {
        return new URL((str + "/auth/realms/" + str2) + "/protocol/openid-connect/certs");
    }

    private Map<String, PublicKey> retrievePublicKeysFromKeycloak() {
        return (Map) retrieveAndParsePublicKeysFromKeycloak().getKeys().stream().collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, (v0) -> {
            return v0.toPublicKey();
        }));
    }

    private JsonWebKeySet retrieveAndParsePublicKeysFromKeycloak() {
        try {
            return (JsonWebKeySet) new ObjectMapper().readValue(this.publicCertificateUrl.openStream(), JsonWebKeySet.class);
        } catch (IOException e) {
            LOG.error("An error occurred when retrieving and unmarshalling public keys from {}", this.publicCertificateUrl, e);
            throw new IllegalStateException("Impossible to contact Keycloak with the properties you have provided for 'keycloak.base-url' and/or 'keycloak.realm-id'", e);
        }
    }
}
