package com.yahoo.athenz.auth.oauth.parser;

import com.yahoo.athenz.auth.KeyStore;
import com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver;
import com.yahoo.athenz.auth.util.AthenzUtils;
import com.yahoo.athenz.auth.util.Crypto;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SigningKeyResolver;
import java.security.Key;
import javax.net.ssl.SSLContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/auth/oauth/parser/KeyStoreJwkKeyResolver.class */
public class KeyStoreJwkKeyResolver implements SigningKeyResolver {
    private static final Logger LOG = LoggerFactory.getLogger(KeyStoreJwkKeyResolver.class);
    private static final String SYS_AUTH_DOMAIN = "sys.auth";
    private KeyStore keyStore;
    private SigningKeyResolver jwksResolver;

    public KeyStoreJwkKeyResolver(KeyStore keyStore, String str, SSLContext sSLContext) {
        this.keyStore = null;
        this.jwksResolver = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("KeyStoreJwkKeyResolver:JWK URL: " + str);
        }
        this.keyStore = keyStore;
        this.jwksResolver = new JwtsSigningKeyResolver(str, sSLContext, true);
    }

    public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
        String keyId = jwsHeader.getKeyId();
        if (keyId == null || keyId.isEmpty()) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: invalid key ID " + keyId);
            return null;
        }
        String issuer = claims.getIssuer();
        if (this.keyStore != null && issuer != null && !issuer.isEmpty()) {
            String[] splitPrincipalName = AthenzUtils.splitPrincipalName(issuer);
            if (splitPrincipalName != null) {
                String str = splitPrincipalName[0];
                String str2 = splitPrincipalName[1];
                if ("sys.auth".equals(str)) {
                    String publicKey = this.keyStore.getPublicKey(str, str2, keyId);
                    if (publicKey != null && !publicKey.isEmpty()) {
                        try {
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: will use public key from key store: ({}, {}, {})", new Object[]{str, str2, keyId});
                            }
                            return Crypto.loadPublicKey(publicKey);
                        } catch (Throwable th) {
                            LOG.warn("KeyStoreJwkKeyResolver:resolveSigningKey: invalid public key format", th);
                        }
                    }
                } else {
                    LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: skip using KeyStore, invalid domain " + str);
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: skip using KeyStore, invalid issuer " + issuer);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: will use public key from JWKS: ({})", keyId);
        }
        return this.jwksResolver.resolveSigningKey(jwsHeader, claims);
    }

    public Key resolveSigningKey(JwsHeader jwsHeader, String str) {
        return null;
    }
}
