package uk.co.spudsoft.jwtvalidatorvertx.impl;

import com.google.common.base.Strings;
import io.vertx.core.Future;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.web.client.HttpResponse;
import io.vertx.ext.web.client.WebClient;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import uk.co.spudsoft.jwtvalidatorvertx.DiscoveryData;
import uk.co.spudsoft.jwtvalidatorvertx.IssuerAcceptabilityHandler;
import uk.co.spudsoft.jwtvalidatorvertx.JWK;
import uk.co.spudsoft.jwtvalidatorvertx.JsonWebKeySetOpenIdDiscoveryHandler;

/* loaded from: input_file:uk/co/spudsoft/jwtvalidatorvertx/impl/JWKSOpenIdDiscoveryHandlerImpl.class */
public class JWKSOpenIdDiscoveryHandlerImpl implements JsonWebKeySetOpenIdDiscoveryHandler {
    private static final Logger logger = LoggerFactory.getLogger(JWKSOpenIdDiscoveryHandlerImpl.class);
    private final long defaultJwkCacheDurationS;
    private final AsyncLoadingCache<String, DiscoveryData> discoveryDataCache;
    private final Map<String, AsyncLoadingCache<String, JWK<?>>> kidCache;
    private final IssuerAcceptabilityHandler issuerAcceptabilityHandler;
    private final WebClient webClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:uk/co/spudsoft/jwtvalidatorvertx/impl/JWKSOpenIdDiscoveryHandlerImpl$TimedJsonObject.class */
    public static class TimedJsonObject {
        public final long expiresMs;
        public final JsonObject json;

        TimedJsonObject(long j, JsonObject jsonObject) {
            this.expiresMs = j;
            this.json = jsonObject;
        }
    }

    public JWKSOpenIdDiscoveryHandlerImpl(WebClient webClient, IssuerAcceptabilityHandler issuerAcceptabilityHandler, long j) {
        this.webClient = webClient;
        this.defaultJwkCacheDurationS = j;
        this.issuerAcceptabilityHandler = issuerAcceptabilityHandler;
        issuerAcceptabilityHandler.validate();
        this.discoveryDataCache = new AsyncLoadingCache<>(discoveryData -> {
            return Long.valueOf(discoveryData.getExpiry());
        });
        this.kidCache = new HashMap();
    }

    @Override // uk.co.spudsoft.jwtvalidatorvertx.JsonWebKeySetHandler
    public void validateIssuer(String str) throws IllegalArgumentException {
        if (this.discoveryDataCache.containsKey(str) || this.issuerAcceptabilityHandler.isAcceptable(str)) {
            return;
        }
        logger.warn("Issuer ({}) not considered acceptable by {}", str, this.issuerAcceptabilityHandler);
        throw new IllegalArgumentException("Parse of signed JWT failed");
    }

    @Override // uk.co.spudsoft.jwtvalidatorvertx.OpenIdDiscoveryHandler
    public Future<DiscoveryData> performOpenIdDiscovery(String str) {
        try {
            validateIssuer(str);
            String str2 = str + (str.endsWith("/") ? "" : "/") + ".well-known/openid-configuration";
            return this.discoveryDataCache.get(str, () -> {
                return get(str2).map(timedJsonObject -> {
                    return new DiscoveryData(timedJsonObject.expiresMs, timedJsonObject.json);
                });
            });
        } catch (Throwable th) {
            return Future.failedFuture(th);
        }
    }

    @Override // uk.co.spudsoft.jwtvalidatorvertx.JsonWebKeySetOpenIdDiscoveryHandler
    public Future<JWK<?>> findJwk(DiscoveryData discoveryData, String str) {
        AsyncLoadingCache<String, JWK<?>> asyncLoadingCache;
        String jwksUri = discoveryData.getJwksUri();
        if (Strings.isNullOrEmpty(jwksUri)) {
            return Future.failedFuture("Discovery data does not contain jwks_uri");
        }
        synchronized (this.kidCache) {
            AsyncLoadingCache<String, JWK<?>> asyncLoadingCache2 = this.kidCache.get(jwksUri);
            if (asyncLoadingCache2 == null) {
                asyncLoadingCache2 = new AsyncLoadingCache<>(jwk -> {
                    if (jwk == null) {
                        return null;
                    }
                    return Long.valueOf(jwk.getExpiryMs());
                });
                this.kidCache.put(jwksUri, asyncLoadingCache2);
            }
            asyncLoadingCache = asyncLoadingCache2;
        }
        return asyncLoadingCache.get(str, () -> {
            return get(discoveryData.getJwksUri()).compose(timedJsonObject -> {
                return processJwkSet(asyncLoadingCache, timedJsonObject, str);
            });
        });
    }

    @Override // uk.co.spudsoft.jwtvalidatorvertx.JsonWebKeySetHandler
    public Future<JWK<?>> findJwk(String str, String str2) {
        return performOpenIdDiscovery(str).compose(discoveryData -> {
            return findJwk(discoveryData, str2);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Future<JWK<?>> processJwkSet(AsyncLoadingCache<String, JWK<?>> asyncLoadingCache, TimedJsonObject timedJsonObject, String str) {
        long j = timedJsonObject.expiresMs;
        JWK<?> jwk = null;
        JsonObject jsonObject = null;
        try {
            Object value = timedJsonObject.json.getValue("keys");
            if (!(value instanceof JsonArray)) {
                logger.error("Failed to get key {} from JWKS from {}", str, timedJsonObject.json);
                return Future.failedFuture(new IllegalArgumentException("Parse of signed JWT failed", new IllegalArgumentException("Failed to get public key for " + str)));
            }
            Iterator it = ((JsonArray) value).iterator();
            while (it.hasNext()) {
                Object next = it.next();
                try {
                    if (next instanceof JsonObject) {
                        JsonObject jsonObject2 = (JsonObject) next;
                        String string = jsonObject2.getString("kid");
                        if (str.equals(string)) {
                            jwk = JWK.create(j, jsonObject2);
                            jsonObject = jsonObject2;
                        } else {
                            asyncLoadingCache.put(string, JWK.create(j, jsonObject2));
                        }
                    }
                } catch (Throwable th) {
                    logger.warn("Failed to parse {} as a JWK: ", next, th);
                }
            }
            if (jwk == null) {
                logger.error("Failed to find key {} from JWKS from {}", str, timedJsonObject.json);
                return Future.failedFuture(new IllegalArgumentException("Parse of signed JWT failed", new IllegalArgumentException("Failed to find key " + str)));
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Got new {} public key with id {}: {}", new Object[]{jwk.getKey().getAlgorithm(), str, jsonObject});
            } else {
                logger.info("Got new public key with id {}", str);
            }
            return Future.succeededFuture(jwk);
        } catch (Throwable th2) {
            logger.error("Failed to get public key for {} from {}", str, timedJsonObject.json);
            return Future.failedFuture(new IllegalArgumentException("Parse of signed JWT failed", new IllegalArgumentException("Failed to get public key for " + str)));
        }
    }

    private static boolean succeeded(int i) {
        return i >= 200 && i < 300;
    }

    private long calculateExpiry(long j, HttpResponse<?> httpResponse) {
        long j2 = Long.MAX_VALUE;
        Iterator it = httpResponse.headers().getAll(HttpHeaders.CACHE_CONTROL).iterator();
        while (it.hasNext()) {
            for (String str : ((String) it.next()).split(",")) {
                String[] split = str.split("=", 2);
                split[0] = split[0].trim();
                if ("max-age".equals(split[0])) {
                    try {
                        long parseLong = Long.parseLong(split[1].replaceAll("\"", "").trim().toLowerCase());
                        if (parseLong > 0 && parseLong < j2) {
                            j2 = parseLong;
                        }
                    } catch (NumberFormatException e) {
                        logger.warn("Invalid max-age cache-control directive ({}): ", split[1], e);
                    }
                }
            }
        }
        if (j2 == Long.MAX_VALUE) {
            j2 = this.defaultJwkCacheDurationS;
        }
        return j + (j2 * 1000);
    }

    private Future<TimedJsonObject> get(String str) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            return this.webClient.getAbs(str).send().map(httpResponse -> {
                if (succeeded(httpResponse.statusCode())) {
                    return new TimedJsonObject(calculateExpiry(currentTimeMillis, httpResponse), new JsonObject(httpResponse.bodyAsString()));
                }
                logger.debug("Request to {} returned {}: {}", new Object[]{str, Integer.valueOf(httpResponse.statusCode()), httpResponse.bodyAsString()});
                throw new IllegalStateException("Request to " + str + " returned " + httpResponse.statusCode());
            });
        } catch (Exception e) {
            logger.error("The JWKS URI ({}) is not a valid URL: ", str, e);
            return Future.failedFuture(new IllegalArgumentException("Parse of signed JWT failed", e));
        }
    }
}
