package be.atbash.ee.security.octopus.keys;

import be.atbash.ee.security.octopus.keys.retriever.JWKSetRetriever;
import be.atbash.ee.security.octopus.keys.selector.SelectorCriteria;
import be.atbash.ee.security.octopus.keys.selector.filter.KeyFilter;
import be.atbash.ee.security.octopus.nimbus.jwk.JWKSet;
import be.atbash.util.CDICheck;
import be.atbash.util.CDIUtils;
import be.atbash.util.exception.AtbashIllegalActionException;
import jakarta.enterprise.inject.Vetoed;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.net.URI;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.ServiceLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Vetoed
/* loaded from: input_file:be/atbash/ee/security/octopus/keys/RemoteKeyManager.class */
public class RemoteKeyManager extends AbstractKeyManager implements KeyManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(RemoteKeyManager.class);
    private final Map<URI, JWKSetCache> remoteJWKSetCache = new HashMap();
    private final JWKSetRetriever jwkSetRetriever = new JWKSetRetriever();
    private final ValidateRemoteJWKSetURI validator = retrieveJWKSetURIValidator();

    @Override // be.atbash.ee.security.octopus.keys.KeyManager
    public List<AtbashKey> retrieveKeys(SelectorCriteria selectorCriteria) {
        if (selectorCriteria == null) {
            throw new AtbashIllegalActionException("Parameter selectorCriteria can't be null");
        }
        List<AtbashKey> arrayList = new ArrayList();
        if (selectorCriteria.getJku() != null && this.validator.validate(selectorCriteria.getJku())) {
            List<KeyFilter> asKeyFilters = selectorCriteria.asKeyFilters();
            JWKSet jWKSet = getJWKSet(selectorCriteria.getJku());
            if (jWKSet != null) {
                arrayList = filterKeys(jWKSet.getAtbashKeys(), asKeyFilters);
                if (arrayList.isEmpty()) {
                    dropCache(selectorCriteria.getJku());
                    JWKSet jWKSet2 = getJWKSet(selectorCriteria.getJku());
                    if (jWKSet2 != null) {
                        arrayList = filterKeys(jWKSet2.getAtbashKeys(), asKeyFilters);
                    }
                }
            }
        }
        return arrayList;
    }

    private void dropCache(URI uri) {
        this.remoteJWKSetCache.remove(uri);
    }

    private JWKSet getJWKSet(URI uri) {
        JWKSetCache computeIfAbsent = this.remoteJWKSetCache.computeIfAbsent(uri, uri2 -> {
            return new JWKSetCache();
        });
        if (computeIfAbsent.get() == null) {
            try {
                computeIfAbsent.put(this.jwkSetRetriever.retrieveResource(uri.toURL()));
            } catch (IOException e) {
                LOGGER.warn(String.format("Retrieval of JWK from '%s' failed", uri.toASCIIString()));
            }
        }
        return computeIfAbsent.get();
    }

    public String toString() {
        return "class " + RemoteKeyManager.class.getName();
    }

    private static ValidateRemoteJWKSetURI retrieveJWKSetURIValidator() {
        ArrayList arrayList = new ArrayList();
        ServiceLoader load = ServiceLoader.load(RemoteJWKSetURIValidator.class);
        Objects.requireNonNull(arrayList);
        load.forEach((v1) -> {
            r1.add(v1);
        });
        if (CDICheck.withinContainer()) {
            arrayList.addAll(CDIUtils.retrieveInstances(RemoteJWKSetURIValidator.class, new Annotation[0]));
        }
        return new ValidateRemoteJWKSetURI(arrayList);
    }
}
