package net.trajano.ms.vertx.beans;

import java.util.List;
import javax.annotation.PostConstruct;
import javax.ws.rs.InternalServerErrorException;
import net.trajano.ms.core.NonceOps;
import net.trajano.ms.spi.CacheNames;
import org.jose4j.jwk.HttpsJwks;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwk.RsaJwkGenerator;
import org.jose4j.jwk.Use;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jwt.consumer.JwtConsumer;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.cache.concurrent.ConcurrentMapCacheManager;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/ms-common-impl-1.1.3.jar:net/trajano/ms/vertx/beans/CachedDataProvider.class */
public class CachedDataProvider implements NonceOps {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CachedDataProvider.class);
    public static final int MAX_NUMBER_OF_KEYS = 5;
    public static final int MIN_NUMBER_OF_KEYS = 2;

    @Autowired(required = false)
    private CacheManager cm;
    private Cache jwksCache;
    private Cache nonceCache;

    @Autowired
    private TokenGenerator tokenGenerator;

    public JwtConsumer buildConsumer() {
        return buildConsumer(null, null);
    }

    public JwtConsumer buildConsumer(HttpsJwks httpsJwks, List<String> list) {
        JwtConsumerBuilder requireJwtId = new JwtConsumerBuilder().setRequireJwtId();
        if (httpsJwks != null) {
            requireJwtId.setVerificationKeyResolver(new HttpsJwksVerificationKeyResolver(httpsJwks));
        } else {
            requireJwtId.setSkipSignatureVerification();
        }
        if (list != null) {
            requireJwtId.setExpectedAudience((String[]) list.toArray(new String[list.size()]));
        } else {
            requireJwtId.setSkipDefaultAudienceValidation();
        }
        return requireJwtId.build();
    }

    @Scheduled(fixedDelay = 60000)
    public void buildJwks() {
        int i = 0;
        for (int i2 = 0; i2 < 5; i2++) {
            String valueOf = String.valueOf(i2);
            if (((JsonWebKey) this.jwksCache.get(valueOf, JsonWebKey.class)) == null && i < 2) {
                RsaJsonWebKey buildNewRsaKey = buildNewRsaKey();
                this.jwksCache.putIfAbsent(valueOf, buildNewRsaKey);
                i++;
                LOG.debug("Created new JWK kid={}", buildNewRsaKey.getKeyId());
            }
        }
    }

    private RsaJsonWebKey buildNewRsaKey() {
        try {
            RsaJsonWebKey generateJwk = RsaJwkGenerator.generateJwk(2048);
            generateJwk.setKeyId(this.tokenGenerator.newToken());
            generateJwk.setAlgorithm(AlgorithmIdentifiers.RSA_USING_SHA512);
            generateJwk.setUse(Use.SIGNATURE);
            return generateJwk;
        } catch (JoseException e) {
            throw new InternalServerErrorException(e);
        }
    }

    @Override // net.trajano.ms.core.NonceOps
    public boolean claimNonce(String str) {
        Boolean bool = (Boolean) this.nonceCache.get(str, Boolean.class);
        if (bool == null) {
            return false;
        }
        this.nonceCache.evict(str);
        return bool.booleanValue();
    }

    public RsaJsonWebKey getASigningKey() {
        JsonWebKeySet keySet = getKeySet();
        if (LOG.isDebugEnabled()) {
            LOG.debug(keySet.toJson());
        }
        return (RsaJsonWebKey) keySet.findJsonWebKey(null, "RSA", Use.SIGNATURE, null);
    }

    private Cache getCache(String str) {
        Cache cache = this.cm.getCache("jwks_cache");
        if (cache == null) {
            LOG.warn("A no cache named {} was not provided by the cache manager an in-memory cache will be used", str);
            cache = new ConcurrentMapCacheManager(str).getCache(str);
        }
        return cache;
    }

    public JsonWebKeySet getKeySet() {
        JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(new JsonWebKey[0]);
        for (int i = 0; i < 5; i++) {
            JsonWebKey jsonWebKey = (JsonWebKey) this.jwksCache.get(String.valueOf(i), JsonWebKey.class);
            if (jsonWebKey != null) {
                jsonWebKeySet.addJsonWebKey(jsonWebKey);
            }
        }
        return jsonWebKeySet;
    }

    @PostConstruct
    public void init() {
        if (this.cm == null) {
            LOG.warn("A org.springframework.cache.CacheManager was not provided an in-memory cache will be used");
            this.cm = new ConcurrentMapCacheManager("jwks_cache", CacheNames.NONCE);
        }
        this.jwksCache = getCache("jwks_cache");
        this.nonceCache = getCache(CacheNames.NONCE);
        LOG.debug("jwksCache={} nonceCache={}", this.jwksCache, this.nonceCache);
        buildJwks();
    }

    @Override // net.trajano.ms.core.NonceOps
    public String newNonce() {
        String newToken = this.tokenGenerator.newToken();
        this.nonceCache.putIfAbsent(newToken, true);
        return newToken;
    }
}
