package net.trajano.ms.common.beans;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.LinkedList;
import java.util.List;
import java.util.Random;
import javax.annotation.PostConstruct;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.cache.Cache;
import org.springframework.cache.concurrent.ConcurrentMapCacheManager;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/ms-common-0.0.5.jar:net/trajano/ms/common/beans/JwksProvider.class */
public class JwksProvider {
    private static final Logger LOG = LoggerFactory.getLogger(JwksProvider.class);
    public static final int MAX_NUMBER_OF_KEYS = 5;
    public static final int MIN_NUMBER_OF_KEYS = 2;
    private Cache jwksCache;
    private KeyPairGenerator keyPairGenerator;
    private Random random;
    private TokenGenerator tokenGenerator;

    @Scheduled(fixedDelay = 60000)
    public void buildJwks() {
        int i = 0;
        for (int i2 = 0; i2 < 5; i2++) {
            String valueOf = String.valueOf(i2);
            String str = (String) this.jwksCache.get(valueOf, String.class);
            JWK jwk = null;
            if (str != null) {
                try {
                    jwk = JWK.parse(str);
                } catch (ParseException e) {
                    LOG.error("unable to parse key={} json={} recreating entry", valueOf, str);
                }
            }
            if (jwk == null && i < 2) {
                JWK buildNewRsaKey = buildNewRsaKey();
                this.jwksCache.putIfAbsent(valueOf, buildNewRsaKey.toJSONString());
                i++;
                LOG.debug("Created new JWK kid={}", buildNewRsaKey.getKeyID());
            }
        }
    }

    private JWK buildNewRsaKey() {
        KeyPair generateKeyPair = this.keyPairGenerator.generateKeyPair();
        return new RSAKey.Builder((RSAPublicKey) generateKeyPair.getPublic()).privateKey((RSAPrivateKey) generateKeyPair.getPrivate()).keyID(this.tokenGenerator.newToken()).build();
    }

    public RSAKey getASigningKey() {
        List<JWK> keys = getKeySet().getKeys();
        return (RSAKey) keys.get(this.random.nextInt(keys.size()));
    }

    public RSAKey getDecryptionKey(String str) {
        return (RSAKey) getKeySet().getKeyByKeyId(str);
    }

    public JWKSet getKeySet() {
        LinkedList linkedList = new LinkedList();
        for (int i = 0; i < 5; i++) {
            String valueOf = String.valueOf(i);
            String str = (String) this.jwksCache.get(valueOf, String.class);
            if (str != null) {
                try {
                    linkedList.add(JWK.parse(str));
                } catch (ParseException e) {
                    LOG.error("unable to parse key={} json={} removing entry", valueOf, str);
                    this.jwksCache.evict(valueOf);
                }
            }
        }
        return new JWKSet(linkedList);
    }

    @PostConstruct
    public void init() {
        if (this.jwksCache == null) {
            LOG.warn("A org.springframework.cache.Cache named {} was not provided an in-memory cache will be used", CommonMs.JWKS_CACHE);
            this.jwksCache = new ConcurrentMapCacheManager(CommonMs.JWKS_CACHE).getCache(CommonMs.JWKS_CACHE);
        }
        LOG.debug("cache=" + this.jwksCache);
        buildJwks();
    }

    @Autowired(required = false)
    @Qualifier(CommonMs.JWKS_CACHE)
    public void setJwksCache(Cache cache) {
        this.jwksCache = cache;
    }

    @Autowired
    public void setKeyPairGenerator(KeyPairGenerator keyPairGenerator) {
        this.keyPairGenerator = keyPairGenerator;
    }

    @Autowired
    public void setRandom(Random random) {
        this.random = random;
    }

    @Autowired
    public void setTokenGenerator(TokenGenerator tokenGenerator) {
        this.tokenGenerator = tokenGenerator;
    }

    public JWSObject sign(JWTClaimsSet jWTClaimsSet) throws JOSEException {
        RSAKey aSigningKey = getASigningKey();
        JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS512).keyID(aSigningKey.getKeyID()).build(), new Payload(jWTClaimsSet.toString()));
        jWSObject.sign(new RSASSASigner(aSigningKey));
        return jWSObject;
    }
}
