package no.nav.brukerdialog.security.jwks;

import java.security.Key;
import java.util.Optional;
import javax.ws.rs.core.Response;
import no.nav.sbl.rest.RestUtils;
import no.nav.sbl.util.StringUtils;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/brukerdialog/security/jwks/JsonWebKeyCache.class */
public class JsonWebKeyCache {
    private static final Logger log = LoggerFactory.getLogger(JsonWebKeyCache.class);
    private final String jwksUrl;
    private final boolean expectAlgorithmInKey;
    private JsonWebKeySet keyCache;

    public JsonWebKeyCache(String str, boolean z) {
        this.jwksUrl = StringUtils.assertNotNullOrEmpty(str);
        this.expectAlgorithmInKey = z;
    }

    public Optional<Key> getVerificationKey(JwtHeader jwtHeader, CacheMissAction cacheMissAction) {
        return (Optional) getCachedKey(jwtHeader).map((v0) -> {
            return Optional.of(v0);
        }).orElseGet(() -> {
            return cacheMissAction == CacheMissAction.REFRESH ? getVerificationKeyWithRefresh(jwtHeader) : Optional.empty();
        });
    }

    private synchronized Optional<Key> getVerificationKeyWithRefresh(JwtHeader jwtHeader) {
        return (Optional) getCachedKey(jwtHeader).map((v0) -> {
            return Optional.of(v0);
        }).orElseGet(() -> {
            refreshKeyCache();
            return getCachedKey(jwtHeader);
        });
    }

    private Optional<Key> getCachedKey(JwtHeader jwtHeader) {
        return Optional.ofNullable(this.keyCache).map(jsonWebKeySet -> {
            return jsonWebKeySet.findJsonWebKey(jwtHeader.getKid(), "RSA", "sig", this.expectAlgorithmInKey ? jwtHeader.getAlgorithm() : null);
        }).map((v0) -> {
            return v0.getKey();
        });
    }

    private void setKeyCache(String str) {
        try {
            this.keyCache = new JsonWebKeySet(str);
        } catch (JoseException e) {
            log.error("Could not parse JWKs.");
        }
    }

    private void refreshKeyCache() {
        this.keyCache = null;
        try {
            String httpGet = httpGet(this.jwksUrl);
            setKeyCache(httpGet);
            log.info("JWKs cache updated with: " + httpGet);
        } catch (RuntimeException e) {
            log.error("JWKs cache update failed. ", e);
        }
    }

    private static String httpGet(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Missing URL to JWKs location");
        }
        log.info("Starting JWKS update from " + str);
        return (String) RestUtils.withClient(client -> {
            Response response = client.target(str).request().header("Accept", "application/json").get();
            int status = response.getStatus();
            if (status == 200) {
                return (String) response.readEntity(String.class);
            }
            String str2 = "jwks cache update failed : HTTP error code : " + status;
            log.error(str2);
            throw new RuntimeException(str2);
        });
    }
}
