package edu.internet2.middleware.grouper.authentication;

import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.RSAKeyProvider;
import edu.internet2.middleware.grouperClient.collections.MultiKey;
import edu.internet2.middleware.grouperClient.util.ExpirableCache;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:WEB-INF/lib/grouper-5.7.1.jar:edu/internet2/middleware/grouper/authentication/GrouperTrustedJwtConfigKey.class */
public class GrouperTrustedJwtConfigKey implements RSAKeyProvider {
    private static ExpirableCache<MultiKey, PublicKey> publicKeyCache = new ExpirableCache<>(10);
    private Algorithm algorithm = null;
    private String publicKey = null;
    private String encryptionType = null;
    private Date expiresOn = null;

    private static PublicKey retrievePublicKey(String str, String str2) {
        MultiKey multiKey = new MultiKey(str, str2);
        PublicKey publicKey = publicKeyCache.get(multiKey);
        if (publicKey == null) {
            try {
                publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(str)));
                publicKeyCache.put(multiKey, publicKey);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("Could not reconstruct the public key, the given algorithm could not be found.", e);
            } catch (InvalidKeySpecException e2) {
                throw new RuntimeException("Could not reconstruct the public key", e2);
            }
        }
        return publicKey;
    }

    private Algorithm retrieveAlgorithm() {
        if (this.algorithm == null) {
            if (StringUtils.equals(this.encryptionType, "RS-256")) {
                this.algorithm = Algorithm.RSA256(this);
            } else if (StringUtils.equals(this.encryptionType, "RS-384")) {
                this.algorithm = Algorithm.RSA384(this);
            } else {
                if (!StringUtils.equals(this.encryptionType, "RS-512")) {
                    throw new RuntimeException("Invalid encryption type: '" + this.encryptionType + "'");
                }
                this.algorithm = Algorithm.RSA512(this);
            }
        }
        return this.algorithm;
    }

    public boolean isExpired() {
        return this.expiresOn != null && this.expiresOn.getTime() < System.currentTimeMillis();
    }

    public String getPublicKey() {
        return this.publicKey;
    }

    public void setPublicKey(String str) {
        this.publicKey = str;
    }

    public String getEncryptionType() {
        return this.encryptionType;
    }

    public void setEncryptionType(String str) {
        this.encryptionType = str;
    }

    public Date getExpiresOn() {
        return this.expiresOn;
    }

    public void setExpiresOn(Date date) {
        this.expiresOn = date;
    }

    public boolean verify(DecodedJWT decodedJWT) {
        if (isExpired()) {
            return false;
        }
        try {
            retrieveAlgorithm().verify(decodedJWT);
            return true;
        } catch (SignatureVerificationException e) {
            return false;
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.auth0.jwt.interfaces.KeyProvider
    public RSAPublicKey getPublicKeyById(String str) {
        PublicKey retrievePublicKey = retrievePublicKey(this.publicKey, this.encryptionType);
        if (retrievePublicKey instanceof RSAPublicKey) {
            return (RSAPublicKey) retrievePublicKey;
        }
        return null;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.auth0.jwt.interfaces.KeyProvider
    public RSAPrivateKey getPrivateKey() {
        throw new RuntimeException("Doesnt do private keys");
    }

    @Override // com.auth0.jwt.interfaces.KeyProvider
    public String getPrivateKeyId() {
        throw new RuntimeException("Doesnt do private keys");
    }
}
