package io.scalecube.security.tokens.jwt;

import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Key;
import java.security.KeyFactory;
import java.security.spec.RSAPublicKeySpec;
import java.time.Duration;
import java.util.Base64;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.Exceptions;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;

/* loaded from: input_file:io/scalecube/security/tokens/jwt/JwksKeyProvider.class */
public final class JwksKeyProvider implements KeyProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(JwksKeyProvider.class);
    private static final ObjectMapper OBJECT_MAPPER = newObjectMapper();
    private String jwksUri;
    private Duration connectTimeout;
    private Duration readTimeout;

    public JwksKeyProvider() {
        this.connectTimeout = Duration.ofSeconds(10L);
        this.readTimeout = Duration.ofSeconds(10L);
    }

    private JwksKeyProvider(JwksKeyProvider jwksKeyProvider) {
        this.connectTimeout = Duration.ofSeconds(10L);
        this.readTimeout = Duration.ofSeconds(10L);
        this.jwksUri = jwksKeyProvider.jwksUri;
        this.connectTimeout = jwksKeyProvider.connectTimeout;
        this.readTimeout = jwksKeyProvider.readTimeout;
    }

    public JwksKeyProvider jwksUri(String str) {
        JwksKeyProvider copy = copy();
        copy.jwksUri = str;
        return copy;
    }

    public JwksKeyProvider connectTimeout(Duration duration) {
        JwksKeyProvider copy = copy();
        copy.connectTimeout = duration;
        return copy;
    }

    public JwksKeyProvider readTimeout(Duration duration) {
        JwksKeyProvider copy = copy();
        copy.readTimeout = duration;
        return copy;
    }

    @Override // io.scalecube.security.tokens.jwt.KeyProvider
    public Mono<Key> findKey(String str) {
        return computeKey(str).switchIfEmpty(Mono.error(new KeyNotFoundException("Key was not found, kid: " + str))).doOnSubscribe(subscription -> {
            LOGGER.debug("[findKey] Looking up key in jwks, kid: {}", str);
        }).subscribeOn(Schedulers.boundedElastic()).publishOn(Schedulers.boundedElastic());
    }

    private Mono<Key> computeKey(String str) {
        return Mono.fromCallable(this::computeKeyList).flatMap(jwkInfoList -> {
            return Mono.justOrEmpty(findRsaKey(jwkInfoList, str));
        }).onErrorMap(th -> {
            return th instanceof KeyProviderException ? th : new KeyProviderException(th);
        });
    }

    private JwkInfoList computeKeyList() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.jwksUri).openConnection();
        httpURLConnection.setConnectTimeout((int) this.connectTimeout.toMillis());
        httpURLConnection.setReadTimeout((int) this.readTimeout.toMillis());
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode == 200) {
            return toKeyList(httpURLConnection.getInputStream());
        }
        LOGGER.error("[computeKey][{}] Not expected response code: {}", this.jwksUri, Integer.valueOf(responseCode));
        throw new KeyProviderException("Not expected response code: " + responseCode);
    }

    private static JwkInfoList toKeyList(InputStream inputStream) {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
            Throwable th = null;
            try {
                JwkInfoList jwkInfoList = (JwkInfoList) OBJECT_MAPPER.readValue(bufferedInputStream, JwkInfoList.class);
                if (bufferedInputStream != null) {
                    if (0 != 0) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedInputStream.close();
                    }
                }
                return jwkInfoList;
            } finally {
            }
        } catch (IOException e) {
            LOGGER.error("[toKeyList] Exception occurred: {}", e.toString());
            throw Exceptions.propagate(e);
        }
    }

    private Optional<Key> findRsaKey(JwkInfoList jwkInfoList, String str) {
        return jwkInfoList.keys().stream().filter(jwkInfo -> {
            return str.equals(jwkInfo.kid());
        }).findFirst().map(jwkInfo2 -> {
            return toRsaPublicKey(jwkInfo2.modulus(), jwkInfo2.exponent());
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Key toRsaPublicKey(String str, String str2) {
        Base64.Decoder urlDecoder = Base64.getUrlDecoder();
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, urlDecoder.decode(str)), new BigInteger(1, urlDecoder.decode(str2))));
        } catch (Exception e) {
            throw Exceptions.propagate(e);
        }
    }

    private static ObjectMapper newObjectMapper() {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        objectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
        objectMapper.configure(DeserializationFeature.READ_UNKNOWN_ENUM_VALUES_AS_NULL, true);
        objectMapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);
        objectMapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY);
        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        return objectMapper;
    }

    private JwksKeyProvider copy() {
        return new JwksKeyProvider(this);
    }
}
