package org.lightningj.paywall.keymgmt;

import java.io.File;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.time.Clock;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.lightningj.paywall.InternalErrorException;

/* loaded from: input_file:org/lightningj/paywall/keymgmt/DefaultRecipientKeyManager.class */
abstract class DefaultRecipientKeyManager implements RecipientKeyManager {
    protected static Logger log = Logger.getLogger(DefaultRecipientKeyManager.class.getName());
    private static final long CACHE_TIME = 300000;
    protected long reciepientsStoreCacheExpireDate = 0;
    protected Map<String, PublicKey> trustedRecipientsKeysCache = new ConcurrentHashMap();
    protected Clock clock = Clock.systemDefaultZone();
    private KeyFactory rsaKeyFactory;

    DefaultRecipientKeyManager() {
    }

    @Override // org.lightningj.paywall.keymgmt.RecipientKeyManager
    public Map<String, PublicKey> getReceipients(Context context) throws UnsupportedOperationException, InternalErrorException {
        if (hasCacheExpired(this.reciepientsStoreCacheExpireDate)) {
            synchronized (this) {
                this.trustedRecipientsKeysCache.clear();
                if (getAsymRecipientsFiles() != null) {
                    for (File file : getAsymRecipientsFiles()) {
                        try {
                            log.fine("Parsing recipient public key file: " + file.getPath());
                            PublicKey deserializePublicKey = KeySerializationHelper.deserializePublicKey(Files.readAllBytes(file.toPath()), getRSAKeyFactory());
                            this.trustedRecipientsKeysCache.put(KeySerializationHelper.genKeyId(deserializePublicKey.getEncoded()), deserializePublicKey);
                        } catch (Exception e) {
                            log.log(Level.SEVERE, "Error parsing recipient public key file: " + file.getPath() + ", error: " + e.getMessage(), (Throwable) e);
                        }
                    }
                } else {
                    log.warning("Warning: no recipients store directory configured, using own public key as recipient. Should not be used in production.");
                    PublicKey publicKey = getAsymmetricKeyManager().getPublicKey(context);
                    this.trustedRecipientsKeysCache.put(KeySerializationHelper.genKeyId(publicKey.getEncoded()), publicKey);
                }
                this.reciepientsStoreCacheExpireDate = this.clock.millis() + 300000;
            }
        }
        return this.trustedRecipientsKeysCache;
    }

    protected abstract String getAsymRecipientsStorePath() throws InternalErrorException;

    protected abstract AsymmetricKeyManager getAsymmetricKeyManager();

    private File[] getAsymRecipientsFiles() throws InternalErrorException {
        if (getAsymRecipientsStorePath() == null || getAsymRecipientsStorePath().trim().equals("")) {
            return null;
        }
        File file = new File(getAsymRecipientsStorePath());
        if (file.exists() && file.isDirectory() && file.canRead()) {
            return file.listFiles((file2, str) -> {
                return str.toLowerCase().endsWith(".pem");
            });
        }
        throw new InternalErrorException("Internal error parsing public keys in recipients store directory: " + file.getPath() + " check that it exists and is readable");
    }

    protected KeyFactory getRSAKeyFactory() throws InternalErrorException {
        if (this.rsaKeyFactory == null) {
            try {
                this.rsaKeyFactory = KeyFactory.getInstance("RSA", getProvider(null));
            } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
                throw new InternalErrorException("Internal error generating RSA key: " + e.getMessage(), e);
            }
        }
        return this.rsaKeyFactory;
    }

    private boolean hasCacheExpired(long j) {
        return j < this.clock.millis();
    }
}
