package org.opencastproject.security.jwt;

import com.auth0.jwk.Jwk;
import com.auth0.jwk.JwkException;
import com.auth0.jwk.SigningKeyNotFoundException;
import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opencastproject/security/jwt/GuavaCachedUrlJwkProvider.class */
public class GuavaCachedUrlJwkProvider extends UrlJwkProvider {
    private static final Logger logger = LoggerFactory.getLogger(GuavaCachedUrlJwkProvider.class);
    private final Cache<String, List<Jwk>> cache;
    private static final String KEY = "GET_ALL";

    public GuavaCachedUrlJwkProvider(String str, long j, TimeUnit timeUnit) {
        super(urlFromString(str));
        this.cache = CacheBuilder.newBuilder().maximumSize(1L).expireAfterWrite(j, timeUnit).build();
    }

    private static URL urlFromString(String str) {
        Preconditions.checkArgument(!Strings.isNullOrEmpty(str), "A URL is required");
        try {
            return new URI(str).normalize().toURL();
        } catch (MalformedURLException | URISyntaxException e) {
            throw new IllegalArgumentException("Invalid JWKS URI", e);
        }
    }

    @Override // com.auth0.jwk.UrlJwkProvider
    public List<Jwk> getAll() {
        return getAll(false);
    }

    public List<Jwk> getAll(boolean z) {
        if (z) {
            try {
                this.cache.invalidate(KEY);
            } catch (ExecutionException e) {
                logger.error("Error while loading from JWKS cache: " + e.getMessage());
                return Collections.emptyList();
            }
        }
        List<Jwk> list = (List) this.cache.getIfPresent(KEY);
        if (list == null) {
            logger.debug("JWKS cache miss");
            list = (List) this.cache.get(KEY, () -> {
                return super.getAll();
            });
        } else {
            logger.debug("JWKS cache hit");
        }
        return list;
    }

    public List<Algorithm> getAlgorithms(DecodedJWT decodedJWT, boolean z) throws JwkException {
        ArrayList arrayList = new ArrayList();
        for (Jwk jwk : getAll(z)) {
            if ((decodedJWT.getKeyId() == null && decodedJWT.getAlgorithm().equals(jwk.getAlgorithm())) || (decodedJWT.getKeyId() != null && decodedJWT.getKeyId().equals(jwk.getId()))) {
                arrayList.add(AlgorithmBuilder.buildAlgorithm(jwk));
            }
        }
        if (arrayList.isEmpty()) {
            throw new SigningKeyNotFoundException("No key found", null);
        }
        return arrayList;
    }
}
