package com.ibm.ws.security.oidc.client;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.openidconnect.jwk.JWK;
import com.ibm.ws.security.openidconnect.jwk.JWKSet;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Iterator;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/ibm/ws/security/oidc/client/JwKRetriever.class */
public class JwKRetriever {
    private static final TraceComponent tc = Tr.register(JwKRetriever.class);
    private static long ConnectionWaitTimeMillis = 120000;
    private static int ConnectionCount = 3;
    private Semaphore semaphore = new Semaphore(ConnectionCount);

    public PublicKey getPublicKeyFromJwk(String str, String str2, RelyingPartyConfig relyingPartyConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPublicKeyFromJwk(kid[" + str + "], x5t[" + str2 + "], rpConfig[" + (relyingPartyConfig == null ? "null" : "not null") + "]");
        }
        PublicKey jwkCache = getJwkCache(str, str2, relyingPartyConfig);
        if (jwkCache == null) {
            jwkCache = getJwkRemote(str, str2, relyingPartyConfig);
        }
        if (jwkCache == null) {
            jwkCache = getJwkLocal(str, str2, relyingPartyConfig);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPublicKeyFromJwk returns [" + (jwkCache == null ? "null" : "not null") + "]");
        }
        return jwkCache;
    }

    protected PublicKey getJwkCache(String str, String str2, RelyingPartyConfig relyingPartyConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getJwkCache(kid[" + str + "], x5t[" + str2 + "], rpConfig[" + (relyingPartyConfig == null ? "null" : "not null") + "]");
        }
        PublicKey publicKeyByKid = str != null ? relyingPartyConfig.getJwkSet().getPublicKeyByKid(str) : str2 != null ? relyingPartyConfig.getJwkSet().getPublicKeyByx5t(str2) : getDefaultPublicKey(relyingPartyConfig);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getJwkCache returns [" + (publicKeyByKid == null ? "null" : "not null") + "]");
        }
        return publicKeyByKid;
    }

    protected PublicKey getJwkRemote(String str, String str2, RelyingPartyConfig relyingPartyConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getJwkRemote(kid[" + str + "], x5t[" + str2 + "], rpConfig[" + (relyingPartyConfig == null ? "null" : "not null") + "]");
        }
        PublicKey publicKey = null;
        String jwkEndpointUrl = relyingPartyConfig.getJwkEndpointUrl();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "jwkUrl[" + jwkEndpointUrl + "]");
        }
        if (jwkEndpointUrl == null || !jwkEndpointUrl.startsWith("http")) {
            publicKey = null;
        } else {
            boolean z = false;
            try {
                z = this.semaphore.tryAcquire(ConnectionWaitTimeMillis, TimeUnit.MILLISECONDS);
                publicKey = getJwkCache(str, str2, relyingPartyConfig);
                if (publicKey == null) {
                    publicKey = doJwkRemote(str, str2, relyingPartyConfig);
                }
                if (z) {
                    this.semaphore.release();
                }
            } catch (InterruptedException e) {
                if (z) {
                    this.semaphore.release();
                }
            } catch (Throwable th) {
                if (z) {
                    this.semaphore.release();
                }
                throw th;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getJwkRemote returns [" + (publicKey == null ? "null" : "not null") + "]");
        }
        return publicKey;
    }

    protected PublicKey doJwkRemote(String str, String str2, RelyingPartyConfig relyingPartyConfig) {
        HashMap<String, String> invokeRequest;
        String str3;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doJwkRemote(kid[" + str + "], x5t[" + str2 + "], rpConfig[" + (relyingPartyConfig == null ? "null" : "not null") + "]");
        }
        JWKSet jwkSet = relyingPartyConfig.getJwkSet();
        try {
            invokeRequest = RelyingPartyUtils.invokeRequest("GET", relyingPartyConfig.getJwkEndpointUrl(), null, relyingPartyConfig, null, false);
            str3 = invokeRequest.get("responseCode");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "returnCode[" + str3 + "]");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Fail to retrieve remote key: ", e.getCause());
            }
        }
        if (!str3.equals("200")) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "doJwkRemote returns [null]");
            return null;
        }
        Iterator<JsonElement> it = ((JsonObject) new JsonParser().parse(invokeRequest.get("responseMsg"))).getAsJsonArray("keys").iterator();
        while (it.hasNext()) {
            JWK jwk = new JWK(it.next().getAsJsonObject());
            jwk.parse();
            if (jwk != null) {
                jwkSet.addJWK(jwk);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "add remote key for keyid: ", jwk.getKeyID());
                }
            }
        }
        PublicKey publicKeyByKid = str != null ? jwkSet.getPublicKeyByKid(str) : str2 != null ? jwkSet.getPublicKeyByx5t(str2) : getDefaultPublicKey(relyingPartyConfig);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doJwkRemote returns [" + (publicKeyByKid == null ? "null" : "not null") + "]");
        }
        return publicKeyByKid;
    }

    protected PublicKey getJwkLocal(String str, String str2, RelyingPartyConfig relyingPartyConfig) {
        FileInputStream fileInputStream;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getJwkLocal(kid[" + str + "], x5t[" + str2 + "], rpConfig[" + (relyingPartyConfig == null ? "null" : "not null") + "]");
        }
        JWKSet jwkSet = relyingPartyConfig.getJwkSet();
        try {
            final String jsonWebKey = relyingPartyConfig.getJsonWebKey();
            fileInputStream = (FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.oidc.client.JwKRetriever.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    File file = new File(jsonWebKey);
                    if (file.exists()) {
                        return new FileInputStream(file);
                    }
                    return null;
                }
            });
        } catch (Exception e) {
        }
        if (fileInputStream == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getJwkLocal returns [null]");
            return null;
        }
        InputStreamReader inputStreamReader = new InputStreamReader(fileInputStream);
        Iterator<JsonElement> it = ((JsonObject) new JsonParser().parse(inputStreamReader)).getAsJsonArray("keys").iterator();
        while (it.hasNext()) {
            JWK jwk = new JWK(it.next().getAsJsonObject());
            jwk.parse();
            if (jwk != null) {
                jwkSet.addJWK(jwk);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "add local key for keyid: ", jwk.getKeyID());
                }
            }
        }
        inputStreamReader.close();
        PublicKey publicKey = null;
        if (str != null) {
            publicKey = jwkSet.getPublicKeyByKid(str);
        } else if (str2 != null) {
            publicKey = jwkSet.getPublicKeyByx5t(str2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getJwkLocal returns [" + (publicKey == null ? "null" : "not null") + "]");
        }
        return publicKey;
    }

    protected PublicKey getDefaultPublicKey(RelyingPartyConfig relyingPartyConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultPublicKey(rpConfig[" + (relyingPartyConfig == null ? "null" : "not null") + "]");
        }
        PublicKey publicKey = null;
        int size = relyingPartyConfig.getJwkSet().getJWKs().size();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "numKeys[" + size + "]");
        }
        if (size == 1) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "There is only one key.  Returning the only key.");
            }
            publicKey = relyingPartyConfig.getJwkSet().getJWKs().get(0).getPublicKey();
        } else if (tc.isDebugEnabled()) {
            if (size > 0) {
                Tr.debug(tc, "There is more than one key so the key cannot be determined.");
            } else {
                Tr.debug(tc, "There are no keys to return.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultPublicKey returns [" + (publicKey == null ? "null" : "not null") + "]");
        }
        return publicKey;
    }
}
