package com.ibm.ws.security.openidconnect.client;

import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openidconnect.jwk.JWK;
import com.ibm.ws.security.openidconnect.jwk.JWKSet;
import com.ibm.wsspi.ssl.SSLSupport;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.util.Iterator;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.security.openidconnect.client_1.0.13.cl160220160718-1411.jar:com/ibm/ws/security/openidconnect/client/JwKRetriever.class */
public class JwKRetriever {
    private static final TraceComponent tc = Tr.register(JwKRetriever.class);
    private static long ConnectionWaitTimeMillis = 120000;
    private static int ConnectionCount = 3;
    private Semaphore semaphore = new Semaphore(ConnectionCount);
    static final long serialVersionUID = -3202122118515532683L;

    public PublicKey getPublicKeyFromJwk(String str, String str2, OidcClientConfig oidcClientConfig, SSLSupport sSLSupport) {
        PublicKey jwkCache = getJwkCache(str, str2, oidcClientConfig);
        if (jwkCache == null) {
            jwkCache = getJwkRemote(str, str2, oidcClientConfig, sSLSupport);
        }
        if (jwkCache == null) {
            jwkCache = getJwkLocal(str, str2, oidcClientConfig);
        }
        return jwkCache;
    }

    protected PublicKey getJwkCache(String str, String str2, OidcClientConfig oidcClientConfig) {
        return str != null ? oidcClientConfig.getJwkSet().getPublicKeyByKid(str) : str2 != null ? oidcClientConfig.getJwkSet().getPublicKeyByx5t(str2) : oidcClientConfig.getJwkSet().getPublicKeyByKid((String) null);
    }

    protected PublicKey getJwkRemote(String str, String str2, OidcClientConfig oidcClientConfig, SSLSupport sSLSupport) {
        String jwkEndpointUrl = oidcClientConfig.getJwkEndpointUrl();
        if (jwkEndpointUrl == null || !jwkEndpointUrl.startsWith("http")) {
            return null;
        }
        boolean z = false;
        PublicKey publicKey = null;
        try {
            try {
                z = this.semaphore.tryAcquire(ConnectionWaitTimeMillis, TimeUnit.MILLISECONDS);
                publicKey = getJwkCache(str, str2, oidcClientConfig);
                if (publicKey == null) {
                    publicKey = doJwkRemote(str, str2, oidcClientConfig, sSLSupport);
                }
                if (z) {
                    this.semaphore.release();
                }
            } catch (InterruptedException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.client.JwKRetriever", "83", this, new Object[]{str, str2, oidcClientConfig, sSLSupport});
                if (z) {
                    this.semaphore.release();
                }
            }
            return publicKey;
        } catch (Throwable th) {
            if (z) {
                this.semaphore.release();
            }
            throw th;
        }
    }

    protected PublicKey doJwkRemote(String str, String str2, OidcClientConfig oidcClientConfig, SSLSupport sSLSupport) {
        HttpClientUtil httpClientUtil = new HttpClientUtil();
        String jwkEndpointUrl = oidcClientConfig.getJwkEndpointUrl();
        JWKSet jwkSet = oidcClientConfig.getJwkSet();
        try {
            Iterator it = new JsonParser().parse(httpClientUtil.getHTTPRequestAsString(OidcClientHttpUtil.getInstance().createHTTPClient(httpClientUtil.getSSLContext(jwkEndpointUrl, oidcClientConfig.getSSLConfigurationName(), sSLSupport, oidcClientConfig.getClientId()), jwkEndpointUrl, oidcClientConfig.isHostNameVerificationEnabled()), jwkEndpointUrl)).getAsJsonArray("keys").iterator();
            while (it.hasNext()) {
                JWK jwk = new JWK(((JsonElement) it.next()).getAsJsonObject());
                jwk.parse();
                if (jwk != null) {
                    jwkSet.addJWK(jwk);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "add remote key for keyid: ", jwk.getKeyID());
                    }
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.client.JwKRetriever", "121", this, new Object[]{str, str2, oidcClientConfig, sSLSupport});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Fail to retrieve remote key: ", e.getCause());
            }
        }
        return str != null ? jwkSet.getPublicKeyByKid(str) : str2 != null ? jwkSet.getPublicKeyByx5t(str2) : jwkSet.getPublicKeyByKid((String) null);
    }

    protected PublicKey getJwkLocal(String str, String str2, OidcClientConfig oidcClientConfig) {
        final String jsonWebKey;
        FileInputStream fileInputStream;
        JWKSet jwkSet = oidcClientConfig.getJwkSet();
        try {
            jsonWebKey = oidcClientConfig.getJsonWebKey();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.client.JwKRetriever", "183", this, new Object[]{str, str2, oidcClientConfig});
        }
        if (jsonWebKey == null || (fileInputStream = (FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.openidconnect.client.JwKRetriever.1
            static final long serialVersionUID = -2215814484961468047L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                File file = new File(jsonWebKey);
                if (file.exists()) {
                    return new FileInputStream(file);
                }
                return null;
            }
        })) == null) {
            return null;
        }
        InputStreamReader inputStreamReader = new InputStreamReader(fileInputStream);
        Iterator it = new JsonParser().parse(inputStreamReader).getAsJsonArray("keys").iterator();
        while (it.hasNext()) {
            JWK jwk = new JWK(((JsonElement) it.next()).getAsJsonObject());
            jwk.parse();
            if (jwk != null) {
                jwkSet.addJWK(jwk);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "add local key for keyid: ", jwk.getKeyID());
                }
            }
        }
        inputStreamReader.close();
        return str != null ? jwkSet.getPublicKeyByKid(str) : str2 != null ? jwkSet.getPublicKeyByx5t(str2) : jwkSet.getPublicKeyByKid((String) null);
    }
}
