package de.adorsys.sts.tokenauth;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.SecretJWK;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
import com.nimbusds.jose.proc.SecurityContext;
import java.net.URL;
import java.security.Key;
import java.util.Date;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/adorsys/sts/tokenauth/AuthServer.class */
public class AuthServer {
    private static final Logger log = LoggerFactory.getLogger(AuthServer.class);
    private String name;
    private final String issUrl;
    private final String jwksUrl;
    private final int refreshIntervalSeconds;
    JWKSource<SecurityContext> jwkSource;
    final ConcurrentHashMap<String, JWK> jwkCache;
    long lastCacheUpdate;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:de/adorsys/sts/tokenauth/AuthServer$JsonWebKeyRetrievalException.class */
    public static class JsonWebKeyRetrievalException extends RuntimeException {
        public JsonWebKeyRetrievalException(Throwable th) {
            super(th);
        }

        public JsonWebKeyRetrievalException(String str) {
            super(str);
        }
    }

    public AuthServer(String str, String str2, String str3) {
        this(str, str2, str3, 600);
    }

    public AuthServer(String str, String str2, String str3, int i) {
        this.jwkCache = new ConcurrentHashMap<>();
        this.lastCacheUpdate = 0L;
        this.name = str;
        this.issUrl = str2;
        this.jwksUrl = str3;
        this.refreshIntervalSeconds = i;
        this.jwkSource = JWKSourceBuilder.create(new URL(this.jwksUrl)).build();
    }

    private void updateJwkCache() throws JsonWebKeyRetrievalException {
        try {
            List<JWK> list = this.jwkSource.get(new JWKSelector(new JWKMatcher.Builder().build()), (SecurityContext) null);
            onJsonWebKeySetRetrieved(list);
            this.jwkCache.clear();
            for (JWK jwk : list) {
                this.jwkCache.put(jwk.getKeyID(), jwk);
            }
            this.lastCacheUpdate = new Date().getTime();
        } catch (Exception e) {
            throw new JsonWebKeyRetrievalException(e);
        }
    }

    public Key getJWK(String str) throws JsonWebKeyRetrievalException {
        if (new Date().getTime() - this.lastCacheUpdate > this.refreshIntervalSeconds * 1000 || this.jwkCache.isEmpty()) {
            updateJwkCache();
        }
        SecretJWK secretJWK = (JWK) this.jwkCache.get(str);
        if (secretJWK == null) {
            throw new JsonWebKeyRetrievalException("Key with ID " + str + " not found in cache");
        }
        if (secretJWK instanceof RSAKey) {
            try {
                return ((RSAKey) secretJWK).toPublicKey();
            } catch (JOSEException e) {
                throw new JsonWebKeyRetrievalException((Throwable) e);
            }
        }
        if (secretJWK instanceof SecretJWK) {
            return secretJWK.toSecretKey();
        }
        throw new JsonWebKeyRetrievalException("unknown key type " + secretJWK.getClass());
    }

    protected void onJsonWebKeySetRetrieved(List<JWK> list) {
        log.info("Retrieved {} keys from {}", Integer.valueOf(list.size()), this.jwksUrl);
    }

    public void setName(String str) {
        this.name = str;
    }

    public String getName() {
        return this.name;
    }

    public String getIssUrl() {
        return this.issUrl;
    }

    public void setJwkSource(JWKSource<SecurityContext> jWKSource) {
        this.jwkSource = jWKSource;
    }
}
