package org.springframework.security.oauth2.provider.token.store.jwk;

import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.springframework.security.jwt.codec.Codecs;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
import org.springframework.security.oauth2.provider.token.store.jwk.JwkDefinition;

/* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-2.2.1.RELEASE.jar:org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource.class */
class JwkDefinitionSource {
    private final List<URL> jwkSetUrls;
    private final Map<String, JwkDefinitionHolder> jwkDefinitions;
    private static final JwkSetConverter jwkSetConverter = new JwkSetConverter();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-2.2.1.RELEASE.jar:org/springframework/security/oauth2/provider/token/store/jwk/JwkDefinitionSource$JwkDefinitionHolder.class */
    public static class JwkDefinitionHolder {
        private final JwkDefinition jwkDefinition;
        private final SignatureVerifier signatureVerifier;

        private JwkDefinitionHolder(JwkDefinition jwkDefinition, SignatureVerifier signatureVerifier) {
            this.jwkDefinition = jwkDefinition;
            this.signatureVerifier = signatureVerifier;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public JwkDefinition getJwkDefinition() {
            return this.jwkDefinition;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SignatureVerifier getSignatureVerifier() {
            return this.signatureVerifier;
        }
    }

    JwkDefinitionSource(String str) {
        this((List<String>) Arrays.asList(str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwkDefinitionSource(List<String> list) {
        this.jwkDefinitions = new ConcurrentHashMap();
        this.jwkSetUrls = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            try {
                this.jwkSetUrls.add(new URL(it.next()));
            } catch (MalformedURLException e) {
                throw new IllegalArgumentException("Invalid JWK Set URL: " + e.getMessage(), e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwkDefinitionHolder getDefinitionLoadIfNecessary(String str) {
        JwkDefinitionHolder definition;
        JwkDefinitionHolder definition2 = getDefinition(str);
        if (definition2 != null) {
            return definition2;
        }
        synchronized (this.jwkDefinitions) {
            this.jwkDefinitions.clear();
            Iterator<URL> it = this.jwkSetUrls.iterator();
            while (it.hasNext()) {
                this.jwkDefinitions.putAll(loadJwkDefinitions(it.next()));
            }
            definition = getDefinition(str);
        }
        return definition;
    }

    private JwkDefinitionHolder getDefinition(String str) {
        return this.jwkDefinitions.get(str);
    }

    static Map<String, JwkDefinitionHolder> loadJwkDefinitions(URL url) {
        try {
            Set<JwkDefinition> convert2 = jwkSetConverter.convert2(url.openStream());
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            for (JwkDefinition jwkDefinition : convert2) {
                if (JwkDefinition.KeyType.RSA.equals(jwkDefinition.getKeyType())) {
                    linkedHashMap.put(jwkDefinition.getKeyId(), new JwkDefinitionHolder(jwkDefinition, createRsaVerifier((RsaJwkDefinition) jwkDefinition)));
                }
            }
            return linkedHashMap;
        } catch (IOException e) {
            throw new JwkException("An I/O error occurred while reading from the JWK Set source: " + e.getMessage(), e);
        }
    }

    private static RsaVerifier createRsaVerifier(RsaJwkDefinition rsaJwkDefinition) {
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Codecs.b64UrlDecode(rsaJwkDefinition.getModulus())), new BigInteger(1, Codecs.b64UrlDecode(rsaJwkDefinition.getExponent()))));
            return rsaJwkDefinition.getAlgorithm() != null ? new RsaVerifier(rSAPublicKey, rsaJwkDefinition.getAlgorithm().standardName()) : new RsaVerifier(rSAPublicKey);
        } catch (Exception e) {
            throw new JwkException("An error occurred while creating a RSA Public Key Verifier for " + rsaJwkDefinition.getKeyId() + " : " + e.getMessage(), e);
        }
    }
}
