package org.apereo.cas.oidc.jwks;

import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.security.spec.ECParameterSpec;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.util.JsonUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.jose4j.jwk.EcJwkGenerator;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.OctetSequenceJsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwk.RsaJwkGenerator;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.keys.AesKey;
import org.jose4j.keys.EllipticCurves;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.InputStreamResource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/jwks/OidcJsonWebKeyStoreUtils.class */
public final class OidcJsonWebKeyStoreUtils {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcJsonWebKeyStoreUtils.class);
    private static final int JWK_EC_P384_SIZE = 384;
    private static final int JWK_EC_P512_SIZE = 512;

    public static Optional<JsonWebKeySet> getJsonWebKeySet(OidcRegisteredService oidcRegisteredService, ResourceLoader resourceLoader, Optional<OidcJsonWebKeyUsage> optional) {
        return (Optional) FunctionUtils.doAndHandle(() -> {
            LOGGER.trace("Loading JSON web key from [{}]", SpringExpressionLanguageValueResolver.getInstance().resolve(oidcRegisteredService.getJwks()));
            Resource jsonWebKeySetResource = getJsonWebKeySetResource(oidcRegisteredService, resourceLoader);
            if (jsonWebKeySetResource != null) {
                return buildJsonWebKeySet(jsonWebKeySetResource, (Optional<String>) Optional.ofNullable(oidcRegisteredService.getJwksKeyId()), (Optional<OidcJsonWebKeyUsage>) optional);
            }
            LOGGER.warn("No JSON web keys or keystore resource could be found for [{}]", oidcRegisteredService);
            return Optional.empty();
        }, th -> {
            LoggingUtils.error(LOGGER, th);
            return Optional.empty();
        }).get();
    }

    public static Optional<JsonWebKeySet> getJsonWebKeyFromJsonWebKeySet(JsonWebKeySet jsonWebKeySet, Optional<String> optional, Optional<OidcJsonWebKeyUsage> optional2) {
        if (jsonWebKeySet.getJsonWebKeys().isEmpty()) {
            LOGGER.warn("No JSON web keys are available in the keystore");
            return Optional.empty();
        }
        List list = (List) getJsonWebKeyByKeyId(jsonWebKeySet, optional, optional2).getJsonWebKeys().stream().filter(jsonWebKey -> {
            return jsonWebKey.getKey() != null;
        }).collect(Collectors.toList());
        if (!list.isEmpty()) {
            return Optional.of(new JsonWebKeySet((List<? extends JsonWebKey>) list));
        }
        LOGGER.warn("Unable to locate JSON web key for [{}]", optional.map((v0) -> {
            return v0.toString();
        }));
        return Optional.empty();
    }

    private static List<JsonWebKey> filterJsonWebKeySetKeysBy(JsonWebKeySet jsonWebKeySet, Optional<String> optional, Optional<OidcJsonWebKeyUsage> optional2) {
        Predicate<? super JsonWebKey> predicate = jsonWebKey -> {
            return jsonWebKey instanceof PublicJsonWebKey;
        };
        if (optional.isPresent()) {
            predicate = predicate.and(jsonWebKey2 -> {
                return StringUtils.equalsIgnoreCase(jsonWebKey2.getKeyId(), (CharSequence) optional.get());
            });
        }
        if (optional2.isPresent()) {
            predicate = predicate.and(jsonWebKey3 -> {
                return ((OidcJsonWebKeyUsage) optional2.get()).is(jsonWebKey3);
            });
        }
        Stream<JsonWebKey> filter = jsonWebKeySet.getJsonWebKeys().stream().filter(predicate);
        Class<PublicJsonWebKey> cls = PublicJsonWebKey.class;
        Objects.requireNonNull(PublicJsonWebKey.class);
        return (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).collect(Collectors.toList());
    }

    private static JsonWebKeySet getJsonWebKeyByKeyId(JsonWebKeySet jsonWebKeySet, Optional<String> optional, Optional<OidcJsonWebKeyUsage> optional2) {
        if (optional.isPresent()) {
            List<JsonWebKey> filterJsonWebKeySetKeysBy = filterJsonWebKeySetKeysBy(jsonWebKeySet, optional, optional2);
            if (optional2.isPresent() && filterJsonWebKeySetKeysBy.isEmpty()) {
                LOGGER.debug("No JSON web keys found for [{}] and usage [{}]. Skipping usage...", optional.get(), optional2.get());
                filterJsonWebKeySetKeysBy = filterJsonWebKeySetKeysBy(jsonWebKeySet, optional, Optional.empty());
            }
            LOGGER.debug("JSON web keys found for [{}] are [{}]", optional.get(), filterJsonWebKeySetKeysBy);
            return new JsonWebKeySet(filterJsonWebKeySetKeysBy);
        }
        List<JsonWebKey> filterJsonWebKeySetKeysBy2 = filterJsonWebKeySetKeysBy(jsonWebKeySet, Optional.empty(), optional2);
        if (optional2.isPresent() && filterJsonWebKeySetKeysBy2.isEmpty()) {
            LOGGER.debug("No JSON web keys found for usage [{}]. Skipping usage...", optional2.get());
            filterJsonWebKeySetKeysBy2 = filterJsonWebKeySetKeysBy(jsonWebKeySet, Optional.empty(), Optional.empty());
        }
        LOGGER.debug("JSON web keys found are [{}]", filterJsonWebKeySetKeysBy2);
        return new JsonWebKeySet(filterJsonWebKeySetKeysBy2);
    }

    private static Optional<JsonWebKeySet> buildJsonWebKeySet(Resource resource, Optional<String> optional, Optional<OidcJsonWebKeyUsage> optional2) throws Exception {
        LOGGER.debug("Loading JSON web key from [{}]", resource);
        String iOUtils = IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8);
        LOGGER.debug("Retrieved JSON web key from [{}] as [{}]", resource, iOUtils);
        return buildJsonWebKeySet(iOUtils, optional, optional2);
    }

    private static Optional<JsonWebKeySet> buildJsonWebKeySet(String str, Optional<String> optional, Optional<OidcJsonWebKeyUsage> optional2) throws Exception {
        if (JsonUtils.isValidJson(str)) {
            return getJsonWebKeyFromJsonWebKeySet(new JsonWebKeySet(str), optional, optional2);
        }
        OctetSequenceJsonWebKey octetSequenceJsonWebKey = new OctetSequenceJsonWebKey(new AesKey(str.getBytes(StandardCharsets.UTF_8)));
        octetSequenceJsonWebKey.setKeyId(optional.orElse(""));
        octetSequenceJsonWebKey.setUse((String) optional2.map((v0) -> {
            return v0.name();
        }).orElse(""));
        return Optional.of(new JsonWebKeySet(octetSequenceJsonWebKey));
    }

    private static Resource getJsonWebKeySetResource(OidcRegisteredService oidcRegisteredService, ResourceLoader resourceLoader) {
        String resolve = SpringExpressionLanguageValueResolver.getInstance().resolve(oidcRegisteredService.getJwks());
        if (StringUtils.isNotBlank(resolve)) {
            return ResourceUtils.doesResourceExist(resolve) ? resourceLoader.getResource(resolve) : new InputStreamResource(new ByteArrayInputStream(resolve.getBytes(StandardCharsets.UTF_8)), "JWKS");
        }
        return null;
    }

    public static JsonWebKeySet parseJsonWebKeySet(String str) {
        return (JsonWebKeySet) FunctionUtils.doUnchecked(() -> {
            return new JsonWebKeySet(str);
        });
    }

    private static PublicJsonWebKey generateJsonWebKeyEC(ECParameterSpec eCParameterSpec) {
        return (PublicJsonWebKey) FunctionUtils.doUnchecked(() -> {
            return EcJwkGenerator.generateJwk(eCParameterSpec);
        });
    }

    public static PublicJsonWebKey generateJsonWebKey(String str, int i, OidcJsonWebKeyUsage oidcJsonWebKeyUsage) {
        String lowerCase = str.trim().toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case 3230:
                if (lowerCase.equals("ec")) {
                    z = false;
                    break;
                }
                break;
            case 113216:
                if (lowerCase.equals("rsa")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (i == JWK_EC_P384_SIZE) {
                    PublicJsonWebKey generateJsonWebKeyEC = generateJsonWebKeyEC(EllipticCurves.P384);
                    generateJsonWebKeyEC.setKeyId(UUID.randomUUID().toString());
                    generateJsonWebKeyEC.setAlgorithm(AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384);
                    oidcJsonWebKeyUsage.assignTo(generateJsonWebKeyEC);
                    return generateJsonWebKeyEC;
                }
                if (i == 512) {
                    PublicJsonWebKey generateJsonWebKeyEC2 = generateJsonWebKeyEC(EllipticCurves.P521);
                    generateJsonWebKeyEC2.setKeyId(UUID.randomUUID().toString());
                    generateJsonWebKeyEC2.setAlgorithm(AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512);
                    oidcJsonWebKeyUsage.assignTo(generateJsonWebKeyEC2);
                    return generateJsonWebKeyEC2;
                }
                PublicJsonWebKey generateJsonWebKeyEC3 = generateJsonWebKeyEC(EllipticCurves.P256);
                generateJsonWebKeyEC3.setKeyId(UUID.randomUUID().toString());
                generateJsonWebKeyEC3.setAlgorithm(AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512);
                oidcJsonWebKeyUsage.assignTo(generateJsonWebKeyEC3);
                return generateJsonWebKeyEC3;
            case true:
            default:
                RsaJsonWebKey rsaJsonWebKey = (RsaJsonWebKey) FunctionUtils.doUnchecked(() -> {
                    return RsaJwkGenerator.generateJwk(i);
                });
                rsaJsonWebKey.setKeyId(UUID.randomUUID().toString());
                oidcJsonWebKeyUsage.assignTo(rsaJsonWebKey);
                return rsaJsonWebKey;
        }
    }

    @Generated
    private OidcJsonWebKeyStoreUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
