package org.apereo.cas.oidc.jwks.generator;

import java.io.File;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import java.util.function.Consumer;
import lombok.Generated;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apereo.cas.configuration.model.support.oidc.OidcProperties;
import org.apereo.cas.configuration.support.CasConfigurationJasyptCipherExecutor;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.io.FileWatcherService;
import org.apereo.cas.util.io.WatcherService;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.core.annotation.Order;
import org.springframework.core.io.AbstractResource;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.core.io.Resource;

@Order
/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/jwks/generator/OidcDefaultJsonWebKeystoreGeneratorService.class */
public class OidcDefaultJsonWebKeystoreGeneratorService implements OidcJsonWebKeystoreGeneratorService, DisposableBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcDefaultJsonWebKeystoreGeneratorService.class);
    private final OidcProperties oidcProperties;
    private final ConfigurableApplicationContext applicationContext;
    private WatcherService resourceWatcherService;

    @Override // org.springframework.beans.factory.DisposableBean
    public void destroy() {
        FunctionUtils.doIfNotNull(this.resourceWatcherService, (v0) -> {
            v0.close();
        });
    }

    @Override // org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService
    public Optional<Resource> find() throws Exception {
        AbstractResource determineJsonWebKeystoreResource = determineJsonWebKeystoreResource();
        return Optional.ofNullable(ResourceUtils.doesResourceExist(determineJsonWebKeystoreResource) ? determineJsonWebKeystoreResource : null);
    }

    @Override // org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService
    public JsonWebKeySet store(JsonWebKeySet jsonWebKeySet) throws Exception {
        AbstractResource determineJsonWebKeystoreResource = determineJsonWebKeystoreResource();
        if (ResourceUtils.isFile(determineJsonWebKeystoreResource)) {
            String json = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE);
            File file = determineJsonWebKeystoreResource.getFile();
            FileUtils.write(file, json, StandardCharsets.UTF_8);
            LOGGER.debug("Generated JSON web keystore at [{}]", file);
        }
        return jsonWebKeySet;
    }

    @Override // org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService
    public Resource generate() throws Exception {
        AbstractResource determineJsonWebKeystoreResource = determineJsonWebKeystoreResource();
        boolean isWatcherEnabled = this.oidcProperties.getJwks().getFileSystem().isWatcherEnabled();
        if (ResourceUtils.isFile(determineJsonWebKeystoreResource) && isWatcherEnabled && this.resourceWatcherService == null) {
            this.resourceWatcherService = new FileWatcherService(determineJsonWebKeystoreResource.getFile(), file -> {
                new Consumer<File>() { // from class: org.apereo.cas.oidc.jwks.generator.OidcDefaultJsonWebKeystoreGeneratorService.1
                    @Override // java.util.function.Consumer
                    public void accept(File file) {
                        FunctionUtils.doUnchecked(obj -> {
                            if (OidcDefaultJsonWebKeystoreGeneratorService.this.applicationContext.isActive()) {
                                OidcDefaultJsonWebKeystoreGeneratorService.LOGGER.info("Publishing event to broadcast change in [{}]", file);
                                OidcDefaultJsonWebKeystoreGeneratorService.this.applicationContext.publishEvent((ApplicationEvent) new OidcJsonWebKeystoreModifiedEvent(this, file));
                            }
                        }, new Object[0]);
                    }
                };
            });
            this.resourceWatcherService.start(determineJsonWebKeystoreResource.getFilename());
        }
        Resource generate = generate(determineJsonWebKeystoreResource);
        this.applicationContext.publishEvent((ApplicationEvent) new OidcJsonWebKeystoreGeneratedEvent(this, generate));
        return generate;
    }

    protected Resource generate(Resource resource) throws Exception {
        if (ResourceUtils.doesResourceExist(resource)) {
            LOGGER.trace("Located JSON web keystore at [{}]", resource);
            return resource;
        }
        store(OidcJsonWebKeystoreGeneratorService.generateJsonWebKeySet(this.oidcProperties));
        return resource;
    }

    private AbstractResource determineJsonWebKeystoreResource() throws Exception {
        String resolve = SpringExpressionLanguageValueResolver.getInstance().resolve(this.oidcProperties.getJwks().getFileSystem().getJwksFile());
        AbstractResource rawResourceFrom = ResourceUtils.getRawResourceFrom(resolve);
        if (ResourceUtils.doesResourceExist(resolve)) {
            String iOUtils = IOUtils.toString(rawResourceFrom.getInputStream(), StandardCharsets.UTF_8);
            if (CasConfigurationJasyptCipherExecutor.isValueEncrypted(iOUtils)) {
                return new ByteArrayResource(new CasConfigurationJasyptCipherExecutor(this.applicationContext.getEnvironment()).decryptValue(iOUtils).getBytes(StandardCharsets.UTF_8));
            }
        }
        return rawResourceFrom;
    }

    @Generated
    public OidcDefaultJsonWebKeystoreGeneratorService(OidcProperties oidcProperties, ConfigurableApplicationContext configurableApplicationContext) {
        this.oidcProperties = oidcProperties;
        this.applicationContext = configurableApplicationContext;
    }
}
