package net.shibboleth.oidc.jwk;

import com.nimbusds.jose.jwk.JWKSet;
import java.io.IOException;
import java.net.URI;
import java.text.ParseException;
import java.time.Instant;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.jwk.support.RemoteJwkUtils;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.apache.http.client.HttpClient;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.storage.StorageCapabilities;
import org.opensaml.storage.StorageCapabilitiesEx;
import org.opensaml.storage.StorageRecord;
import org.opensaml.storage.StorageService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/oidc/jwk/RemoteJwkSetCache.class */
public class RemoteJwkSetCache extends AbstractIdentifiableInitializableComponent {
    public static final String CONTEXT_NAME = "oidcRemoteJwkSetContents";
    private final Logger log = LoggerFactory.getLogger(RemoteJwkSetCache.class);
    private StorageService storage;

    @NonnullAfterInit
    private HttpClient httpClient;

    @Nullable
    private HttpClientSecurityParameters httpClientSecurityParameters;

    @NonnullAfterInit
    public StorageService getStorage() {
        return this.storage;
    }

    public void setStorage(@Nonnull StorageService storageService) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.storage = (StorageService) Constraint.isNotNull(storageService, "StorageService cannot be null");
        StorageCapabilitiesEx capabilities = this.storage.getCapabilities();
        if (capabilities instanceof StorageCapabilitiesEx) {
            Constraint.isTrue(capabilities.isServerSide(), "StorageService cannot be client-side");
        }
    }

    public void setHttpClient(@Nonnull HttpClient httpClient) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClient = (HttpClient) Constraint.isNotNull(httpClient, "HttpClient cannot be null");
    }

    public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters httpClientSecurityParameters) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClientSecurityParameters = httpClientSecurityParameters;
    }

    public void doInitialize() throws ComponentInitializationException {
        if (this.storage == null) {
            throw new ComponentInitializationException("StorageService cannot be null");
        }
        if (this.httpClient == null) {
            throw new ComponentInitializationException("HttpClient cannot be null");
        }
    }

    public JWKSet fetch(@Nonnull URI uri, @Nonnull String str, @Nonnull Instant instant) {
        return fetch(CONTEXT_NAME, uri, str, instant);
    }

    public JWKSet fetch(@Nonnull URI uri, @Nonnull Instant instant) {
        return fetch(CONTEXT_NAME, uri, instant);
    }

    @Nullable
    public JWKSet fetch(@NotEmpty @Nonnull String str, @Nonnull URI uri, @Nonnull Instant instant) {
        String uri2 = uri.toString();
        StorageCapabilities capabilities = this.storage.getCapabilities();
        if (str.length() > capabilities.getContextSize()) {
            this.log.error("context {} too long for StorageService (limit {})", str, Integer.valueOf(capabilities.getContextSize()));
            return null;
        }
        try {
            StorageRecord read = this.storage.read(str, uri2);
            if (read == null) {
                this.log.debug("JWK set '{}' was not in the cache, fetching it", uri2);
                return fetchAndStore(str, uri2, uri, instant);
            }
            JWKSet parse = JWKSet.parse(read.getValue());
            this.log.debug("Cached JWK set '{}' found and will be returned, expires at {}", uri2, read.getExpiration());
            return parse;
        } catch (IOException | ParseException e) {
            this.log.error("Exception reading/writing to storage service", e);
            return null;
        }
    }

    @Nullable
    private JWKSet fetchAndStore(@NotEmpty @Nonnull String str, @Nonnull String str2, @Nonnull URI uri, @Nonnull Instant instant) {
        try {
            JWKSet fetchRemoteJwkSet = RemoteJwkUtils.fetchRemoteJwkSet("RemoteJwkSetCache", uri, this.httpClient, this.httpClientSecurityParameters);
            if (fetchRemoteJwkSet == null || fetchRemoteJwkSet.getKeys() == null || fetchRemoteJwkSet.getKeys().isEmpty()) {
                this.log.warn("Could not find any remote keys from {}", str2);
                return null;
            }
            this.storage.create(str, str2, fetchRemoteJwkSet.toString(), Long.valueOf(instant.toEpochMilli()));
            return fetchRemoteJwkSet;
        } catch (IOException e) {
            this.log.error("Exception reading/writing to storage service", e);
            return null;
        }
    }

    @Nullable
    public JWKSet fetch(@NotEmpty @Nonnull String str, @Nonnull URI uri, @Nonnull String str2, @Nonnull Instant instant) {
        String uri2 = uri.toString();
        StorageCapabilities capabilities = this.storage.getCapabilities();
        if (str.length() > capabilities.getContextSize()) {
            this.log.error("context {} too long for StorageService (limit {})", str, Integer.valueOf(capabilities.getContextSize()));
            return null;
        }
        try {
            StorageRecord read = this.storage.read(str, uri2);
            if (read == null) {
                this.log.debug("JWK set '{}' was not in the cache, fetching it", uri2);
                return fetchAndStore(str, uri2, uri, instant);
            }
            JWKSet parse = JWKSet.parse(read.getValue());
            if (parse.getKeyByKeyId(str2) != null) {
                this.log.debug("Cached JWK set '{}' found and will be returned, expires at {}", uri2, read.getExpiration());
                return parse;
            }
            this.log.debug("Cached JWK set does not contain the keyId '{}', ignoring expiry and re-fetching", str2);
            this.storage.delete(str, uri2);
            return fetchAndStore(str, uri2, uri, instant);
        } catch (IOException | ParseException e) {
            this.log.error("Exception reading/writing to storage service", e);
            return null;
        }
    }
}
