package io.jenkins.blueocean.auth.jwt.impl;

import hudson.Extension;
import io.jenkins.blueocean.auth.jwt.JwtSigningKeyProvider;
import io.jenkins.blueocean.auth.jwt.JwtToken;
import io.jenkins.blueocean.auth.jwt.SigningKey;
import io.jenkins.blueocean.auth.jwt.SigningPublicKey;
import io.jenkins.blueocean.commons.ServiceException;
import java.io.IOException;
import java.time.Instant;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;

@Extension(ordinal = -9999.0d)
/* loaded from: input_file:test-dependencies/blueocean-jwt.hpi:WEB-INF/lib/blueocean-jwt.jar:io/jenkins/blueocean/auth/jwt/impl/SigningKeyProviderImpl.class */
public class SigningKeyProviderImpl extends JwtSigningKeyProvider {
    private static final Logger LOGGER = Logger.getLogger(SigningKeyProviderImpl.class.getName());
    private static final Pattern YYYYMM = Pattern.compile("[0-9]{6}");
    private static final DateTimeFormatter DATE_FORMAT = DateTimeFormatter.ofPattern("yyyyMM").withZone(ZoneId.systemDefault());
    private final AtomicReference<JwtRsaDigitalSignatureKey> key = new AtomicReference<>();

    @Override // io.jenkins.blueocean.auth.jwt.JwtSigningKeyProvider
    public SigningKey select(JwtToken jwtToken) {
        String format = DATE_FORMAT.format(Instant.now());
        JwtRsaDigitalSignatureKey jwtRsaDigitalSignatureKey = this.key.get();
        if (jwtRsaDigitalSignatureKey == null || !jwtRsaDigitalSignatureKey.getId().equals(format)) {
            AtomicReference<JwtRsaDigitalSignatureKey> atomicReference = this.key;
            JwtRsaDigitalSignatureKey jwtRsaDigitalSignatureKey2 = new JwtRsaDigitalSignatureKey(format);
            jwtRsaDigitalSignatureKey = jwtRsaDigitalSignatureKey2;
            atomicReference.set(jwtRsaDigitalSignatureKey2);
        }
        return jwtRsaDigitalSignatureKey.toSigningKey();
    }

    @Override // io.jenkins.blueocean.auth.jwt.JwtSigningKeyProvider
    public SigningPublicKey getPublicKey(String str) {
        if (!YYYYMM.matcher(str).matches()) {
            return null;
        }
        JwtRsaDigitalSignatureKey jwtRsaDigitalSignatureKey = new JwtRsaDigitalSignatureKey(str);
        try {
            if (jwtRsaDigitalSignatureKey.exists()) {
                return new SigningPublicKey(str, jwtRsaDigitalSignatureKey.getPublicKey());
            }
            return null;
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, String.format("Error reading RSA key for id %s: %s", str, e.getMessage()), (Throwable) e);
            throw new ServiceException.UnexpectedErrorException("Unexpected error: " + e.getMessage(), e);
        }
    }
}
