package io.jenkins.plugin.auth.jwt.impl;

import hudson.Extension;
import io.jenkins.plugin.auth.jwt.JwtSigningKeyProvider;
import io.jenkins.plugin.auth.jwt.JwtToken;
import io.jenkins.plugin.auth.jwt.SigningKey;
import io.jenkins.plugin.auth.jwt.SigningPublicKey;
import io.jenkins.plugin.auth.jwt.commons.ServiceException;
import java.io.IOException;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Extension(ordinal = -9999.0d)
/* loaded from: input_file:io/jenkins/plugin/auth/jwt/impl/SigningKeyProviderImpl.class */
public class SigningKeyProviderImpl extends JwtSigningKeyProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(SigningKeyProviderImpl.class.getName());
    private static final Pattern YYYYMM = Pattern.compile("[0-9]{6}");
    private static final DateTimeFormatter DATE_FORMAT = DateTimeFormatter.ofPattern("yyyyMM").withZone(ZoneOffset.UTC);
    private final AtomicReference<JwtRsaDigitalSignatureKey> key = new AtomicReference<>();

    @Override // io.jenkins.plugin.auth.jwt.JwtSigningKeyProvider
    public SigningKey select(JwtToken jwtToken) {
        String format = DATE_FORMAT.format(Instant.now());
        JwtRsaDigitalSignatureKey jwtRsaDigitalSignatureKey = this.key.get();
        if (jwtRsaDigitalSignatureKey == null || !jwtRsaDigitalSignatureKey.getId().equals(format)) {
            AtomicReference<JwtRsaDigitalSignatureKey> atomicReference = this.key;
            JwtRsaDigitalSignatureKey jwtRsaDigitalSignatureKey2 = new JwtRsaDigitalSignatureKey(format);
            jwtRsaDigitalSignatureKey = jwtRsaDigitalSignatureKey2;
            atomicReference.set(jwtRsaDigitalSignatureKey2);
        }
        return jwtRsaDigitalSignatureKey.toSigningKey();
    }

    @Override // io.jenkins.plugin.auth.jwt.JwtSigningKeyProvider
    public SigningPublicKey getPublicKey(String str) {
        if (!YYYYMM.matcher(str).matches()) {
            return null;
        }
        JwtRsaDigitalSignatureKey jwtRsaDigitalSignatureKey = new JwtRsaDigitalSignatureKey(str);
        try {
            if (jwtRsaDigitalSignatureKey.exists()) {
                return new SigningPublicKey(str, jwtRsaDigitalSignatureKey.getPublicKey());
            }
            return null;
        } catch (IOException e) {
            LOGGER.warn("Error reading RSA key for id {}: {}", new Object[]{str, e.getMessage(), e});
            throw new ServiceException.UnexpectedErrorException("Unexpected error: " + e.getMessage(), e);
        }
    }
}
