package org.mitre.jwt.signer.service.impl;

import com.google.common.base.Strings;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.mitre.jose.keystore.JWKSetKeyStore;
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
import org.mitre.jwt.encryption.service.impl.DefaultJWTEncryptionAndDecryptionService;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/openid-connect-common-1.3.0.jar:org/mitre/jwt/signer/service/impl/ClientKeyCacheService.class */
public class ClientKeyCacheService {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) ClientKeyCacheService.class);

    @Autowired
    private JWKSetCacheService jwksUriCache = new JWKSetCacheService();

    @Autowired
    private SymmetricKeyJWTValidatorCacheService symmetricCache = new SymmetricKeyJWTValidatorCacheService();
    private LoadingCache<JWKSet, JWTSigningAndValidationService> jwksValidators = CacheBuilder.newBuilder().expireAfterWrite(1, TimeUnit.HOURS).maximumSize(100).build(new JWKSetVerifierBuilder());
    private LoadingCache<JWKSet, JWTEncryptionAndDecryptionService> jwksEncrypters = CacheBuilder.newBuilder().expireAfterWrite(1, TimeUnit.HOURS).maximumSize(100).build(new JWKSetEncryptorBuilder());

    /* loaded from: input_file:WEB-INF/lib/openid-connect-common-1.3.0.jar:org/mitre/jwt/signer/service/impl/ClientKeyCacheService$JWKSetEncryptorBuilder.class */
    private class JWKSetEncryptorBuilder extends CacheLoader<JWKSet, JWTEncryptionAndDecryptionService> {
        private JWKSetEncryptorBuilder() {
        }

        @Override // com.google.common.cache.CacheLoader
        public JWTEncryptionAndDecryptionService load(JWKSet jWKSet) throws Exception {
            return new DefaultJWTEncryptionAndDecryptionService(new JWKSetKeyStore(jWKSet));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/openid-connect-common-1.3.0.jar:org/mitre/jwt/signer/service/impl/ClientKeyCacheService$JWKSetVerifierBuilder.class */
    private class JWKSetVerifierBuilder extends CacheLoader<JWKSet, JWTSigningAndValidationService> {
        private JWKSetVerifierBuilder() {
        }

        @Override // com.google.common.cache.CacheLoader
        public JWTSigningAndValidationService load(JWKSet jWKSet) throws Exception {
            return new DefaultJWTSigningAndValidationService(new JWKSetKeyStore(jWKSet));
        }
    }

    public JWTSigningAndValidationService getValidator(ClientDetailsEntity clientDetailsEntity, JWSAlgorithm jWSAlgorithm) {
        try {
            if (jWSAlgorithm.equals(JWSAlgorithm.RS256) || jWSAlgorithm.equals(JWSAlgorithm.RS384) || jWSAlgorithm.equals(JWSAlgorithm.RS512) || jWSAlgorithm.equals(JWSAlgorithm.ES256) || jWSAlgorithm.equals(JWSAlgorithm.ES384) || jWSAlgorithm.equals(JWSAlgorithm.ES512) || jWSAlgorithm.equals(JWSAlgorithm.PS256) || jWSAlgorithm.equals(JWSAlgorithm.PS384) || jWSAlgorithm.equals(JWSAlgorithm.PS512)) {
                if (clientDetailsEntity.getJwks() != null) {
                    return this.jwksValidators.get(clientDetailsEntity.getJwks());
                }
                if (Strings.isNullOrEmpty(clientDetailsEntity.getJwksUri())) {
                    return null;
                }
                return this.jwksUriCache.getValidator(clientDetailsEntity.getJwksUri());
            }
            if (jWSAlgorithm.equals(JWSAlgorithm.HS256) || jWSAlgorithm.equals(JWSAlgorithm.HS384) || jWSAlgorithm.equals(JWSAlgorithm.HS512)) {
                return this.symmetricCache.getSymmetricValidtor(clientDetailsEntity);
            }
            return null;
        } catch (UncheckedExecutionException | ExecutionException e) {
            logger.error("Problem loading client validator", e);
            return null;
        }
    }

    public JWTEncryptionAndDecryptionService getEncrypter(ClientDetailsEntity clientDetailsEntity) {
        try {
            if (clientDetailsEntity.getJwks() != null) {
                return this.jwksEncrypters.get(clientDetailsEntity.getJwks());
            }
            if (Strings.isNullOrEmpty(clientDetailsEntity.getJwksUri())) {
                return null;
            }
            return this.jwksUriCache.getEncrypter(clientDetailsEntity.getJwksUri());
        } catch (UncheckedExecutionException | ExecutionException e) {
            logger.error("Problem loading client encrypter", e);
            return null;
        }
    }
}
