package org.apereo.cas.oidc.jwks;

import com.github.benmanes.caffeine.cache.CacheLoader;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.rotation.OidcJsonWebKeystoreRotationService;
import org.apereo.cas.util.LoggingUtils;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.PublicJsonWebKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/jwks/OidcDefaultJsonWebKeystoreCacheLoader.class */
public class OidcDefaultJsonWebKeystoreCacheLoader implements CacheLoader<OidcJsonWebKeyCacheKey, Optional<JsonWebKeySet>> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcDefaultJsonWebKeystoreCacheLoader.class);
    private final OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService;

    private static JsonWebKeySet getJsonWebKeysFromJwks(JsonWebKeySet jsonWebKeySet, OidcJsonWebKeyCacheKey oidcJsonWebKeyCacheKey) {
        Stream filter = ((List) OidcJsonWebKeyStoreUtils.getJsonWebKeyFromJsonWebKeySet(jsonWebKeySet, Optional.empty(), Optional.of(oidcJsonWebKeyCacheKey.getUsage())).map((v0) -> {
            return v0.getJsonWebKeys();
        }).orElseGet(ArrayList::new)).stream().filter(jsonWebKey -> {
            return OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.getJsonWebKeyState(jsonWebKey).isCurrent();
        });
        Class<PublicJsonWebKey> cls = PublicJsonWebKey.class;
        Objects.requireNonNull(PublicJsonWebKey.class);
        return new JsonWebKeySet((List<? extends JsonWebKey>) filter.map((v1) -> {
            return r3.cast(v1);
        }).filter(publicJsonWebKey -> {
            return publicJsonWebKey.getPrivateKey() != null;
        }).collect(Collectors.toList()));
    }

    @Override // com.github.benmanes.caffeine.cache.CacheLoader
    public Optional<JsonWebKeySet> load(OidcJsonWebKeyCacheKey oidcJsonWebKeyCacheKey) {
        Optional<JsonWebKeySet> buildJsonWebKeySet = buildJsonWebKeySet(oidcJsonWebKeyCacheKey);
        if (buildJsonWebKeySet.isEmpty()) {
            LOGGER.warn("JSON web keystore retrieved is empty for issuer [{}]", oidcJsonWebKeyCacheKey.getIssuer());
            return Optional.empty();
        }
        JsonWebKeySet jsonWebKeySet = buildJsonWebKeySet.get();
        if (jsonWebKeySet.getJsonWebKeys().isEmpty()) {
            LOGGER.warn("JSON web keystore retrieved [{}] contains no JSON web keys", jsonWebKeySet);
            return Optional.empty();
        }
        JsonWebKeySet jsonWebKeysFromJwks = getJsonWebKeysFromJwks(jsonWebKeySet, oidcJsonWebKeyCacheKey);
        LOGGER.debug("Found JSON web key as [{}]", jsonWebKeysFromJwks);
        return jsonWebKeysFromJwks.getJsonWebKeys().isEmpty() ? Optional.empty() : Optional.of(jsonWebKeysFromJwks);
    }

    protected JsonWebKeySet buildJsonWebKeySet(Resource resource, OidcJsonWebKeyCacheKey oidcJsonWebKeyCacheKey) throws Exception {
        return getJsonWebKeysFromJwks(OidcJsonWebKeystoreGeneratorService.toJsonWebKeyStore(resource), oidcJsonWebKeyCacheKey);
    }

    protected Optional<JsonWebKeySet> buildJsonWebKeySet(OidcJsonWebKeyCacheKey oidcJsonWebKeyCacheKey) {
        try {
            Resource generateJwksResource = generateJwksResource();
            if (generateJwksResource == null) {
                LOGGER.warn("Unable to load or generate a JWKS resource");
                return Optional.empty();
            }
            LOGGER.trace("Retrieving default JSON web key from [{}]", generateJwksResource);
            JsonWebKeySet buildJsonWebKeySet = buildJsonWebKeySet(generateJwksResource, oidcJsonWebKeyCacheKey);
            if (buildJsonWebKeySet == null || buildJsonWebKeySet.getJsonWebKeys().isEmpty()) {
                LOGGER.warn("No JSON web keys could be found");
                return Optional.empty();
            }
            if (buildJsonWebKeySet.getJsonWebKeys().stream().filter(jsonWebKey -> {
                return StringUtils.isBlank(jsonWebKey.getAlgorithm()) && StringUtils.isBlank(jsonWebKey.getKeyId()) && StringUtils.isBlank(jsonWebKey.getKeyType());
            }).count() != buildJsonWebKeySet.getJsonWebKeys().size()) {
                return Optional.of(buildJsonWebKeySet);
            }
            LOGGER.warn("No valid JSON web keys could be found. The keys that are found in the keystore do not define an algorithm, key id or key type and cannot be used for JWKS operations.");
            return Optional.empty();
        } catch (Exception e) {
            LoggingUtils.warn(LOGGER, e);
            return Optional.empty();
        }
    }

    protected Resource generateJwksResource() throws Exception {
        Resource generate = getOidcJsonWebKeystoreGeneratorService().generate();
        LOGGER.debug("Loading default JSON web key from [{}]", generate);
        return generate;
    }

    @Generated
    public OidcDefaultJsonWebKeystoreCacheLoader(OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService) {
        this.oidcJsonWebKeystoreGeneratorService = oidcJsonWebKeystoreGeneratorService;
    }

    @Generated
    public OidcJsonWebKeystoreGeneratorService getOidcJsonWebKeystoreGeneratorService() {
        return this.oidcJsonWebKeystoreGeneratorService;
    }
}
