package io.scalecube.security.tokens.jwt.vault;

import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import io.scalecube.security.tokens.jwt.KeyProvider;
import io.scalecube.security.tokens.jwt.Utils;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.Key;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.Exceptions;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Scheduler;
import reactor.core.scheduler.Schedulers;

/* loaded from: input_file:io/scalecube/security/tokens/jwt/vault/VaultJwksKeyProvider.class */
public final class VaultJwksKeyProvider implements KeyProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(VaultJwksKeyProvider.class);
    private final Scheduler scheduler = Schedulers.newSingle("vault-jwks", true);
    private final ObjectMapper mapper = initMapper();
    private final String jwksUri;

    public VaultJwksKeyProvider(String str) {
        this.jwksUri = str;
    }

    @Override // io.scalecube.security.tokens.jwt.KeyProvider
    public Mono<Key> findKey(String str) {
        return Mono.defer(this::callJwksUri).map(inputStream -> {
            return toRsaKey(inputStream, str);
        }).doOnSubscribe(subscription -> {
            LOGGER.debug("[findKey] Looking up key in jwks, kid: {}", str);
        }).subscribeOn(this.scheduler);
    }

    private Mono<? extends InputStream> callJwksUri() {
        return Mono.fromFuture(HttpClient.newHttpClient().sendAsync(HttpRequest.newBuilder().uri(URI.create(this.jwksUri)).build(), HttpResponse.BodyHandlers.ofInputStream()).thenApply((v0) -> {
            return v0.body();
        }));
    }

    private Key toRsaKey(InputStream inputStream, String str) {
        return (Key) getKeyList(inputStream).keys().stream().filter(vaultJwk -> {
            return str.equals(vaultJwk.kid());
        }).filter(vaultJwk2 -> {
            return "RSA".equals(vaultJwk2.kty());
        }).filter(vaultJwk3 -> {
            return "sig".equals(vaultJwk3.use());
        }).findFirst().map(vaultJwk4 -> {
            return Utils.getRsaPublicKey(vaultJwk4.modulus(), vaultJwk4.exponent());
        }).orElseThrow(() -> {
            return new RuntimeException("Key was not found, kid: " + str);
        });
    }

    private VaultJwkList getKeyList(InputStream inputStream) {
        try {
            return (VaultJwkList) this.mapper.readValue(inputStream, VaultJwkList.class);
        } catch (IOException e) {
            throw Exceptions.propagate(e);
        }
    }

    private static ObjectMapper initMapper() {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        objectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
        objectMapper.configure(DeserializationFeature.READ_UNKNOWN_ENUM_VALUES_AS_NULL, true);
        objectMapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);
        objectMapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY);
        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        return objectMapper;
    }
}
