package org.apache.tomee.microprofile.jwt.config;

import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.context.Initialized;
import jakarta.enterprise.event.Observes;
import jakarta.enterprise.inject.spi.DeploymentException;
import jakarta.servlet.ServletContext;
import java.security.Key;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import org.apache.openejb.util.CachedSupplier;
import org.apache.openejb.util.Duration;
import org.apache.openejb.util.Logger;
import org.apache.tomee.microprofile.jwt.JWTLogCategories;
import org.apache.tomee.microprofile.jwt.keys.DecryptKeys;
import org.apache.tomee.microprofile.jwt.keys.FixedKeys;
import org.apache.tomee.microprofile.jwt.keys.PublicKeys;
import org.eclipse.microprofile.config.Config;
import org.eclipse.microprofile.config.ConfigProvider;
import org.eclipse.microprofile.jwt.config.Names;

@ApplicationScoped
/* loaded from: input_file:lib/mp-jwt-9.0.0.jar:org/apache/tomee/microprofile/jwt/config/JWTAuthConfigurationProperties.class */
public class JWTAuthConfigurationProperties {
    public static final String PUBLIC_KEY_ERROR = "Could not read MicroProfile Public Key";
    public static final String PUBLIC_KEY_ERROR_LOCATION = "Could not read MicroProfile Public Key from Location: ";
    private Config config;
    private JWTAuthConfiguration jwtAuthConfiguration;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/mp-jwt-9.0.0.jar:org/apache/tomee/microprofile/jwt/config/JWTAuthConfigurationProperties$Keys.class */
    public enum Keys {
        VERIFY(Names.VERIFIER_PUBLIC_KEY, "tomee.jwt.verify.publickey"),
        DECRYPT("mp.jwt.decrypt.key", "tomee.jwt.decrypt.key");

        private final String mpPrefix;
        private final String tomeePrefix;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:lib/mp-jwt-9.0.0.jar:org/apache/tomee/microprofile/jwt/config/JWTAuthConfigurationProperties$Keys$Options.class */
        public class Options {
            private final Config config;

            public Options(Config config) {
                this.config = config;
            }

            Optional<String> contents() {
                return this.config.getOptionalValue(Keys.this.mpPrefix, String.class);
            }

            Optional<String> location() {
                return this.config.getOptionalValue(Keys.this.mpPrefix + ".location", String.class);
            }

            boolean cached() {
                return ((Boolean) this.config.getOptionalValue(Keys.this.tomeePrefix + ".cache", Boolean.class).orElse(Boolean.valueOf(location().filter(str -> {
                    return str.startsWith("http");
                }).isPresent()))).booleanValue();
            }

            Duration initialRetryDelay() {
                return (Duration) this.config.getOptionalValue(Keys.this.tomeePrefix + ".cache.initialRetryDelay", Duration.class).orElse(new Duration(2L, TimeUnit.SECONDS));
            }

            Duration maxRetryDelay() {
                return (Duration) this.config.getOptionalValue(Keys.this.tomeePrefix + ".cache.maxRetryDelay", Duration.class).orElse(new Duration(1L, TimeUnit.HOURS));
            }

            Duration accessTimeout() {
                return (Duration) this.config.getOptionalValue(Keys.this.tomeePrefix + ".cache.accessTimeout", Duration.class).orElse(new Duration(30L, TimeUnit.SECONDS));
            }

            Duration refreshInterval() {
                return (Duration) this.config.getOptionalValue(Keys.this.tomeePrefix + ".cache.refreshInterval", Duration.class).orElse(new Duration(1L, TimeUnit.DAYS));
            }
        }

        Keys(String str, String str2) {
            this.mpPrefix = str;
            this.tomeePrefix = str2;
        }

        public Supplier<Map<String, Key>> configure(Config config) {
            Supplier decryptKeys;
            Options options = new Options(config);
            Optional<String> contents = options.contents();
            Optional<String> location = options.location();
            if (contents.isEmpty() && location.isEmpty()) {
                return new Unset();
            }
            switch (this) {
                case VERIFY:
                    decryptKeys = new PublicKeys(contents, location);
                    break;
                case DECRYPT:
                    decryptKeys = new DecryptKeys(contents, location);
                    break;
                default:
                    throw new IllegalArgumentException("Unsupported enum value: " + this);
            }
            return options.cached() ? CachedSupplier.builder(decryptKeys).refreshInterval(options.refreshInterval()).initialRetryDelay(options.initialRetryDelay()).maxRetryDelay(options.maxRetryDelay()).accessTimeout(options.accessTimeout()).logger(Logger.getInstance(JWTLogCategories.KEYS, decryptKeys.getClass())).build() : new FixedKeys(decryptKeys.get());
        }
    }

    /* loaded from: input_file:lib/mp-jwt-9.0.0.jar:org/apache/tomee/microprofile/jwt/config/JWTAuthConfigurationProperties$Unset.class */
    public static class Unset implements Supplier<Map<String, Key>> {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public Map<String, Key> get() {
            return Collections.EMPTY_MAP;
        }
    }

    public void init(@Initialized(ApplicationScoped.class) @Observes ServletContext servletContext) {
        this.config = ConfigProvider.getConfig();
        this.jwtAuthConfiguration = createJWTAuthConfiguration();
    }

    public Optional<JWTAuthConfiguration> getJWTAuthConfiguration() {
        return Optional.ofNullable(this.jwtAuthConfiguration);
    }

    private Optional<String> getVerifierPublicKey() {
        return this.config.getOptionalValue(Names.VERIFIER_PUBLIC_KEY, String.class).map(str -> {
            if (str.isEmpty()) {
                return null;
            }
            return str;
        });
    }

    private Optional<String> getPublicKeyLocation() {
        return this.config.getOptionalValue(Names.VERIFIER_PUBLIC_KEY_LOCATION, String.class).map(str -> {
            if (str.isEmpty()) {
                return null;
            }
            return str;
        });
    }

    private Optional<String> getIssuer() {
        return this.config.getOptionalValue(Names.ISSUER, String.class);
    }

    private List<String> getAudiences() {
        String str = (String) this.config.getOptionalValue(Names.AUDIENCES, String.class).orElse(null);
        return str == null ? Collections.EMPTY_LIST : Arrays.asList(str.split(" *, *"));
    }

    private JWTAuthConfiguration createJWTAuthConfiguration() {
        if (getVerifierPublicKey().isPresent() && getPublicKeyLocation().isPresent()) {
            throw new DeploymentException("Both mp.jwt.verify.publickey and mp.jwt.verify.publickey.location are being supplied. You must use only one.");
        }
        List<String> audiences = getAudiences();
        return new JWTAuthConfiguration(Keys.VERIFY.configure(this.config), getIssuer().orElse(null), ((Boolean) this.config.getOptionalValue("mp.jwt.tomee.allow.no-exp", Boolean.class).orElse(false)).booleanValue(), (String[]) audiences.toArray(new String[0]), Keys.DECRYPT.configure(this.config), (String) this.config.getOptionalValue(Names.TOKEN_HEADER, String.class).map((v0) -> {
            return v0.toLowerCase();
        }).orElse("authorization"), (String) this.config.getOptionalValue(Names.TOKEN_COOKIE, String.class).map((v0) -> {
            return v0.toLowerCase();
        }).orElse("bearer"), (String) this.config.getOptionalValue("mp.jwt.decrypt.key.algorithm", String.class).orElse(null), (String) this.config.getOptionalValue(Names.VERIFIER_PUBLIC_KEY_ALGORITHM, String.class).orElse(null));
    }
}
