package org.apache.tomee.microprofile.jwt.keys;

import io.churchkey.Key;
import io.churchkey.Keys;
import jakarta.enterprise.inject.spi.DeploymentException;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.stream.Stream;
import org.apache.openejb.loader.IO;

/* loaded from: input_file:lib/mp-jwt-9.1.2.jar:org/apache/tomee/microprofile/jwt/keys/KeyResolver.class */
public class KeyResolver {
    public Optional<Map<String, Key>> resolvePublicKey(Optional<String> optional, Optional<String> optional2) {
        return resolve(optional, optional2, this::validatePublicKeys);
    }

    public Optional<Map<String, Key>> resolveDecryptKey(Optional<String> optional, Optional<String> optional2) {
        return resolve(optional, optional2, this::validateDecryptKeys);
    }

    private Optional<Map<String, Key>> resolve(Optional<String> optional, Optional<String> optional2, Consumer<List<io.churchkey.Key>> consumer) {
        return Stream.of((Object[]) new Supplier[]{() -> {
            return optional.map(str -> {
                return readPublicKeys(str, consumer);
            });
        }, () -> {
            return optional2.map(str -> {
                return readPublicKeysFromLocation(str, consumer);
            });
        }}).map((v0) -> {
            return v0.get();
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findFirst();
    }

    public Map<String, Key> readPublicKeys(String str, Consumer<List<io.churchkey.Key>> consumer) {
        String str2;
        try {
            List<io.churchkey.Key> decodeSet = Keys.decodeSet(str);
            if (decodeSet.size() == 0) {
                throw new DeploymentException("No keys found in key contents: " + str);
            }
            consumer.accept(decodeSet);
            int i = 0;
            HashMap hashMap = new HashMap();
            for (io.churchkey.Key key : decodeSet) {
                if (defined(key, "kid")) {
                    str2 = key.getAttribute("kid");
                } else if (defined(key, "Comment")) {
                    str2 = key.getAttribute("Comment");
                } else {
                    int i2 = i;
                    i++;
                    str2 = "Unknown " + i2;
                }
                hashMap.put(str2, key.getKey());
            }
            return hashMap;
        } catch (Exception e) {
            throw new DeploymentException("Unable to decode key contents: " + str, e);
        }
    }

    private void validatePublicKeys(List<io.churchkey.Key> list) {
        checkInvalidTypes(list, Key.Type.PRIVATE);
        checkInvalidTypes(list, Key.Type.SECRET);
    }

    private void validateDecryptKeys(List<io.churchkey.Key> list) {
        checkInvalidTypes(list, Key.Type.PUBLIC);
    }

    private boolean defined(io.churchkey.Key key, String str) {
        String attribute = key.getAttribute(str);
        return attribute != null && attribute.length() > 0;
    }

    private void checkInvalidTypes(List<io.churchkey.Key> list, Key.Type type) {
        Stream<R> map = list.stream().map((v0) -> {
            return v0.getType();
        });
        Objects.requireNonNull(type);
        long count = map.filter((v1) -> {
            return r1.equals(v1);
        }).count();
        if (count > 0) {
            type.name().toLowerCase();
            DeploymentException deploymentException = new DeploymentException("Found " + count + " " + deploymentException + " keys in MP JWT key configuration.  Only Public Keys must be configured for JWT validation");
            throw deploymentException;
        }
    }

    private Map<String, java.security.Key> readPublicKeysFromLocation(String str, Consumer<List<io.churchkey.Key>> consumer) {
        return (Map) Stream.of((Object[]) new Supplier[]{() -> {
            return readPublicKeysFromClasspath(str);
        }, () -> {
            return readPublicKeysFromFile(str);
        }, () -> {
            return readPublicKeysFromUrl(str);
        }}).map((v0) -> {
            return v0.get();
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findFirst().map(str2 -> {
            return readPublicKeys(str2, consumer);
        }).orElseThrow(() -> {
            return new DeploymentException("Could not read MicroProfile Public Key from Location: " + str);
        });
    }

    private Optional<String> readPublicKeysFromClasspath(String str) {
        try {
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
            return resourceAsStream == null ? Optional.empty() : Optional.of(IO.slurp(resourceAsStream));
        } catch (IOException e) {
            throw new DeploymentException("Could not read MicroProfile Public Key from Location: " + str, e);
        }
    }

    private Optional<String> readPublicKeysFromFile(String str) {
        if (!str.startsWith("file")) {
            return Optional.empty();
        }
        try {
            URL url = new URL(str);
            File file = new File(url.toURI());
            if (!file.exists() || file.isDirectory()) {
                throw new DeploymentException("Could not read MicroProfile Public Key from Location: " + str + ". File does not exist or it is a directory.");
            }
            return Optional.of(IO.slurp(url));
        } catch (IOException | URISyntaxException e) {
            throw new DeploymentException("Could not read MicroProfile Public Key from Location: " + str, e);
        }
    }

    private Optional<String> readPublicKeysFromUrl(String str) {
        URI create = URI.create(str);
        return create.getScheme().startsWith("http") ? Optional.of(new String(new HttpLocation(create).get(), StandardCharsets.UTF_8)) : Optional.of(new String(new UrlLocation(create).get(), StandardCharsets.UTF_8));
    }
}
