package org.apache.tomee.microprofile.jwt.config;

import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.io.StringWriter;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.enterprise.inject.spi.DeploymentException;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonValue;
import javax.json.stream.JsonParsingException;
import org.apache.openejb.server.httpd.HttpResponseImpl;
import org.apache.wss4j.common.crypto.Merlin;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:lib/mp-jwt-8.0.3.jar:org/apache/tomee/microprofile/jwt/config/PublicKeyResolver.class */
public class PublicKeyResolver {
    public Optional<Map<String, Key>> resolve(Optional<String> optional, Optional<String> optional2) {
        return Stream.of((Object[]) new Supplier[]{() -> {
            return optional.map(this::readPublicKeys);
        }, () -> {
            return optional2.map(this::readPublicKeysFromLocation);
        }}).map((v0) -> {
            return v0.get();
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findFirst();
    }

    public Map<String, Key> readPublicKeys(String str) {
        return (Map) Stream.of((Object[]) new Supplier[]{() -> {
            return parsePCKS8(str);
        }, () -> {
            return parseJwk(str);
        }, () -> {
            return parseJwkDecoded(str);
        }, () -> {
            return parseJwks(str);
        }, () -> {
            return parseJwksDecoded(str);
        }}).map((v0) -> {
            return v0.get();
        }).filter(map -> {
            return !map.isEmpty();
        }).findFirst().orElseThrow(() -> {
            return new DeploymentException(HttpResponseImpl.CSP + str);
        });
    }

    private Map<String, Key> readPublicKeysFromLocation(String str) {
        return (Map) Stream.of((Object[]) new Supplier[]{() -> {
            return readPublicKeysFromClasspath(str);
        }, () -> {
            return readPublicKeysFromFile(str);
        }, () -> {
            return readPublicKeysFromHttp(str);
        }, () -> {
            return readPublicKeysFromUrl(str);
        }}).map((v0) -> {
            return v0.get();
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findFirst().map(this::readPublicKeys).orElseThrow(() -> {
            return new DeploymentException(JWTAuthConfigurationProperties.PUBLIC_KEY_ERROR_LOCATION + str);
        });
    }

    private Optional<String> readPublicKeysFromClasspath(String str) {
        try {
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
            return resourceAsStream == null ? Optional.empty() : Optional.of(readPublicKeyFromInputStream(resourceAsStream));
        } catch (IOException e) {
            throw new DeploymentException(JWTAuthConfigurationProperties.PUBLIC_KEY_ERROR_LOCATION + str, e);
        }
    }

    private Optional<String> readPublicKeysFromFile(String str) {
        if (!str.startsWith(Merlin.OLD_KEYSTORE_FILE)) {
            return Optional.empty();
        }
        try {
            URL url = new URL(str);
            File file = new File(url.toURI());
            if (!file.exists() || file.isDirectory()) {
                throw new DeploymentException(JWTAuthConfigurationProperties.PUBLIC_KEY_ERROR_LOCATION + str + ". File does not exist or it is a directory.");
            }
            return Optional.of(readPublicKeyFromInputStream(url.openStream()));
        } catch (IOException | URISyntaxException e) {
            throw new DeploymentException(JWTAuthConfigurationProperties.PUBLIC_KEY_ERROR_LOCATION + str, e);
        }
    }

    private Optional<String> readPublicKeysFromHttp(String str) {
        if (!str.startsWith("http")) {
            return Optional.empty();
        }
        try {
            return Optional.of(readPublicKeyFromInputStream(new URL(str).openStream()));
        } catch (IOException e) {
            throw new DeploymentException(JWTAuthConfigurationProperties.PUBLIC_KEY_ERROR_LOCATION + str, e);
        }
    }

    private Optional<String> readPublicKeysFromUrl(String str) {
        try {
            return Optional.of(readPublicKeyFromInputStream(new URL(str).openStream()));
        } catch (IOException e) {
            throw new DeploymentException(JWTAuthConfigurationProperties.PUBLIC_KEY_ERROR_LOCATION + str, e);
        }
    }

    private String readPublicKeyFromInputStream(InputStream inputStream) throws IOException {
        StringWriter stringWriter = new StringWriter();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        Throwable th = null;
        try {
            try {
                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                    stringWriter.write(readLine);
                    stringWriter.write(10);
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (Throwable th3) {
            if (bufferedReader != null) {
                if (th != null) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            throw th3;
        }
    }

    private Map<String, Key> parsePCKS8(String str) {
        try {
            return Collections.singletonMap(null, KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(normalizeAndDecodePCKS8(str))));
        } catch (IllegalArgumentException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            return Collections.emptyMap();
        }
    }

    private Map<String, Key> parseJwk(String str) {
        try {
            JsonObject readObject = Json.createReader(new StringReader(str)).readObject();
            if (readObject.containsKey("keys")) {
                return Collections.emptyMap();
            }
            validateJwk(readObject);
            try {
                JsonWebKey newJwk = JsonWebKey.Factory.newJwk(str);
                return Collections.singletonMap(newJwk.getKeyId(), newJwk.getKey());
            } catch (JoseException e) {
                throw new DeploymentException("Could not read MicroProfile Public Key JWK.", e);
            }
        } catch (JsonParsingException e2) {
            return Collections.emptyMap();
        }
    }

    private Map<String, Key> parseJwkDecoded(String str) {
        try {
            return parseJwk(new String(Base64.getDecoder().decode(str)));
        } catch (Exception e) {
            return Collections.emptyMap();
        }
    }

    private Map<String, Key> parseJwks(String str) {
        try {
            try {
                Iterator<JsonValue> it = Json.createReader(new StringReader(str)).readObject().getJsonArray("keys").iterator();
                while (it.hasNext()) {
                    validateJwk(it.next().asJsonObject());
                }
                try {
                    return Collections.unmodifiableMap((Map) new JsonWebKeySet(str).getJsonWebKeys().stream().collect(Collectors.toMap((v0) -> {
                        return v0.getKeyId();
                    }, (v0) -> {
                        return v0.getKey();
                    })));
                } catch (JoseException e) {
                    throw new DeploymentException("Could not read MicroProfile Public Key JWK.", e);
                }
            } catch (Exception e2) {
                throw new DeploymentException("MicroProfile Public Key JWKS invalid format.");
            }
        } catch (JsonParsingException e3) {
            return Collections.emptyMap();
        }
    }

    private Map<String, Key> parseJwksDecoded(String str) {
        try {
            return parseJwks(new String(Base64.getDecoder().decode(str)));
        } catch (Exception e) {
            return Collections.emptyMap();
        }
    }

    private void validateJwk(JsonObject jsonObject) {
        String string = jsonObject.getString("kty", null);
        if (string == null) {
            throw new DeploymentException("MicroProfile Public Key JWK kty field is missing.");
        }
        if (!JWTAuthConfigurationProperties.JWK_SUPPORTED_KEY_TYPES.contains(string)) {
            throw new DeploymentException("MicroProfile Public Key JWK kty not supported: " + string);
        }
    }

    private byte[] normalizeAndDecodePCKS8(String str) {
        if (str.contains("PRIVATE KEY")) {
            throw new DeploymentException("MicroProfile Public Key is Private.");
        }
        return Base64.getDecoder().decode(str.replaceAll("-----BEGIN (.*)-----", "").replaceAll("-----END (.*)----", "").replaceAll("\r\n", "").replaceAll("\n", ""));
    }
}
