package io.micronaut.security.token.jwt.signature.jwks;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jwt.SignedJWT;
import io.micronaut.core.annotation.Blocking;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.security.token.jwt.signature.SignatureConfiguration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Mono;

@Deprecated(since = "4.8.0", forRemoval = true)
/* loaded from: input_file:io/micronaut/security/token/jwt/signature/jwks/JwksSignature.class */
public class JwksSignature implements JwksCache, SignatureConfiguration {
    private static final Logger LOG = LoggerFactory.getLogger(JwksSignature.class);
    private final JwkValidator jwkValidator;
    private final JwksSignatureConfiguration jwksSignatureConfiguration;
    private volatile Instant jwkSetCachedAt;
    private volatile JWKSet jwkSet;
    private final JwkSetFetcher<JWKSet> jwkSetFetcher;

    public JwksSignature(JwksSignatureConfiguration jwksSignatureConfiguration, JwkValidator jwkValidator, JwkSetFetcher<JWKSet> jwkSetFetcher) {
        this.jwksSignatureConfiguration = jwksSignatureConfiguration;
        this.jwkValidator = jwkValidator;
        this.jwkSetFetcher = jwkSetFetcher;
    }

    private Optional<JWKSet> computeJWKSet() {
        JWKSet jWKSet = this.jwkSet;
        if (jWKSet == null) {
            synchronized (this) {
                jWKSet = this.jwkSet;
                if (jWKSet == null) {
                    jWKSet = loadJwkSet(this.jwksSignatureConfiguration.getName(), this.jwksSignatureConfiguration.getUrl());
                    this.jwkSet = jWKSet;
                    this.jwkSetCachedAt = Instant.now().plus(this.jwksSignatureConfiguration.getCacheExpiration().intValue(), (TemporalUnit) ChronoUnit.SECONDS);
                }
            }
        }
        return Optional.ofNullable(jWKSet);
    }

    private List<JWK> getJsonWebKeys() {
        return (List) computeJWKSet().map((v0) -> {
            return v0.getKeys();
        }).orElse(Collections.emptyList());
    }

    @Override // io.micronaut.security.token.jwt.signature.jwks.JwksCache
    public boolean isExpired() {
        Instant instant = this.jwkSetCachedAt;
        return instant != null && Instant.now().isAfter(instant);
    }

    @Override // io.micronaut.security.token.jwt.signature.jwks.JwksCache
    public void clear() {
        this.jwkSetFetcher.clearCache(this.jwksSignatureConfiguration.getUrl());
        this.jwkSet = null;
        this.jwkSetCachedAt = null;
    }

    @Override // io.micronaut.security.token.jwt.signature.jwks.JwksCache
    public boolean isPresent() {
        return this.jwkSet != null;
    }

    @Override // io.micronaut.security.token.jwt.signature.jwks.JwksCache
    @NonNull
    public Optional<List<String>> getKeyIds() {
        return computeJWKSet().map((v0) -> {
            return v0.getKeys();
        }).map(list -> {
            return (List) list.stream().map((v0) -> {
                return v0.getKeyID();
            }).collect(Collectors.toList());
        });
    }

    @Override // io.micronaut.security.token.jwt.signature.SignatureConfiguration
    public String supportedAlgorithmsMessage() {
        return JwksSignatureUtils.supportedAlgorithmsMessage(getJsonWebKeys());
    }

    @Override // io.micronaut.security.token.jwt.signature.SignatureConfiguration
    public boolean supports(JWSAlgorithm jWSAlgorithm) {
        return JwksSignatureUtils.supports(jWSAlgorithm, getJsonWebKeys());
    }

    @Override // io.micronaut.security.token.jwt.signature.SignatureConfiguration
    public boolean verify(SignedJWT signedJWT) throws JOSEException {
        return JwksSignatureUtils.verify(signedJWT, computeJWKSet().orElse(null), this.jwkValidator);
    }

    @Blocking
    @Nullable
    @Deprecated(forRemoval = true, since = "4.5.0")
    protected JWKSet loadJwkSet(String str) {
        LOG.debug("Fetching JWK Set from {}", str);
        return (JWKSet) Mono.from(this.jwkSetFetcher.fetch(null, str)).blockOptional().orElse(null);
    }

    @Blocking
    @Nullable
    protected JWKSet loadJwkSet(@Nullable String str, String str2) {
        LOG.debug("Fetching JWK Set from {}", str2);
        return (JWKSet) Mono.from(this.jwkSetFetcher.fetch(str, str2)).blockOptional().orElse(null);
    }

    @Deprecated
    protected List<JWK> matches(SignedJWT signedJWT, @Nullable JWKSet jWKSet) {
        return JwksSignatureUtils.matches(signedJWT, jWKSet, this.jwksSignatureConfiguration.getKeyType());
    }

    protected boolean verify(List<JWK> list, SignedJWT signedJWT) {
        return list.stream().anyMatch(jwk -> {
            return this.jwkValidator.validate(signedJWT, jwk);
        });
    }
}
