package org.forgerock.openam.authentication.modules.oidc;

import com.iplanet.sso.SSOToken;
import com.sun.identity.common.HttpURLConnectionManager;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceListener;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.concurrent.ConcurrentHashMap;
import javax.inject.Inject;
import org.forgerock.jaspi.modules.openid.exceptions.FailedToLoadJWKException;
import org.forgerock.jaspi.modules.openid.resolvers.OpenIdResolver;
import org.forgerock.jaspi.modules.openid.resolvers.OpenIdResolverFactory;

/* loaded from: input_file:org/forgerock/openam/authentication/modules/oidc/OpenIdResolverCacheImpl.class */
public class OpenIdResolverCacheImpl implements OpenIdResolverCache {
    private static Debug logger = Debug.getInstance("amAuth");
    private final OpenIdResolverFactory openIdResolverFactory;
    private final ConcurrentHashMap<String, OpenIdResolver> resolverMap = new ConcurrentHashMap<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/authentication/modules/oidc/OpenIdResolverCacheImpl$OpenIDResolveCacheChangeListener.class */
    public final class OpenIDResolveCacheChangeListener implements ServiceListener {
        private OpenIDResolveCacheChangeListener() {
        }

        public void schemaChanged(String str, String str2) {
            OpenIdResolverCacheImpl.logger.warning("The schemaChanged ServiceListener method was invoked for service " + str + ". This is unexpected.");
        }

        public void globalConfigChanged(String str, String str2, String str3, String str4, int i) {
            OpenIdResolverCacheImpl.logger.warning("The globalConfigChanged ServiceListener method was invoked for service " + str);
        }

        public void organizationConfigChanged(String str, String str2, String str3, String str4, String str5, int i) {
            if (OpenIdResolverCacheImpl.logger.messageEnabled()) {
                OpenIdResolverCacheImpl.logger.message("Clearing OpenId Resolver Cache.");
            }
            OpenIdResolverCacheImpl.this.resolverMap.clear();
        }
    }

    @Inject
    OpenIdResolverCacheImpl(OpenIdResolverFactory openIdResolverFactory) {
        this.openIdResolverFactory = openIdResolverFactory;
        addServiceListener();
    }

    private void addServiceListener() {
        try {
            if (new ServiceConfigManager((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), "sunAMAuthOAuthService", "1.0").addListener(new OpenIDResolveCacheChangeListener()) == null) {
                logger.error("Could not add listener to ServiceConfigManager instance. OpenID Authentication Module changes will not be dynamically updated.");
            }
        } catch (Exception e) {
            logger.error("OpenIDResolverCacheImpl::Unable to construct ServiceConfigManager: " + e, e);
        }
    }

    @Override // org.forgerock.openam.authentication.modules.oidc.OpenIdResolverCache
    public OpenIdResolver getResolverForIssuer(String str) {
        return this.resolverMap.get(str);
    }

    @Override // org.forgerock.openam.authentication.modules.oidc.OpenIdResolverCache
    public OpenIdResolver createResolver(String str, String str2, String str3, URL url) throws FailedToLoadJWKException {
        OpenIdResolver createJWKResolver;
        if ("client_secret".equals(str2)) {
            createJWKResolver = this.openIdResolverFactory.createSharedSecretResolver(str, str3);
        } else if (".well-known/openid-configuration_url".equals(str2)) {
            createJWKResolver = this.openIdResolverFactory.createFromOpenIDConfigUrl(url);
            if (!str.equals(createJWKResolver.getIssuer())) {
                throw new IllegalStateException("The specified issuer, " + str + ", does not match the issuer, " + createJWKResolver.getIssuer() + " referenced by the configuration url, " + str3);
            }
        } else {
            if (!"jwk_url".equals(str2)) {
                throw new IllegalArgumentException("The specified cryptoContextType, " + str2 + " was unexpected!");
            }
            createJWKResolver = this.openIdResolverFactory.createJWKResolver(str, url, HttpURLConnectionManager.getReadTimeout(), HttpURLConnectionManager.getConnectTimeout());
        }
        OpenIdResolver putIfAbsent = this.resolverMap.putIfAbsent(str3, createJWKResolver);
        return putIfAbsent != null ? putIfAbsent : createJWKResolver;
    }
}
