package io.spiffe.bundle.jwtbundle;

import com.networknt.rule.RuleConstants;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import io.spiffe.bundle.BundleSource;
import io.spiffe.exception.AuthorityNotFoundException;
import io.spiffe.exception.BundleNotFoundException;
import io.spiffe.exception.JwtBundleException;
import io.spiffe.internal.JwtSignatureAlgorithm;
import io.spiffe.spiffeid.TrustDomain;
import java.io.IOException;
import java.nio.file.Path;
import java.security.KeyException;
import java.security.PublicKey;
import java.text.ParseException;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import lombok.Generated;
import lombok.NonNull;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:io/spiffe/bundle/jwtbundle/JwtBundle.class */
public final class JwtBundle implements BundleSource<JwtBundle> {
    private final TrustDomain trustDomain;
    private final Map<String, PublicKey> jwtAuthorities;

    public JwtBundle(@NonNull TrustDomain trustDomain) {
        if (trustDomain == null) {
            throw new NullPointerException("trustDomain is marked non-null but is null");
        }
        this.trustDomain = trustDomain;
        this.jwtAuthorities = new ConcurrentHashMap();
    }

    public JwtBundle(@NonNull TrustDomain trustDomain, @NonNull Map<String, PublicKey> map) {
        if (trustDomain == null) {
            throw new NullPointerException("trustDomain is marked non-null but is null");
        }
        if (map == null) {
            throw new NullPointerException("jwtAuthorities is marked non-null but is null");
        }
        this.trustDomain = trustDomain;
        this.jwtAuthorities = new ConcurrentHashMap(map);
    }

    public static JwtBundle load(@NonNull TrustDomain trustDomain, @NonNull Path path) throws KeyException, JwtBundleException {
        if (trustDomain == null) {
            throw new NullPointerException("trustDomain is marked non-null but is null");
        }
        if (path == null) {
            throw new NullPointerException("bundlePath is marked non-null but is null");
        }
        try {
            return toJwtBundle(trustDomain, JWKSet.load(path.toFile()));
        } catch (JOSEException | IOException | IllegalArgumentException | ParseException e) {
            throw new JwtBundleException(String.format("Could not load bundle from file: %s", path.toString()), e);
        }
    }

    public static JwtBundle parse(@NonNull TrustDomain trustDomain, @NonNull byte[] bArr) throws JwtBundleException {
        if (trustDomain == null) {
            throw new NullPointerException("trustDomain is marked non-null but is null");
        }
        if (bArr == null) {
            throw new NullPointerException("bundleBytes is marked non-null but is null");
        }
        try {
            return toJwtBundle(trustDomain, JWKSet.parse(new String(bArr)));
        } catch (JOSEException | KeyException | ParseException e) {
            throw new JwtBundleException("Could not parse bundle from bytes", e);
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.spiffe.bundle.BundleSource
    public JwtBundle getBundleForTrustDomain(TrustDomain trustDomain) throws BundleNotFoundException {
        if (this.trustDomain.equals(trustDomain)) {
            return this;
        }
        throw new BundleNotFoundException(String.format("No JWT bundle found for trust domain %s", trustDomain));
    }

    public Map<String, PublicKey> getJwtAuthorities() {
        return Collections.unmodifiableMap(this.jwtAuthorities);
    }

    public PublicKey findJwtAuthority(String str) throws AuthorityNotFoundException {
        PublicKey publicKey = this.jwtAuthorities.get(str);
        if (publicKey != null) {
            return publicKey;
        }
        throw new AuthorityNotFoundException(String.format("No authority found for the trust domain %s and key id %s", this.trustDomain, str));
    }

    public boolean hasJwtAuthority(String str) {
        return this.jwtAuthorities.containsKey(str);
    }

    public void putJwtAuthority(@NonNull String str, @NonNull PublicKey publicKey) {
        if (str == null) {
            throw new NullPointerException("keyId is marked non-null but is null");
        }
        if (publicKey == null) {
            throw new NullPointerException("jwtAuthority is marked non-null but is null");
        }
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("KeyId cannot be empty");
        }
        this.jwtAuthorities.put(str, publicKey);
    }

    public void removeJwtAuthority(String str) {
        this.jwtAuthorities.remove(str);
    }

    private static JwtBundle toJwtBundle(TrustDomain trustDomain, JWKSet jWKSet) throws JwtBundleException, JOSEException, ParseException, KeyException {
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        for (JWK jwk : jWKSet.getKeys()) {
            concurrentHashMap.put(getKeyId(jwk), getPublicKey(jwk));
        }
        return new JwtBundle(trustDomain, concurrentHashMap);
    }

    private static String getKeyId(JWK jwk) throws JwtBundleException {
        String keyID = jwk.getKeyID();
        if (StringUtils.isBlank(keyID)) {
            throw new JwtBundleException("Error adding authority of JWKS: keyID cannot be empty");
        }
        return keyID;
    }

    private static PublicKey getPublicKey(JWK jwk) throws JOSEException, ParseException, KeyException {
        PublicKey publicKey;
        switch (JwtSignatureAlgorithm.Family.parse(jwk.getKeyType().getValue())) {
            case EC:
                publicKey = ECKey.parse(jwk.toJSONString()).toPublicKey();
                break;
            case RSA:
                publicKey = RSAKey.parse(jwk.toJSONString()).toPublicKey();
                break;
            default:
                throw new KeyException(String.format("Key Type not supported: %s", jwk.getKeyType().getValue()));
        }
        return publicKey;
    }

    @Generated
    public TrustDomain getTrustDomain() {
        return this.trustDomain;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof JwtBundle)) {
            return false;
        }
        JwtBundle jwtBundle = (JwtBundle) obj;
        TrustDomain trustDomain = getTrustDomain();
        TrustDomain trustDomain2 = jwtBundle.getTrustDomain();
        if (trustDomain == null) {
            if (trustDomain2 != null) {
                return false;
            }
        } else if (!trustDomain.equals(trustDomain2)) {
            return false;
        }
        Map<String, PublicKey> jwtAuthorities = getJwtAuthorities();
        Map<String, PublicKey> jwtAuthorities2 = jwtBundle.getJwtAuthorities();
        return jwtAuthorities == null ? jwtAuthorities2 == null : jwtAuthorities.equals(jwtAuthorities2);
    }

    @Generated
    public int hashCode() {
        TrustDomain trustDomain = getTrustDomain();
        int hashCode = (1 * 59) + (trustDomain == null ? 43 : trustDomain.hashCode());
        Map<String, PublicKey> jwtAuthorities = getJwtAuthorities();
        return (hashCode * 59) + (jwtAuthorities == null ? 43 : jwtAuthorities.hashCode());
    }

    @Generated
    public String toString() {
        return "JwtBundle(trustDomain=" + getTrustDomain() + ", jwtAuthorities=" + getJwtAuthorities() + RuleConstants.RIGHT_PARENTHESIS;
    }
}
