package io.smallrye.jwt.auth.principal;

import io.smallrye.jwt.KeyFormat;
import io.smallrye.jwt.util.KeyUtils;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.keys.resolvers.VerificationKeyResolver;
import org.jose4j.keys.resolvers.X509VerificationKeyResolver;
import org.jose4j.lang.UnresolvableKeyException;

/* loaded from: input_file:io/smallrye/jwt/auth/principal/X509KeyLocationResolver.class */
public class X509KeyLocationResolver extends AbstractKeyLocationResolver implements VerificationKeyResolver {
    private X509VerificationKeyResolver resolver;

    public X509KeyLocationResolver(JWTAuthContextInfo jWTAuthContextInfo) throws UnresolvableKeyException {
        super(jWTAuthContextInfo);
        try {
            initializeInternalResolver();
            if (this.resolver == null) {
                throw PrincipalMessages.msg.failedToLoadCertificates();
            }
        } catch (Exception e) {
            reportLoadKeyException(jWTAuthContextInfo.getPublicKeyContent(), jWTAuthContextInfo.getPublicKeyLocation(), e);
        }
    }

    @Override // org.jose4j.keys.resolvers.VerificationKeyResolver
    public Key resolveKey(JsonWebSignature jsonWebSignature, List<JsonWebStructure> list) throws UnresolvableKeyException {
        return this.resolver.resolveKey(jsonWebSignature, list);
    }

    protected void initializeInternalResolver() throws Exception {
        if (isHttpsJwksInitialized(this.authContextInfo.getPublicKeyLocation())) {
            initializeInternalResolverFromJwks(this.httpsJwks.getJsonWebKeys());
            return;
        }
        String publicKeyContent = this.authContextInfo.getPublicKeyContent() != null ? this.authContextInfo.getPublicKeyContent() : readKeyContent(this.authContextInfo.getPublicKeyLocation());
        if (mayBeFormat(KeyFormat.JWK) || mayBeFormat(KeyFormat.JWK_BASE64URL)) {
            loadFromJwk(publicKeyContent, null, null);
            if (this.jsonWebKeys != null) {
                initializeInternalResolverFromJwks(this.jsonWebKeys);
                return;
            }
        }
        initializeInternalResolverFromPEMCertificate(publicKeyContent);
    }

    private void initializeInternalResolverFromJwks(List<JsonWebKey> list) throws Exception {
        List list2;
        LinkedList linkedList = new LinkedList();
        for (JsonWebKey jsonWebKey : list) {
            if (jsonWebKey.getAlgorithm() == null || (this.authContextInfo.getSignatureAlgorithm().getAlgorithm().equals(jsonWebKey.getAlgorithm()) && (jsonWebKey instanceof RsaJsonWebKey))) {
                List<X509Certificate> certificateChain = ((RsaJsonWebKey) jsonWebKey).getCertificateChain();
                if (certificateChain == null && (list2 = (List) jsonWebKey.getOtherParameterValue("x5c", List.class)) != null && !list2.isEmpty()) {
                    certificateChain = Collections.singletonList(KeyUtils.getCertificate((String) list2.get(0)));
                }
                if (certificateChain != null && certificateChain.size() > 0) {
                    linkedList.add(certificateChain.get(0));
                }
            }
        }
        this.resolver = new X509VerificationKeyResolver(linkedList);
    }

    void initializeInternalResolverFromPEMCertificate(String str) {
        X509Certificate loadPEMCertificate = super.loadPEMCertificate(str);
        if (loadPEMCertificate != null) {
            this.resolver = new X509VerificationKeyResolver(loadPEMCertificate);
        }
    }
}
