package io.smallrye.jwt.config;

import io.smallrye.jwt.KeyUtils;
import io.smallrye.jwt.auth.principal.JWTAuthContextInfo;
import java.security.interfaces.RSAPublicKey;
import java.util.Optional;
import javax.enterprise.context.Dependent;
import javax.enterprise.inject.Produces;
import javax.enterprise.inject.spi.DeploymentException;
import javax.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.jwt.config.Names;
import org.jboss.logging.Logger;

@Dependent
/* loaded from: input_file:m2repo/io/smallrye/smallrye-jwt/1.1.0/smallrye-jwt-1.1.0.jar:io/smallrye/jwt/config/JWTAuthContextInfoProvider.class */
public class JWTAuthContextInfoProvider {
    private static final String NONE = "NONE";
    private static final Logger log = Logger.getLogger((Class<?>) JWTAuthContextInfoProvider.class);

    @Inject
    @ConfigProperty(name = Names.VERIFIER_PUBLIC_KEY, defaultValue = "NONE")
    private Optional<String> mpJwtublicKey;

    @Inject
    @ConfigProperty(name = Names.ISSUER, defaultValue = "NONE")
    private String mpJwtIssuer;

    @Inject
    @ConfigProperty(name = Names.VERIFIER_PUBLIC_KEY_LOCATION, defaultValue = "NONE")
    private Optional<String> mpJwtLocation;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.requireiss", defaultValue = "true")
    private Optional<Boolean> mpJwtRequireIss;

    @Produces
    Optional<JWTAuthContextInfo> getOptionalContextInfo() {
        log.debugf("init, mpJwtublicKey=%s, mpJwtIssuer=%s, mpJwtLocation=%s", this.mpJwtublicKey.orElse("missing"), this.mpJwtIssuer, this.mpJwtLocation.orElse("missing"));
        if ("NONE".equals(this.mpJwtublicKey.get()) && "NONE".equals(this.mpJwtLocation.get())) {
            return Optional.empty();
        }
        JWTAuthContextInfo jWTAuthContextInfo = new JWTAuthContextInfo();
        if (this.mpJwtublicKey.isPresent() && !"NONE".equals(this.mpJwtublicKey.get())) {
            try {
                jWTAuthContextInfo.setSignerKey((RSAPublicKey) KeyUtils.decodeJWKSPublicKey(this.mpJwtublicKey.get()));
                log.debugf("mpJwtublicKey parsed as JWK(S)", new Object[0]);
            } catch (Exception e) {
                log.debugf("mpJwtublicKey failed as JWK(S), %s", e.getMessage());
                try {
                    jWTAuthContextInfo.setSignerKey((RSAPublicKey) KeyUtils.decodePublicKey(this.mpJwtublicKey.get()));
                    log.debugf("mpJwtublicKey parsed as PEM", new Object[0]);
                } catch (Exception e2) {
                    throw new DeploymentException(e2);
                }
            }
        }
        if (this.mpJwtIssuer == null || this.mpJwtIssuer.equals("NONE")) {
            jWTAuthContextInfo.setRequireIssuer(false);
        } else {
            jWTAuthContextInfo.setIssuedBy(this.mpJwtIssuer);
        }
        if (this.mpJwtRequireIss == null || !this.mpJwtRequireIss.isPresent()) {
            jWTAuthContextInfo.setRequireIssuer(true);
        } else {
            jWTAuthContextInfo.setRequireIssuer(this.mpJwtRequireIss.get().booleanValue());
        }
        if (this.mpJwtLocation.isPresent() && !"NONE".equals(this.mpJwtLocation.get())) {
            jWTAuthContextInfo.setJwksUri(this.mpJwtLocation.get());
            jWTAuthContextInfo.setFollowMpJwt11Rules(true);
        }
        return Optional.of(jWTAuthContextInfo);
    }

    public Optional<String> getMpJwtublicKey() {
        return this.mpJwtublicKey;
    }

    public String getMpJwtIssuer() {
        return this.mpJwtIssuer;
    }

    public Optional<String> getMpJwtLocation() {
        return this.mpJwtLocation;
    }

    public Optional<Boolean> getMpJwtRequireIss() {
        return this.mpJwtRequireIss;
    }

    @Produces
    public JWTAuthContextInfo getContextInfo() {
        return getOptionalContextInfo().get();
    }
}
