package org.keycloak.adapters.rotation;

import java.security.PublicKey;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.http.client.methods.HttpGet;
import org.jboss.logging.Logger;
import org.keycloak.adapters.HttpAdapterUtils;
import org.keycloak.adapters.HttpClientAdapterException;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.common.util.Time;
import org.keycloak.jose.jwk.JSONWebKeySet;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.util.JWKSUtils;

/* loaded from: input_file:BOOT-INF/lib/keycloak-adapter-core-11.0.2.jar:org/keycloak/adapters/rotation/JWKPublicKeyLocator.class */
public class JWKPublicKeyLocator implements PublicKeyLocator {
    private static final Logger log = Logger.getLogger((Class<?>) JWKPublicKeyLocator.class);
    private Map<String, PublicKey> currentKeys = new ConcurrentHashMap();
    private volatile int lastRequestTime = 0;

    @Override // org.keycloak.adapters.rotation.PublicKeyLocator
    public PublicKey getPublicKey(String str, KeycloakDeployment keycloakDeployment) {
        PublicKey lookupCachedKey;
        int minTimeBetweenJwksRequests = keycloakDeployment.getMinTimeBetweenJwksRequests();
        int publicKeyCacheTtl = keycloakDeployment.getPublicKeyCacheTtl();
        PublicKey lookupCachedKey2 = lookupCachedKey(publicKeyCacheTtl, Time.currentTime(), str);
        if (lookupCachedKey2 != null) {
            return lookupCachedKey2;
        }
        synchronized (this) {
            int currentTime = Time.currentTime();
            if (currentTime > this.lastRequestTime + minTimeBetweenJwksRequests) {
                sendRequest(keycloakDeployment);
                this.lastRequestTime = currentTime;
            } else {
                log.debug("Won't send request to realm jwks url. Last request time was " + this.lastRequestTime);
            }
            lookupCachedKey = lookupCachedKey(publicKeyCacheTtl, currentTime, str);
        }
        return lookupCachedKey;
    }

    @Override // org.keycloak.adapters.rotation.PublicKeyLocator
    public void reset(KeycloakDeployment keycloakDeployment) {
        synchronized (this) {
            sendRequest(keycloakDeployment);
            this.lastRequestTime = Time.currentTime();
        }
    }

    private PublicKey lookupCachedKey(int i, int i2, String str) {
        if (this.lastRequestTime + i <= i2 || str == null) {
            return null;
        }
        return this.currentKeys.get(str);
    }

    private void sendRequest(KeycloakDeployment keycloakDeployment) {
        if (log.isTraceEnabled()) {
            log.trace("Going to send request to retrieve new set of realm public keys for client " + keycloakDeployment.getResourceName());
        }
        try {
            Map<String, PublicKey> keysForUse = JWKSUtils.getKeysForUse((JSONWebKeySet) HttpAdapterUtils.sendJsonHttpRequest(keycloakDeployment, new HttpGet(keycloakDeployment.getJwksUrl()), JSONWebKeySet.class), JWK.Use.SIG);
            if (log.isDebugEnabled()) {
                log.debug("Realm public keys successfully retrieved for client " + keycloakDeployment.getResourceName() + ". New kids: " + keysForUse.keySet().toString());
            }
            this.currentKeys.clear();
            this.currentKeys.putAll(keysForUse);
        } catch (HttpClientAdapterException e) {
            log.error("Error when sending request to retrieve realm keys", e);
        }
    }
}
