package org.jboss.resteasy.security.doseta;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Hashtable;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.naming.directory.InitialDirContext;
import javax.ws.rs.core.SecurityContext;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.jboss.resteasy.util.Base64;
import org.jboss.resteasy.util.ParameterParser;

/* loaded from: input_file:org/jboss/resteasy/security/doseta/DosetaKeyRepository.class */
public class DosetaKeyRepository implements KeyRepository {
    private static final Logger log = Logger.getLogger(DosetaKeyRepository.class);
    protected KeyStoreKeyRepository keyStore;
    protected String defaultPrivateDomain;
    protected String dnsUri;
    protected String keyStorePath;
    protected String keyStoreFile;
    protected String keyStorePassword;
    protected ConcurrentHashMap<String, CacheEntry<PrivateKey>> privateCache = new ConcurrentHashMap<>();
    protected ConcurrentHashMap<String, CacheEntry<PublicKey>> publicCache = new ConcurrentHashMap<>();
    protected boolean useDns = false;
    protected boolean userPrincipalAsPrivateSelector = false;
    protected long cacheTimeout = 3600000;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/jboss/resteasy/security/doseta/DosetaKeyRepository$CacheEntry.class */
    public class CacheEntry<T> {
        public long time = System.currentTimeMillis();
        public T key;

        protected CacheEntry(T t) {
            this.key = t;
        }

        public boolean isStale() {
            return this.time + DosetaKeyRepository.this.cacheTimeout >= System.currentTimeMillis();
        }
    }

    public void start() {
        if (this.keyStore == null) {
            if (this.keyStoreFile != null) {
                try {
                    this.keyStore = new KeyStoreKeyRepository(this.keyStoreFile, this.keyStorePassword);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            } else if (this.keyStorePath != null) {
                InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(this.keyStorePath.trim());
                if (resourceAsStream == null) {
                    throw new RuntimeException("Unable to find key store in path: " + this.keyStorePath);
                }
                this.keyStore = new KeyStoreKeyRepository(resourceAsStream, this.keyStorePassword);
            }
        }
    }

    @Override // org.jboss.resteasy.security.doseta.KeyRepository
    public String getDefaultPrivateSelector() {
        SecurityContext securityContext;
        if (!this.userPrincipalAsPrivateSelector || (securityContext = (SecurityContext) ResteasyProviderFactory.getContextData(SecurityContext.class)) == null) {
            return null;
        }
        return securityContext.getUserPrincipal().getName();
    }

    public String getKeyStorePath() {
        return this.keyStorePath;
    }

    public void setKeyStorePath(String str) {
        this.keyStorePath = str;
    }

    public String getKeyStoreFile() {
        return this.keyStoreFile;
    }

    public void setKeyStoreFile(String str) {
        this.keyStoreFile = str;
    }

    public String getKeyStorePassword() {
        return this.keyStorePassword;
    }

    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }

    public KeyStoreKeyRepository getKeyStore() {
        return this.keyStore;
    }

    public void setKeyStore(KeyStoreKeyRepository keyStoreKeyRepository) {
        this.keyStore = keyStoreKeyRepository;
    }

    @Override // org.jboss.resteasy.security.doseta.KeyRepository
    public String getDefaultPrivateDomain() {
        return this.defaultPrivateDomain;
    }

    public void setDefaultPrivateDomain(String str) {
        this.defaultPrivateDomain = str;
    }

    public boolean isUseDns() {
        return this.useDns;
    }

    public void setUseDns(boolean z) {
        this.useDns = z;
    }

    public boolean isUserPrincipalAsPrivateSelector() {
        return this.userPrincipalAsPrivateSelector;
    }

    public void setUserPrincipalAsPrivateSelector(boolean z) {
        this.userPrincipalAsPrivateSelector = z;
    }

    public String getDnsUri() {
        return this.dnsUri;
    }

    public void setDnsUri(String str) {
        this.dnsUri = str;
    }

    public long getCacheTimeout() {
        return this.cacheTimeout;
    }

    public void setCacheTimeout(long j) {
        this.cacheTimeout = j;
    }

    protected void addPrivate(String str, PrivateKey privateKey) {
        this.privateCache.put(str, new CacheEntry<>(privateKey));
    }

    protected void addPublic(String str, PublicKey publicKey) {
        this.publicCache.put(str, new CacheEntry<>(publicKey));
    }

    protected PrivateKey getPrivateCache(String str) {
        CacheEntry<PrivateKey> cacheEntry = this.privateCache.get(str);
        if (cacheEntry == null) {
            return null;
        }
        if (!cacheEntry.isStale()) {
            return cacheEntry.key;
        }
        this.privateCache.remove(cacheEntry, cacheEntry);
        return null;
    }

    protected PublicKey getPublicCache(String str) {
        CacheEntry<PublicKey> cacheEntry = this.publicCache.get(str);
        if (cacheEntry == null) {
            return null;
        }
        if (!cacheEntry.isStale()) {
            return cacheEntry.key;
        }
        this.publicCache.remove(cacheEntry, cacheEntry);
        return null;
    }

    public String getAlias(DKIMSignature dKIMSignature) {
        StringBuffer stringBuffer = new StringBuffer();
        String selector = dKIMSignature.getSelector();
        if (selector != null) {
            stringBuffer.append(selector.trim()).append(".");
        }
        stringBuffer.append("_domainKey.");
        String domain = dKIMSignature.getDomain();
        if (domain == null) {
            throw new RuntimeException("domain attribute is required in header to find a key");
        }
        stringBuffer.append(domain);
        return stringBuffer.toString();
    }

    @Override // org.jboss.resteasy.security.doseta.KeyRepository
    public PrivateKey findPrivateKey(DKIMSignature dKIMSignature) {
        String alias = getAlias(dKIMSignature);
        if (alias == null) {
            return null;
        }
        PrivateKey privateCache = getPrivateCache(alias);
        if (privateCache != null) {
            return privateCache;
        }
        if (this.keyStore != null) {
            privateCache = this.keyStore.getPrivateKey(alias);
            if (privateCache != null) {
                addPrivate(alias, privateCache);
            }
        }
        return privateCache;
    }

    @Override // org.jboss.resteasy.security.doseta.KeyRepository
    public PublicKey findPublicKey(DKIMSignature dKIMSignature) {
        String alias = getAlias(dKIMSignature);
        if (alias == null) {
            return null;
        }
        PublicKey publicCache = getPublicCache(alias);
        if (publicCache != null) {
            return publicCache;
        }
        if (this.keyStore != null) {
            publicCache = this.keyStore.getPublicKey(alias);
            if (publicCache != null) {
                addPublic(alias, publicCache);
            }
        }
        if (this.useDns) {
            publicCache = findFromDns(alias);
            addPublic(alias, publicCache);
        }
        return publicCache;
    }

    protected PublicKey findFromDns(String str) {
        if (log.isDebugEnabled()) {
            log.debug(">>>> Check DNS: " + str);
        }
        try {
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
            if (this.dnsUri != null) {
                hashtable.put("java.naming.provider.url", this.dnsUri);
            }
            String obj = new InitialDirContext(hashtable).getAttributes(str, new String[]{"TXT"}).get("txt").get().toString();
            if (log.isDebugEnabled()) {
                log.debug(">>>> DNS found record: " + obj);
            }
            ParameterParser parameterParser = new ParameterParser();
            parameterParser.setLowerCaseNames(true);
            Map parse = parameterParser.parse(obj, ';');
            String str2 = (String) parse.get("k");
            if (str2 != null && !str2.toLowerCase().equals("rsa")) {
                throw new RuntimeException("Unsupported key type: " + str2);
            }
            String str3 = (String) parse.get("p");
            if (str3 == null) {
                throw new RuntimeException("No p entry in text record.");
            }
            if (log.isDebugEnabled()) {
                log.debug("pem: " + str3);
            }
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str3)));
        } catch (Exception e) {
            throw new RuntimeException("Failed to find public key in DNS " + str, e);
        }
    }
}
