package io.smallrye.jwt.auth.principal;

import io.smallrye.jwt.KeyFormat;
import io.smallrye.jwt.KeyUtils;
import io.smallrye.jwt.algorithm.SignatureAlgorithm;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.List;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.keys.resolvers.VerificationKeyResolver;
import org.jose4j.lang.UnresolvableKeyException;

/* loaded from: input_file:io/smallrye/jwt/auth/principal/KeyLocationResolver.class */
public class KeyLocationResolver extends AbstractKeyLocationResolver implements VerificationKeyResolver {
    public KeyLocationResolver(JWTAuthContextInfo jWTAuthContextInfo) throws UnresolvableKeyException {
        super(jWTAuthContextInfo);
        try {
            initializeKeyContent();
        } catch (Exception e) {
            reportLoadKeyException(jWTAuthContextInfo.getPublicKeyContent(), jWTAuthContextInfo.getPublicKeyLocation(), e);
        }
    }

    @Override // org.jose4j.keys.resolvers.VerificationKeyResolver
    public Key resolveKey(JsonWebSignature jsonWebSignature, List<JsonWebStructure> list) throws UnresolvableKeyException {
        verifyKid(jsonWebSignature, this.authContextInfo.getTokenKeyId());
        if (this.key != null) {
            return this.key;
        }
        Key tryAsVerificationJwk = tryAsVerificationJwk(jsonWebSignature);
        if (tryAsVerificationJwk == null) {
            reportUnresolvableKeyException(this.authContextInfo.getPublicKeyContent(), this.authContextInfo.getPublicKeyLocation());
        }
        return tryAsVerificationJwk;
    }

    private Key tryAsVerificationJwk(JsonWebSignature jsonWebSignature) throws UnresolvableKeyException {
        return fromJwkToVerificationKey(super.tryAsJwk(jsonWebSignature, this.authContextInfo.getSignatureAlgorithm().getAlgorithm()));
    }

    private Key fromJwkToVerificationKey(JsonWebKey jsonWebKey) {
        Key key = null;
        if (jsonWebKey != null) {
            key = getSecretKeyFromJwk(jsonWebKey);
            if (key == null) {
                key = ((PublicJsonWebKey) PublicJsonWebKey.class.cast(jsonWebKey)).getPublicKey();
            }
        }
        return key;
    }

    protected void initializeKeyContent() throws Exception {
        if (isHttpsJwksInitialized(this.authContextInfo.getPublicKeyLocation())) {
            return;
        }
        String publicKeyContent = this.authContextInfo.getPublicKeyContent() != null ? this.authContextInfo.getPublicKeyContent() : readKeyContent(this.authContextInfo.getPublicKeyLocation());
        if (mayBeFormat(KeyFormat.PEM_KEY)) {
            this.key = tryAsPEMPublicKey(publicKeyContent, this.authContextInfo.getSignatureAlgorithm());
            if (this.key != null || isFormat(KeyFormat.PEM_KEY)) {
                return;
            }
        }
        if (mayBeFormat(KeyFormat.PEM_CERTIFICATE)) {
            this.key = tryAsPEMCertificate(publicKeyContent);
            if (this.key != null || isFormat(KeyFormat.PEM_CERTIFICATE)) {
                return;
            }
        }
        this.key = fromJwkToVerificationKey(loadFromJwk(publicKeyContent, this.authContextInfo.getTokenKeyId(), this.authContextInfo.getSignatureAlgorithm().getAlgorithm()));
    }

    static PublicKey tryAsPEMPublicKey(String str, SignatureAlgorithm signatureAlgorithm) {
        PrincipalLogging.log.checkKeyContentIsBase64EncodedPEMKey();
        PublicKey publicKey = null;
        try {
            publicKey = KeyUtils.decodePublicKey(str, signatureAlgorithm);
            PrincipalLogging.log.keyCreatedFromEncodedPEMKey();
        } catch (Exception e) {
            PrincipalLogging.log.keyContentIsNotValidEncodedPEMKey(e);
        }
        return publicKey;
    }

    PublicKey tryAsPEMCertificate(String str) {
        X509Certificate loadPEMCertificate = super.loadPEMCertificate(str);
        if (loadPEMCertificate == null) {
            return null;
        }
        return loadPEMCertificate.getPublicKey();
    }
}
