package com.okta.jwt.impl.jjwt;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.okta.jwt.impl.http.HttpClient;
import com.okta.jwt.impl.jjwt.models.JwkKeys;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.SigningKeyResolver;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.AbstractMap;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;

/* loaded from: input_file:com/okta/jwt/impl/jjwt/RemoteJwkSigningKeyResolver.class */
final class RemoteJwkSigningKeyResolver implements SigningKeyResolver {
    private final URL jwkUri;
    private final HttpClient httpClient;
    private final ObjectMapper objectMapper = new ObjectMapper();
    private final Map<String, Key> keyMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public RemoteJwkSigningKeyResolver(URL url, HttpClient httpClient) {
        this.jwkUri = url;
        this.httpClient = httpClient;
    }

    @Override // io.jsonwebtoken.SigningKeyResolver
    public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
        return getKey(jwsHeader.getKeyId());
    }

    @Override // io.jsonwebtoken.SigningKeyResolver
    public Key resolveSigningKey(JwsHeader jwsHeader, String str) {
        return getKey(jwsHeader.getKeyId());
    }

    private Key getKey(String str) {
        Key key = this.keyMap.get(str);
        if (key != null) {
            return key;
        }
        updateKeys();
        return this.keyMap.get(str);
    }

    private void updateKeys() {
        try {
            Map<? extends String, ? extends Key> map = (Map) ((JwkKeys) this.objectMapper.readValue(this.httpClient.get(this.jwkUri), JwkKeys.class)).getKeys().stream().filter(jwkKey -> {
                return "sig".equals(jwkKey.getPublicKeyUse());
            }).filter(jwkKey2 -> {
                return "RSA".equals(jwkKey2.getKeyType());
            }).map(jwkKey3 -> {
                try {
                    return new AbstractMap.SimpleEntry(jwkKey3.getKeyId(), KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(base64ToBigInteger(jwkKey3.getPublicKeyModulus()), base64ToBigInteger(jwkKey3.getPublicKeyExponent()))));
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                    throw new IllegalStateException("Failed to parse public key");
                }
            }).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            }));
            this.keyMap.clear();
            this.keyMap.putAll(map);
        } catch (IOException e) {
            throw new JwtException("Failed to fetch keys from URL: " + this.jwkUri, e);
        }
    }

    private BigInteger base64ToBigInteger(String str) {
        return new BigInteger(1, Base64.getUrlDecoder().decode(str));
    }
}
