package io.gravitee.policy.v3.jwt.jwks;

import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.Resource;
import io.gravitee.el.TemplateEngine;
import io.gravitee.policy.v3.jwt.jwks.retriever.ResourceRetriever;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
import java.time.Duration;
import java.time.LocalDateTime;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/policy/v3/jwt/jwks/URLJWKSourceResolver.class */
public class URLJWKSourceResolver<C extends SecurityContext> implements JWKSourceResolver<C> {
    private final URL jwksUrl;
    private final ResourceRetriever resourceRetriever;
    private static final Logger LOGGER = LoggerFactory.getLogger(URLJWKSourceResolver.class);
    private static final Duration CACHE_DURATION = Duration.ofMinutes(5);
    static final ConcurrentHashMap<String, CachedJWKSource> cache = new ConcurrentHashMap<>();

    public URLJWKSourceResolver(TemplateEngine templateEngine, String str, ResourceRetriever resourceRetriever) throws MalformedURLException {
        this.jwksUrl = new URL((String) templateEngine.getValue(str, String.class));
        this.resourceRetriever = resourceRetriever;
    }

    @Override // io.gravitee.policy.v3.jwt.jwks.JWKSourceResolver
    public CompletableFuture<JWKSource<C>> resolve() {
        CachedJWKSource cachedJWKSource = cache.get(this.jwksUrl.toString());
        return (cachedJWKSource == null || isCacheExpired(cachedJWKSource)) ? this.resourceRetriever.retrieve(this.jwksUrl).thenCompose(this::readJwkSourceFromResource).exceptionally((Function<Throwable, ? extends U>) th -> {
            if (cachedJWKSource == null) {
                return null;
            }
            LOGGER.warn("Failed to retreive JWKS from URL {}. Using old cached JWKS", this.jwksUrl, th);
            return cachedJWKSource.getJwkSource();
        }) : CompletableFuture.completedFuture(cachedJWKSource.getJwkSource());
    }

    boolean isCacheExpired(CachedJWKSource cachedJWKSource) {
        return Duration.between(cachedJWKSource.getCacheDateTime(), LocalDateTime.now()).compareTo(CACHE_DURATION) > 0;
    }

    private CompletableFuture<JWKSource<C>> readJwkSourceFromResource(Resource resource) {
        try {
            ImmutableJWKSet immutableJWKSet = new ImmutableJWKSet(JWKSet.parse(resource.getContent()));
            cache.put(this.jwksUrl.toString(), new CachedJWKSource(immutableJWKSet));
            return CompletableFuture.completedFuture(immutableJWKSet);
        } catch (ParseException e) {
            return CompletableFuture.failedFuture(e);
        }
    }
}
