package io.gravitee.policy.jwt.jwk.provider;

import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.jwt.proc.JWTProcessor;
import io.gravitee.gateway.reactive.api.context.HttpExecutionContext;
import io.gravitee.node.api.configuration.Configuration;
import io.gravitee.policy.jwt.configuration.JWTPolicyConfiguration;
import io.gravitee.policy.jwt.jwk.source.JWKSUrlJWKSourceResolver;
import io.gravitee.policy.jwt.jwk.source.ResourceRetriever;
import io.gravitee.policy.jwt.jwk.source.VertxResourceRetriever;
import io.reactivex.rxjava3.core.Maybe;
import io.vertx.rxjava3.core.Vertx;
import java.time.Duration;

/* loaded from: input_file:io/gravitee/policy/jwt/jwk/provider/JwksUrlJWTProcessorProvider.class */
class JwksUrlJWTProcessorProvider implements JWTProcessorProvider {
    private static final Duration JWKS_REFRESH_INTERVAL = Duration.ofMinutes(5);
    private final JWTPolicyConfiguration configuration;
    private ResourceRetriever resourceRetriever;

    public JwksUrlJWTProcessorProvider(JWTPolicyConfiguration jWTPolicyConfiguration) {
        this.configuration = jWTPolicyConfiguration;
    }

    @Override // io.gravitee.policy.jwt.jwk.provider.JWTProcessorProvider
    public Maybe<JWTProcessor<SecurityContext>> provide(HttpExecutionContext httpExecutionContext) {
        return Maybe.defer(() -> {
            return buildJWTProcessor(httpExecutionContext, (String) httpExecutionContext.getInternalAttribute("resolvedParameter"));
        });
    }

    private Maybe<JWTProcessor<SecurityContext>> buildJWTProcessor(HttpExecutionContext httpExecutionContext, String str) {
        JWKSUrlJWKSourceResolver jWKSUrlJWKSourceResolver = new JWKSUrlJWKSourceResolver(str, getResourceRetriever(httpExecutionContext), JWKS_REFRESH_INTERVAL);
        JWSVerificationKeySelector jWSVerificationKeySelector = new JWSVerificationKeySelector(this.configuration.getSignature().getAlg(), jWKSUrlJWKSourceResolver);
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWSKeySelector(jWSVerificationKeySelector);
        return jWKSUrlJWKSourceResolver.initialize().andThen(Maybe.just(defaultJWTProcessor));
    }

    private ResourceRetriever getResourceRetriever(HttpExecutionContext httpExecutionContext) {
        if (this.resourceRetriever == null) {
            this.resourceRetriever = new VertxResourceRetriever((Vertx) httpExecutionContext.getComponent(Vertx.class), (Configuration) httpExecutionContext.getComponent(Configuration.class), this.configuration.isUseSystemProxy());
        }
        return this.resourceRetriever;
    }
}
