package io.gravitee.policy.jwt.jwk.source;

import com.nimbusds.jose.KeySourceException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.Resource;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.schedulers.Schedulers;
import java.text.ParseException;
import java.time.Duration;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/policy/jwt/jwk/source/JWKSUrlJWKSourceResolver.class */
public class JWKSUrlJWKSourceResolver<C extends SecurityContext> implements JWKSource<C> {
    private final String jwksUrl;
    private final Duration refreshInterval;
    private final AtomicBoolean refreshing = new AtomicBoolean(false);
    private final ResourceRetriever resourceRetriever;
    private static final Logger log = LoggerFactory.getLogger(JWKSUrlJWKSourceResolver.class);
    static final ConcurrentHashMap<String, CachedJWKSource<SecurityContext>> cache = new ConcurrentHashMap<>();

    public JWKSUrlJWKSourceResolver(String str, ResourceRetriever resourceRetriever, Duration duration) {
        this.jwksUrl = str;
        this.refreshInterval = duration;
        this.resourceRetriever = resourceRetriever;
    }

    public List<JWK> get(JWKSelector jWKSelector, C c) throws KeySourceException {
        CachedJWKSource<SecurityContext> cachedJWKSource = cache.get(this.jwksUrl);
        if (cachedJWKSource == null) {
            return Collections.emptyList();
        }
        if (cachedJWKSource.isCacheExpired(this.refreshInterval)) {
            backgroundRefresh();
        }
        return cachedJWKSource.get(jWKSelector, c);
    }

    public Completable initialize() {
        return cache.get(this.jwksUrl) == null ? load() : Completable.complete();
    }

    private Completable load() {
        return this.refreshing.compareAndSet(false, true) ? this.resourceRetriever.retrieve(this.jwksUrl).flatMapMaybe(this::readJwkSourceFromResource).map(CachedJWKSource::new).doOnSuccess(cachedJWKSource -> {
            cache.put(this.jwksUrl, cachedJWKSource);
        }).doFinally(() -> {
            this.refreshing.set(false);
        }).ignoreElement() : Completable.complete();
    }

    private void backgroundRefresh() {
        load().subscribeOn(Schedulers.io()).subscribe(() -> {
            log.debug("JWKS from url {} has been refreshed", this.jwksUrl);
        }, th -> {
            log.error("An error occurred when trying to background refresh the JWK from url {}. Previous JWKS kept untouched.", this.jwksUrl, th);
        });
    }

    private Maybe<JWKSource<SecurityContext>> readJwkSourceFromResource(Resource resource) {
        try {
            return Maybe.just(new ImmutableJWKSet(JWKSet.parse(resource.getContent())));
        } catch (ParseException e) {
            return Maybe.error(e);
        }
    }
}
