package com.ibm.ws.security.openidconnect.server.internal;

import com.google.gson.GsonBuilder;
import com.google.gson.JsonObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openidconnect.jose4j.Jose4jRsaJWK;
import com.ibm.ws.security.openidconnect.jwk.JWK;
import com.ibm.ws.security.openidconnect.jwk.RsaJwk;
import com.ibm.ws.security.openidconnect.server.ServerConstants;
import com.ibm.ws.webcontainer.security.openidconnect.JSONWebKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Timer;
import java.util.TimerTask;
import org.opensaml.util.resource.ResourceChangeWatcher;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.openidconnect.server_1.0.14.jar:com/ibm/ws/security/openidconnect/server/internal/JWKProvider.class */
public class JWKProvider {
    private static final TraceComponent tc = Tr.register(JWKProvider.class);
    public static final String RSA = "RSA";
    public static final String RS256 = "RS256";
    public static final String HS256 = "HS256";
    protected String alg;
    protected int size;
    protected Timer timer;
    protected long timeInMilliSeconds;
    static final long serialVersionUID = 6002164044069598984L;
    protected List<JWK> jwks = Collections.synchronizedList(new ArrayList());
    protected String use = null;

    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:wlp/lib/com.ibm.ws.security.openidconnect.server_1.0.14.jar:com/ibm/ws/security/openidconnect/server/internal/JWKProvider$JWKS.class */
    protected class JWKS {
        private List<JsonObject> keys = new ArrayList();
        static final long serialVersionUID = 4205429274873986988L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(JWKS.class);

        protected JWKS() {
            Iterator<JWK> it = JWKProvider.this.jwks.iterator();
            while (it.hasNext()) {
                JWK next = it.next();
                this.keys.add(next != null ? next.getJsonObject() : (JsonObject) null);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:wlp/lib/com.ibm.ws.security.openidconnect.server_1.0.14.jar:com/ibm/ws/security/openidconnect/server/internal/JWKProvider$RotationTask.class */
    public class RotationTask extends TimerTask {
        static final long serialVersionUID = -36949362515208572L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(RotationTask.class);

        protected RotationTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            JWKProvider.this.rotateKeys();
        }
    }

    public JWKProvider(int i, String str, long j) {
        this.alg = null;
        this.size = 2048;
        this.timeInMilliSeconds = ResourceChangeWatcher.DEFAULT_POLL_FREQUENCY;
        this.size = i;
        this.alg = str;
        this.timeInMilliSeconds = j;
        scheduleRotationTask();
    }

    public JSONWebKey getJWK() {
        while (this.jwks.size() < 2) {
            generateJWKS();
        }
        return this.jwks.get(1);
    }

    protected void generateJWKS() {
        while (this.jwks.size() < 2) {
            this.jwks.add(generateJWK(this.alg, this.size));
        }
    }

    protected JWK generateJWK(String str, int i) {
        JWK jwk = null;
        if ("RS256".equals(str)) {
            jwk = generateRsaJWK(str, i);
        }
        return jwk;
    }

    protected JWK generateRsaJWK(String str, int i) {
        JWK rsaJwk = ServerConstants.JAVA_VERSION_6 ? new RsaJwk(i, str, null, "RSA") : Jose4jRsaJWK.getInstance(i, str, null, "RSA");
        rsaJwk.generateKey();
        return rsaJwk;
    }

    public String getJwkSetString() {
        if (this.jwks.size() < 2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Generate JWKs:" + this.jwks.size(), new Object[0]);
            }
            generateJWKS();
        }
        return new GsonBuilder().disableHtmlEscaping().create().toJson(new JWKS());
    }

    protected void scheduleRotationTask() {
        RotationTask rotationTask = new RotationTask();
        this.timer = new Timer(true);
        this.timer.schedule(rotationTask, this.timeInMilliSeconds, this.timeInMilliSeconds);
    }

    protected void rotateKeys() {
        while (this.jwks.size() < 3) {
            this.jwks.add(generateJWK(this.alg, this.size));
        }
        if (this.jwks.size() > 2) {
            this.jwks.remove(0);
        }
    }
}
