package com.ibm.ws.security.common.jwk.impl;

import com.ibm.json.java.JSONObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.jwk.constants.TraceConstants;
import com.ibm.ws.security.common.jwk.interfaces.JWK;
import com.ibm.ws.webcontainer.security.jwk.JSONWebKey;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Timer;
import java.util.TimerTask;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/common/jwk/impl/JWKProvider.class */
public class JWKProvider {
    private static final TraceComponent tc = Tr.register(JWKProvider.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    protected List<JWK> jwks;
    public static final String RSA = "RSA";
    public static final String RS256 = "RS256";
    public static final String HS256 = "HS256";
    private final int JWKS_TO_GENERATE = 1;
    private static final int DEFAULT_KEY_SIZE = 2048;
    private static final long DEFAULT_ROTATION_TIME = 43200000;
    protected String alg;
    protected String use;
    protected int size;
    protected Timer timer;
    protected long rotationTimeInMilliseconds;
    protected PublicKey publicKey;
    protected PrivateKey privateKey;
    static final long serialVersionUID = -8671861658452312146L;

    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:com/ibm/ws/security/common/jwk/impl/JWKProvider$JWKS.class */
    protected class JWKS {
        private List<JSONObject> keys = new ArrayList();
        static final long serialVersionUID = -5530968906191619526L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(JWKS.class);

        protected JWKS() {
            Iterator<JWK> it = JWKProvider.this.jwks.iterator();
            while (it.hasNext()) {
                JWK next = it.next();
                this.keys.add(next != null ? next.getJsonObject() : (JSONObject) null);
            }
        }

        public String toString() {
            return "{\"keys\":[" + getKeysString() + "]}";
        }

        private String getKeysString() {
            if (this.keys == null) {
                return "";
            }
            StringBuilder sb = new StringBuilder();
            Iterator<JSONObject> it = this.keys.iterator();
            while (it.hasNext()) {
                JSONObject next = it.next();
                if (next == null) {
                    sb.append("null");
                } else {
                    sb.append(next.toString());
                }
                if (it.hasNext()) {
                    sb.append(",");
                }
            }
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:com/ibm/ws/security/common/jwk/impl/JWKProvider$RotationTask.class */
    public class RotationTask extends TimerTask {
        static final long serialVersionUID = 2899992666302690713L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(RotationTask.class);

        protected RotationTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            JWKProvider.this.rotateKeys();
        }
    }

    protected JWKProvider() {
        this(DEFAULT_KEY_SIZE, "RS256", DEFAULT_ROTATION_TIME);
    }

    public JWKProvider(int i, String str, long j) {
        this.jwks = Collections.synchronizedList(new ArrayList());
        this.JWKS_TO_GENERATE = 1;
        this.alg = null;
        this.use = null;
        this.size = DEFAULT_KEY_SIZE;
        this.rotationTimeInMilliseconds = DEFAULT_ROTATION_TIME;
        this.publicKey = null;
        this.privateKey = null;
        if (i < 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Specified key size " + i + " < 0. Setting key size to the default (" + DEFAULT_KEY_SIZE + ") instead", new Object[0]);
            }
            i = DEFAULT_KEY_SIZE;
        }
        this.size = i;
        this.alg = str;
        if (j <= 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Specified rotation time " + j + " <= 0. Setting rotation time to the default (" + DEFAULT_ROTATION_TIME + " ms) instead", new Object[0]);
            }
            j = 43200000;
        }
        this.rotationTimeInMilliseconds = j;
        scheduleRotationTask();
    }

    public JWKProvider(int i, String str, long j, PublicKey publicKey, PrivateKey privateKey) {
        this.jwks = Collections.synchronizedList(new ArrayList());
        this.JWKS_TO_GENERATE = 1;
        this.alg = null;
        this.use = null;
        this.size = DEFAULT_KEY_SIZE;
        this.rotationTimeInMilliseconds = DEFAULT_ROTATION_TIME;
        this.publicKey = null;
        this.privateKey = null;
        if (i < 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Specified key size " + i + " < 0. Setting key size to the default (" + DEFAULT_KEY_SIZE + ") instead", new Object[0]);
            }
            i = DEFAULT_KEY_SIZE;
        }
        this.size = i;
        this.alg = str;
        if (j <= 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Specified rotation time " + j + " <= 0. Setting rotation time to the default (" + DEFAULT_ROTATION_TIME + " ms) instead", new Object[0]);
            }
            j = 43200000;
        }
        this.rotationTimeInMilliseconds = j;
        this.publicKey = publicKey;
        this.privateKey = privateKey;
    }

    public JSONWebKey getJWK() {
        while (this.jwks.size() < 1) {
            generateJWKs();
        }
        return this.jwks.get(0);
    }

    protected void generateJWKs() {
        while (this.jwks.size() < 1) {
            this.jwks.add(generateJWK(this.alg, this.size));
        }
    }

    protected JWK generateJWK(String str, int i) {
        JWK jwk = null;
        if ("RS256".equals(str)) {
            if (this.publicKey == null || this.privateKey == null) {
                jwk = generateRsaJWK(str, i);
            } else {
                jwk = Jose4jRsaJWK.getInstance(str, this.use, this.publicKey, this.privateKey);
                jwk.generateKey();
            }
        }
        return jwk;
    }

    protected JWK generateRsaJWK(String str, int i) {
        Jose4jRsaJWK jose4jRsaJWK = Jose4jRsaJWK.getInstance(i, str, (String) null, "RSA");
        jose4jRsaJWK.generateKey();
        return jose4jRsaJWK;
    }

    public String getJwkSetString() {
        if (this.jwks.size() < 1) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Generate JWKs:" + this.jwks.size(), new Object[0]);
            }
            generateJWKs();
        }
        return new JWKS().toString();
    }

    protected void scheduleRotationTask() {
        RotationTask rotationTask = new RotationTask();
        this.timer = new Timer(true);
        this.timer.schedule(rotationTask, this.rotationTimeInMilliseconds, this.rotationTimeInMilliseconds);
    }

    protected void rotateKeys() {
        while (this.jwks.size() < 2) {
            this.jwks.add(generateJWK(this.alg, this.size));
        }
        if (this.jwks.size() > 1) {
            this.jwks.remove(0);
        }
    }
}
