package com.liferay.oauth2.provider.rest.internal.configuration.admin.service;

import com.liferay.oauth2.provider.rest.internal.configuration.OAuth2InAssertionConfiguration;
import com.liferay.petra.string.StringBundler;
import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import org.apache.cxf.rs.security.jose.jwk.PublicKeyUse;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedServiceFactory;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;

@Component(property = {"service.pid=com.liferay.oauth2.provider.rest.internal.configuration.OAuth2InAssertionConfiguration"}, service = {ManagedServiceFactory.class, OAuth2InAssertionManagedServiceFactory.class})
/* loaded from: input_file:com/liferay/oauth2/provider/rest/internal/configuration/admin/service/OAuth2InAssertionManagedServiceFactory.class */
public class OAuth2InAssertionManagedServiceFactory implements ManagedServiceFactory {
    private static final Log _log = LogFactoryUtil.getLog(OAuth2InAssertionManagedServiceFactory.class);
    private final Map<String, Dictionary<String, ?>> _configurationPidsProperties = Collections.synchronizedMap(new LinkedHashMap());
    private final Map<Long, Map<String, Map<String, JwsSignatureVerifier>>> _jwsSignatureVerifiers = Collections.synchronizedMap(new LinkedHashMap());
    private final Map<Long, Map<String, String>> _userAuthTypes = Collections.synchronizedMap(new LinkedHashMap());

    public void deleted(String str) {
        long j = GetterUtil.getLong(this._configurationPidsProperties.remove(str).get("companyId"));
        if (j == 0) {
            _rebuild();
        } else {
            _rebuild(j);
        }
    }

    public JwsSignatureVerifier getJWSSignatureVerifier(long j, String str, String str2) throws IllegalArgumentException {
        StringBundler stringBundler = new StringBundler(12);
        Map<String, Map<String, JwsSignatureVerifier>> orDefault = this._jwsSignatureVerifiers.getOrDefault(Long.valueOf(j), this._jwsSignatureVerifiers.get(0L));
        if (orDefault == null) {
            stringBundler.append("No JWS signature keys in company: ");
            stringBundler.append(j);
            throw new IllegalArgumentException(stringBundler.toString());
        }
        Map<String, JwsSignatureVerifier> map = orDefault.get(str);
        if (map == null) {
            stringBundler.append("No JWS signature keys for issuer: ");
            stringBundler.append(str);
            stringBundler.append(", in company: ");
            stringBundler.append(j);
            throw new IllegalArgumentException(stringBundler.toString());
        }
        if (map.containsKey(str2)) {
            return map.get(str2);
        }
        stringBundler.append("No JWS signature key of kid: ");
        stringBundler.append(str2);
        stringBundler.append(", for issuer: ");
        stringBundler.append(str);
        stringBundler.append(", in company: ");
        stringBundler.append(j);
        throw new IllegalArgumentException(stringBundler.toString());
    }

    public String getName() {
        return "";
    }

    public String getUserAuthType(long j, String str) throws IllegalArgumentException {
        StringBundler stringBundler = new StringBundler(6);
        Map<String, String> orDefault = this._userAuthTypes.getOrDefault(Long.valueOf(j), this._userAuthTypes.get(0L));
        if (orDefault == null) {
            stringBundler.append("No user auth types in company: ");
            stringBundler.append(j);
            throw new IllegalArgumentException(stringBundler.toString());
        }
        if (orDefault.containsKey(str)) {
            return orDefault.get(str);
        }
        stringBundler.append("No user auth type for issuer: ");
        stringBundler.append(str);
        stringBundler.append(", in company: ");
        stringBundler.append(j);
        throw new IllegalArgumentException(stringBundler.toString());
    }

    public void updated(String str, Dictionary<String, ?> dictionary) throws ConfigurationException {
        Dictionary<String, ?> put = this._configurationPidsProperties.put(str, dictionary);
        long j = GetterUtil.getLong(dictionary.get("companyId"), 0L);
        if (j == 0) {
            _rebuild();
            return;
        }
        if (put != null) {
            long j2 = GetterUtil.getLong(put.get("companyId"));
            if (j2 == 0) {
                _rebuild();
                return;
            } else if (j2 != j) {
                _rebuild(j2);
            }
        }
        _rebuild(j);
    }

    @Activate
    protected void activate() {
        this._jwsSignatureVerifiers.put(0L, Collections.emptyMap());
        this._userAuthTypes.put(0L, Collections.emptyMap());
    }

    private <U, V> void _addDefaults(Map<U, V> map, Map<U, V> map2) {
        if (map2 != null) {
            map.getClass();
            map2.forEach(map::putIfAbsent);
        }
    }

    private void _rebuild() {
        _rebuild(0L);
        for (Long l : this._jwsSignatureVerifiers.keySet()) {
            if (l.longValue() != 0) {
                _rebuild(l.longValue());
            }
        }
    }

    private void _rebuild(long j) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (Dictionary<String, ?> dictionary : this._configurationPidsProperties.values()) {
            if (j == GetterUtil.getLong(dictionary.get("companyId"))) {
                OAuth2InAssertionConfiguration oAuth2InAssertionConfiguration = (OAuth2InAssertionConfiguration) ConfigurableUtil.createConfigurable(OAuth2InAssertionConfiguration.class, dictionary);
                String issuer = oAuth2InAssertionConfiguration.issuer();
                if (!hashMap.containsKey(issuer)) {
                    hashMap.put(issuer, new HashMap());
                    hashMap2.put(issuer, oAuth2InAssertionConfiguration.userAuthType());
                    Map map = (Map) hashMap.get(issuer);
                    for (JsonWebKey jsonWebKey : JwkUtils.readJwkSet(oAuth2InAssertionConfiguration.signatureJSONWebKeySet()).getKeys()) {
                        PublicKeyUse publicKeyUse = jsonWebKey.getPublicKeyUse();
                        if (publicKeyUse == null || publicKeyUse.compareTo(PublicKeyUse.ENCRYPT) != 0) {
                            if (!map.containsKey(jsonWebKey.getKeyId())) {
                                map.put(jsonWebKey.getKeyId(), JwsUtils.getSignatureVerifier(jsonWebKey));
                            } else if (_log.isWarnEnabled()) {
                                _log.warn(StringBundler.concat(new String[]{"Duplicate assertion signature key ", jsonWebKey.getKeyId(), " will be discarded. Check your OAuth ", "configuration."}));
                            }
                        } else if (_log.isInfoEnabled()) {
                            _log.info("Encryption key " + jsonWebKey.getKeyId());
                        }
                    }
                } else if (_log.isWarnEnabled()) {
                    _log.warn(StringBundler.concat(new String[]{"Duplicate issuer name ", issuer, " will be ", "discarded. Check your OAuth configuration."}));
                }
            }
        }
        if (j != 0) {
            _addDefaults(hashMap, this._jwsSignatureVerifiers.get(0L));
            _addDefaults(hashMap2, this._userAuthTypes.get(0L));
        }
        this._jwsSignatureVerifiers.put(Long.valueOf(j), hashMap);
        this._userAuthTypes.put(Long.valueOf(j), hashMap2);
    }
}
