package com.yahoo.athenz.zpe.pkey.file;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.yahoo.athenz.auth.token.jwts.Key;
import com.yahoo.athenz.auth.util.Crypto;
import com.yahoo.athenz.common.config.AthenzConfig;
import com.yahoo.athenz.zms.PublicKeyEntry;
import com.yahoo.athenz.zpe.ZpeConsts;
import com.yahoo.athenz.zpe.pkey.PublicKeyStore;
import com.yahoo.athenz.zts.AthenzJWKConfig;
import com.yahoo.athenz.zts.JWK;
import com.yahoo.rdl.JSON;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/zpe/pkey/file/FilePublicKeyStore.class */
public class FilePublicKeyStore implements PublicKeyStore {
    private static final Logger LOG = LoggerFactory.getLogger(FilePublicKeyStore.class);
    private static final String ZPE_ATHENZ_CONFIG = "/conf/athenz/athenz.conf";
    private static final String ZPE_JWK_ATHENZ_CONFIG = "/var/lib/sia/athenz.conf";
    private Map<String, PublicKey> ztsPublicKeyMap = new ConcurrentHashMap();
    private Map<String, PublicKey> zmsPublicKeyMap = new ConcurrentHashMap();
    protected long millisBetweenReloadAthenzConfig;
    private long lastReloadAthenzConfigTime;

    public void init() {
        initAthenzConfig();
        initAthenzJWKConfig();
        if (this.ztsPublicKeyMap.size() == 0 && this.zmsPublicKeyMap.size() == 0) {
            LOG.error("Could not find any available public key");
        }
        this.millisBetweenReloadAthenzConfig = Long.parseLong(System.getProperty(ZpeConsts.ZPE_PROP_MILLIS_BETWEEN_RELOAD_CONFIG, Long.toString(1800000L)));
    }

    private void initAthenzConfig() {
        String str = System.getenv("ROOT");
        if (str == null) {
            str = "/home/athenz";
        }
        String property = System.getProperty(ZpeConsts.ZPE_PROP_ATHENZ_CONF, str + "/conf/athenz/athenz.conf");
        try {
            AthenzConfig athenzConfig = (AthenzConfig) JSON.fromBytes(Files.readAllBytes(Paths.get(property, new String[0])), AthenzConfig.class);
            loadPublicKeys(athenzConfig.getZtsPublicKeys(), this.ztsPublicKeyMap);
            loadPublicKeys(athenzConfig.getZmsPublicKeys(), this.zmsPublicKeyMap);
        } catch (Exception e) {
            LOG.warn("Unable to extract ZMS Url from {} exc: {}", property, e.getMessage());
        }
    }

    private void initAthenzJWKConfig() {
        String property = System.getProperty(ZpeConsts.ZPE_PROP_JWK_ATHENZ_CONF, ZPE_JWK_ATHENZ_CONFIG);
        try {
            AthenzJWKConfig athenzJWKConfig = (AthenzJWKConfig) JSON.fromBytes(Files.readAllBytes(Paths.get(property, new String[0])), AthenzJWKConfig.class);
            loadJwkList(athenzJWKConfig.getZts().getKeys(), this.ztsPublicKeyMap);
            loadJwkList(athenzJWKConfig.getZms().getKeys(), this.zmsPublicKeyMap);
            this.lastReloadAthenzConfigTime = System.currentTimeMillis();
        } catch (Exception e) {
            LOG.warn("Unable to extract athenz jwk config {} exc: {}", new Object[]{property, e.getMessage(), e});
        }
    }

    private void loadJwkList(List<JWK> list, Map<String, PublicKey> map) {
        for (JWK jwk : list) {
            try {
                map.put(jwk.kid, jwkToPubKey(jwk));
            } catch (Exception e) {
                LOG.warn("failed to load jwk id : {}, ex: {}", new Object[]{jwk.kid, e.getMessage(), e});
            }
        }
    }

    protected PublicKey jwkToPubKey(JWK jwk) throws NoSuchAlgorithmException, JsonProcessingException, InvalidKeySpecException, InvalidParameterSpecException {
        return Key.fromString(JSON.string(jwk)).getPublicKey();
    }

    void loadPublicKeys(ArrayList<PublicKeyEntry> arrayList, Map<String, PublicKey> map) {
        if (arrayList == null) {
            return;
        }
        Iterator<PublicKeyEntry> it = arrayList.iterator();
        while (it.hasNext()) {
            PublicKeyEntry next = it.next();
            String id = next.getId();
            String key = next.getKey();
            if (key != null && id != null) {
                try {
                    map.put(id, Crypto.loadPublicKey(Crypto.ybase64DecodeString(key)));
                } catch (Exception e) {
                    LOG.error("Invalid ZTS public key for id: {} - {}", id, e.getMessage());
                }
            }
        }
    }

    @Override // com.yahoo.athenz.zpe.pkey.PublicKeyStore
    public PublicKey getZtsKey(String str) {
        return getPublicKey(str, this.ztsPublicKeyMap);
    }

    @Override // com.yahoo.athenz.zpe.pkey.PublicKeyStore
    public PublicKey getZmsKey(String str) {
        return getPublicKey(str, this.zmsPublicKeyMap);
    }

    private PublicKey getPublicKey(String str, Map<String, PublicKey> map) {
        if (str == null) {
            return null;
        }
        PublicKey publicKey = map.get(str);
        if (publicKey == null && canReloadAthenzConfig()) {
            LOG.debug("key id: {} does not exist in public keys map, reload athenz jwks from disk", str);
            initAthenzJWKConfig();
            publicKey = map.get(str);
        }
        return publicKey;
    }

    protected boolean canReloadAthenzConfig() {
        return System.currentTimeMillis() - this.lastReloadAthenzConfigTime > this.millisBetweenReloadAthenzConfig;
    }
}
