package com.adobe.granite.auth.ims.impl.cert;

import com.adobe.granite.auth.ims.impl.cert.CachedIMSCertManagerImpl;
import com.adobe.granite.auth.ims.impl.http.client.IMSHttpClientBuilder;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.PublicKey;
import java.util.Optional;
import org.apache.http.impl.client.CloseableHttpClient;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class)
@Component(service = {IMSCertificateProvider.class}, property = {"service.description=This service provides the IMS certificate needed to validate IMS tokens offline. The certificates are cached but retrieved periodically to contemplate possible revocation."})
/* loaded from: input_file:com/adobe/granite/auth/ims/impl/cert/IMSCertificateProviderImpl.class */
public class IMSCertificateProviderImpl implements IMSCertificateProvider {
    static final String SERVICE_DESCRIPTION = "This service provides the IMS certificate needed to validate IMS tokens offline. The certificates are cached but retrieved periodically to contemplate possible revocation.";
    private final Logger log = LoggerFactory.getLogger(getClass());
    private static final String IMS_CERT_URL_ROOT = "https://static.adobelogin.com/keys/";
    private static final String IMS_CERT_URL_ROOT_PROD = "https://static.adobelogin.com/keys/prod/";
    private static final String IMS_CERT_URL_ROOT_NONPROD = "https://static.adobelogin.com/keys/nonprod/";
    private static final String AS_PROD = "ims-na1";
    private static final String AS_QA = "ims-na1-qa2";
    private static final String AS_STAGE = "ims-na1-stg1";
    private static final String AS_DEV = "ims-na1-dev1";
    private final IMSCertManager imsCertManager;

    @ObjectClassDefinition(name = "Adobe Granite IMS Certificate Provider", description = IMSCertificateProviderImpl.SERVICE_DESCRIPTION)
    /* loaded from: input_file:com/adobe/granite/auth/ims/impl/cert/IMSCertificateProviderImpl$Config.class */
    public @interface Config {
        @AttributeDefinition(name = "Disable caching", description = "Disable caching of the IMS certificates.")
        boolean ims_certificate_provider_disable_cache() default false;

        @AttributeDefinition(name = "Certificate cache TTL", description = "How many milliseconds are the certificates going to be cached.")
        long ims_certificate_provider_cache_ttl() default 86400000;

        @AttributeDefinition(name = "Cache capacity", description = "Maximum number of certificates being cached.")
        int ims_certificate_provider_cache_size() default 10;
    }

    @Activate
    public IMSCertificateProviderImpl(@Reference IMSHttpClientBuilder iMSHttpClientBuilder, Config config) {
        boolean ims_certificate_provider_disable_cache = config.ims_certificate_provider_disable_cache();
        long ims_certificate_provider_cache_ttl = config.ims_certificate_provider_cache_ttl();
        int ims_certificate_provider_cache_size = config.ims_certificate_provider_cache_size();
        CloseableHttpClient buildHttpClientWithIMSConfig = iMSHttpClientBuilder.buildHttpClientWithIMSConfig();
        if (ims_certificate_provider_disable_cache) {
            this.imsCertManager = new IMSCertManagerImpl(buildHttpClientWithIMSConfig);
        } else {
            this.imsCertManager = new CachedIMSCertManagerImpl.Builder().withCacheSize(ims_certificate_provider_cache_size).withCacheTTL(ims_certificate_provider_cache_ttl).withHttpClient(buildHttpClientWithIMSConfig).build();
        }
    }

    @Deactivate
    void deactivate() {
        this.log.info("deactivate: closing IMS Cert Manager.");
        try {
            this.imsCertManager.close();
        } catch (Exception e) {
            this.log.error("deactivate: exception thrown when closing IMS Cert Manager: ", e);
        }
    }

    @Override // com.adobe.granite.auth.ims.impl.cert.IMSCertificateProvider
    @NotNull
    public Optional<PublicKey> getCert(@Nullable String str, @Nullable String str2) {
        if (str == null) {
            this.log.warn("getCert: Unexpected null in as parameter, no certificate provided");
            return Optional.empty();
        }
        if (str2 == null) {
            this.log.warn("getCert: Unexpected null in x5u parameter, no certificate provided");
            return Optional.empty();
        }
        Optional<URI> buildURL = buildURL(str, str2);
        if (!buildURL.isPresent()) {
            this.log.warn("getCert: Error building certificate URL");
            return Optional.empty();
        }
        Optional<PublicKey> cert = this.imsCertManager.getCert(buildURL.get());
        if (cert.isPresent()) {
            this.log.debug("getCert: certificate retrieved successfully");
            return cert;
        }
        this.log.warn("getCert: Error retrieving certificate from URL: {}", buildURL);
        return Optional.empty();
    }

    @NotNull
    private Optional<URI> buildURL(@NotNull String str, @NotNull String str2) {
        String str3;
        boolean z = -1;
        switch (str.hashCode()) {
            case 1436642997:
                if (str.equals(AS_QA)) {
                    z = 2;
                    break;
                }
                break;
            case 1585878665:
                if (str.equals(AS_DEV)) {
                    z = 3;
                    break;
                }
                break;
            case 1586339480:
                if (str.equals(AS_STAGE)) {
                    z = true;
                    break;
                }
                break;
            case 1926837728:
                if (str.equals(AS_PROD)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                str3 = IMS_CERT_URL_ROOT_PROD + str2;
                break;
            case true:
            case true:
            case true:
                str3 = IMS_CERT_URL_ROOT_NONPROD + str2;
                break;
            default:
                this.log.warn("buildURL: Unexpected value in 'as' parameter: {}, unable to identify IMS environment", str);
                return Optional.empty();
        }
        try {
            URI uri = new URL(str3).toURI();
            this.log.debug("buildURL: URL built successfully: {}", uri);
            return Optional.ofNullable(uri);
        } catch (MalformedURLException | URISyntaxException e) {
            this.log.warn("buildURL: Unable to build URL from token parameters, as: {}, x5u: {}", str, str2);
            return Optional.empty();
        }
    }
}
