package org.xdi.oxauth.service;

import java.util.GregorianCalendar;
import java.util.TimeZone;
import java.util.concurrent.atomic.AtomicBoolean;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.async.Asynchronous;
import org.jboss.seam.async.TimerSchedule;
import org.jboss.seam.core.Events;
import org.jboss.seam.log.Log;
import org.xdi.oxauth.model.config.Conf;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.crypto.AbstractCryptoProvider;
import org.xdi.oxauth.model.crypto.CryptoProviderFactory;

@Name("keyGeneratorTimer")
@AutoCreate
@Scope(ScopeType.APPLICATION)
/* loaded from: input_file:org/xdi/oxauth/service/KeyGeneratorTimer.class */
public class KeyGeneratorTimer {
    private static final String EVENT_TYPE = "KeyGeneratorTimerEvent";
    private static final int DEFAULT_INTERVAL = 48;

    @Logger
    private Log log;

    @In
    private ConfigurationFactory configurationFactory;

    @In
    private LdapEntryManager ldapEntryManager;

    @In
    private AppConfiguration appConfiguration;
    private AtomicBoolean isActive;

    @Observer({"org.jboss.seam.postInitialization"})
    public void init() {
        this.log.debug("Initializing KeyGeneratorTimer", new Object[0]);
        this.isActive = new AtomicBoolean(false);
        long keyRegenerationInterval = this.appConfiguration.getKeyRegenerationInterval();
        if (keyRegenerationInterval <= 0) {
            keyRegenerationInterval = 48;
        }
        long j = keyRegenerationInterval * 3600 * 1000;
        Events.instance().raiseTimedEvent(EVENT_TYPE, new TimerSchedule(Long.valueOf(j), Long.valueOf(j)), new Object[0]);
    }

    @Observer({EVENT_TYPE})
    @Asynchronous
    public void process() {
        if (this.appConfiguration.getKeyRegenerationEnabled().booleanValue() && !this.isActive.get()) {
            try {
                if (this.isActive.compareAndSet(false, true)) {
                    try {
                        updateKeys();
                        this.isActive.set(false);
                    } catch (Exception e) {
                        this.log.error(e.getMessage(), e, new Object[0]);
                        this.isActive.set(false);
                    }
                }
            } catch (Throwable th) {
                this.isActive.set(false);
                throw th;
            }
        }
    }

    public String updateKeys() throws JSONException, Exception {
        Conf conf = (Conf) this.ldapEntryManager.find(Conf.class, this.configurationFactory.getLdapConfiguration().getString("configurationEntryDN"));
        conf.setWebKeys(updateKeys(new JSONObject(conf.getWebKeys())).toString());
        conf.setRevision(conf.getRevision() + 1);
        this.ldapEntryManager.merge(conf);
        return conf.getWebKeys();
    }

    private JSONObject updateKeys(JSONObject jSONObject) throws Exception {
        JSONObject generateJwks = AbstractCryptoProvider.generateJwks(this.appConfiguration.getKeyRegenerationInterval(), this.appConfiguration.getIdTokenLifetime(), this.appConfiguration);
        JSONArray jSONArray = jSONObject.getJSONArray("keys");
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            if (!jSONObject2.has("exp") || jSONObject2.isNull("exp")) {
                GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                gregorianCalendar.add(10, this.appConfiguration.getKeyRegenerationInterval());
                gregorianCalendar.add(13, this.appConfiguration.getIdTokenLifetime());
                jSONObject2.put("exp", gregorianCalendar.getTimeInMillis());
                generateJwks.getJSONArray("keys").put(jSONObject2);
            } else {
                GregorianCalendar gregorianCalendar2 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                GregorianCalendar gregorianCalendar3 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                gregorianCalendar3.setTimeInMillis(jSONObject2.getLong("exp"));
                if (gregorianCalendar3.before(gregorianCalendar2)) {
                    this.log.debug("Removing JWK: {0}, Expiration date: {1}", new Object[]{jSONObject2.getString("kid"), jSONObject2.getString("exp")});
                    CryptoProviderFactory.getCryptoProvider(this.appConfiguration).deleteKey(jSONObject2.getString("kid"));
                } else {
                    generateJwks.getJSONArray("keys").put(jSONObject2);
                }
            }
        }
        return generateJwks;
    }

    public static KeyGeneratorTimer instance() {
        return (KeyGeneratorTimer) Component.getInstance(KeyGeneratorTimer.class);
    }
}
