package org.xdi.oxauth.service;

import java.lang.annotation.Annotation;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Event;
import javax.enterprise.event.Observes;
import javax.inject.Inject;
import javax.inject.Named;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.slf4j.Logger;
import org.xdi.oxauth.model.config.Conf;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.crypto.AbstractCryptoProvider;
import org.xdi.oxauth.model.crypto.CryptoProviderFactory;
import org.xdi.oxauth.service.cdi.event.KeyGenerationEvent;
import org.xdi.oxauth.uma.service.UmaRptService;
import org.xdi.service.cdi.async.Asynchronous;
import org.xdi.service.cdi.event.Scheduled;
import org.xdi.service.timer.event.TimerEvent;
import org.xdi.service.timer.schedule.TimerSchedule;

@ApplicationScoped
@Named
/* loaded from: input_file:org/xdi/oxauth/service/KeyGeneratorTimer.class */
public class KeyGeneratorTimer {
    private static final String EVENT_TYPE = "KeyGeneratorTimerEvent";
    private static final int DEFAULT_INTERVAL = 48;

    @Inject
    private Logger log;

    @Inject
    private Event<TimerEvent> timerEvent;

    @Inject
    private ConfigurationFactory configurationFactory;

    @Inject
    private LdapEntryManager ldapEntryManager;

    @Inject
    private AppConfiguration appConfiguration;
    private AtomicBoolean isActive;

    public void initTimer() {
        this.log.debug("Initializing Key Generator Timer");
        this.isActive = new AtomicBoolean(false);
        int keyRegenerationInterval = this.appConfiguration.getKeyRegenerationInterval();
        if (keyRegenerationInterval <= 0) {
            keyRegenerationInterval = DEFAULT_INTERVAL;
        }
        int i = keyRegenerationInterval * UmaRptService.DEFAULT_RPT_LIFETIME;
        this.timerEvent.fire(new TimerEvent(new TimerSchedule(i, i), new KeyGenerationEvent(), new Annotation[]{Scheduled.Literal.INSTANCE}));
    }

    @Asynchronous
    public void process(@Observes @Scheduled KeyGenerationEvent keyGenerationEvent) {
        if (this.appConfiguration.getKeyRegenerationEnabled().booleanValue() && !this.isActive.get()) {
            try {
            } catch (Exception e) {
                this.log.error(e.getMessage(), e);
            } finally {
                this.isActive.set(false);
            }
            if (this.isActive.compareAndSet(false, true)) {
                updateKeys();
            }
        }
    }

    public String updateKeys() throws JSONException, Exception {
        Conf conf = (Conf) this.ldapEntryManager.find(Conf.class, this.configurationFactory.getLdapConfiguration().getString("oxauth_ConfigurationEntryDN"));
        conf.setWebKeys(updateKeys(new JSONObject(conf.getWebKeys())).toString());
        conf.setRevision(conf.getRevision() + 1);
        this.ldapEntryManager.merge(conf);
        return conf.getWebKeys();
    }

    private JSONObject updateKeys(JSONObject jSONObject) throws Exception {
        JSONObject generateJwks = AbstractCryptoProvider.generateJwks(this.appConfiguration.getKeyRegenerationInterval(), this.appConfiguration.getIdTokenLifetime(), this.appConfiguration);
        JSONArray jSONArray = jSONObject.getJSONArray("keys");
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            if (!jSONObject2.has("exp") || jSONObject2.isNull("exp")) {
                GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                gregorianCalendar.add(10, this.appConfiguration.getKeyRegenerationInterval());
                gregorianCalendar.add(13, this.appConfiguration.getIdTokenLifetime());
                jSONObject2.put("exp", gregorianCalendar.getTimeInMillis());
                generateJwks.getJSONArray("keys").put(jSONObject2);
            } else {
                GregorianCalendar gregorianCalendar2 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                GregorianCalendar gregorianCalendar3 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                gregorianCalendar3.setTimeInMillis(jSONObject2.getLong("exp"));
                if (gregorianCalendar3.before(gregorianCalendar2)) {
                    this.log.debug("Removing JWK: {}, Expiration date: {}", jSONObject2.getString("kid"), jSONObject2.getString("exp"));
                    CryptoProviderFactory.getCryptoProvider(this.appConfiguration).deleteKey(jSONObject2.getString("kid"));
                } else {
                    generateJwks.getJSONArray("keys").put(jSONObject2);
                }
            }
        }
        return generateJwks;
    }
}
