package com.appiancorp.connectedenvironments.service;

import com.appiancorp.connectedenvironments.ConnectedEnvironmentAuthenticationContext;
import com.appiancorp.connectedenvironments.ConnectedEnvironmentAuthenticationException;
import com.appiancorp.connectedenvironments.ConnectedEnvironmentPublicKeyRetriever;
import com.appiancorp.connectedenvironments.persistence.ConnectedEnvironment;
import com.appiancorp.connectedenvironments.persistence.ConnectedEnvironmentPublicKey;
import com.appiancorp.connectedenvironments.persistence.ConnectedEnvironmentPublicKeyDao;
import com.appiancorp.connectedenvironments.persistence.ConnectedEnvironmentsServiceProvider;
import com.appiancorp.securetoken.InvalidSignatureException;
import com.appiancorp.securetoken.Token;
import java.security.PublicKey;
import java.util.Optional;

/* loaded from: input_file:com/appiancorp/connectedenvironments/service/ConnectedEnvironmentAuthenticationContextFactory.class */
class ConnectedEnvironmentAuthenticationContextFactory {
    private final ConnectedEnvironmentsServiceProvider connectedEnvironmentsServiceProvider;
    private final ConnectedEnvironmentPublicKeyRetriever connectedEnvironmentPublicKeyRetriever;
    private final ConnectedEnvironmentRequestDtoMapper dtoMapper;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConnectedEnvironmentAuthenticationContextFactory(ConnectedEnvironmentsServiceProvider connectedEnvironmentsServiceProvider, ConnectedEnvironmentPublicKeyRetriever connectedEnvironmentPublicKeyRetriever, ConnectedEnvironmentRequestDtoMapper connectedEnvironmentRequestDtoMapper) {
        this.connectedEnvironmentsServiceProvider = connectedEnvironmentsServiceProvider;
        this.connectedEnvironmentPublicKeyRetriever = connectedEnvironmentPublicKeyRetriever;
        this.dtoMapper = connectedEnvironmentRequestDtoMapper;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConnectedEnvironmentAuthenticationContext createAuthenticationContext(String str, boolean z, String str2) throws ConnectedEnvironmentAuthenticationException {
        PublicKey retrievePublicKey;
        Token verify;
        String stringClaim = Token.decoder().withToken(str).decode().getStringClaim("iss");
        if (stringClaim == null) {
            throw new ConnectedEnvironmentAuthenticationException(ConnectedEnvironmentAuthenticationException.Reason.NO_ISSUER);
        }
        Optional<ConnectedEnvironment> findConnectedEnvironmentForUrl = findConnectedEnvironmentForUrl(stringClaim);
        if (z) {
            verifyConnectedEnvironment(findConnectedEnvironmentForUrl);
        }
        boolean z2 = false;
        ConnectedEnvironmentPublicKeyDao connectedEnvironmentPublicKeyDao = this.connectedEnvironmentsServiceProvider.getConnectedEnvironmentPublicKeyDao();
        Optional findByUrl = connectedEnvironmentPublicKeyDao.findByUrl(stringClaim);
        if (findByUrl.isPresent()) {
            retrievePublicKey = ((ConnectedEnvironmentPublicKey) findByUrl.get()).getPublicKey();
        } else {
            retrievePublicKey = retrievePublicKey(stringClaim);
            connectedEnvironmentPublicKeyDao.storeKeyForUrl(stringClaim, retrievePublicKey);
            z2 = true;
        }
        try {
            verify = JwtUtils.verify(retrievePublicKey, str);
        } catch (InvalidSignatureException e) {
            if (z2) {
                throw e;
            }
            PublicKey retrievePublicKey2 = retrievePublicKey(stringClaim);
            verify = JwtUtils.verify(retrievePublicKey2, str);
            connectedEnvironmentPublicKeyDao.storeKeyForUrl(stringClaim, retrievePublicKey2);
        }
        return new ConnectedEnvironmentAuthenticationContext(this.dtoMapper.toConnectedEnvironmentDto(findConnectedEnvironmentForUrl.orElse(null)), str, verify, str2);
    }

    private PublicKey retrievePublicKey(String str) throws ConnectedEnvironmentAuthenticationException {
        return this.connectedEnvironmentPublicKeyRetriever.retrievePublicKey(str).orElseThrow(() -> {
            return new ConnectedEnvironmentAuthenticationException(ConnectedEnvironmentAuthenticationException.Reason.NO_PUBLIC_KEY);
        });
    }

    void verifyConnectedEnvironment(Optional<ConnectedEnvironment> optional) throws ConnectedEnvironmentAuthenticationException {
        if (!optional.isPresent() || !optional.get().isEnabled()) {
            throw new ConnectedEnvironmentAuthenticationException(ConnectedEnvironmentAuthenticationException.Reason.INVALID_ISSUER);
        }
    }

    private Optional<ConnectedEnvironment> findConnectedEnvironmentForUrl(String str) {
        return this.connectedEnvironmentsServiceProvider.getConnectedEnvironmentDao().findByUrl(str);
    }
}
