package org.springframework.security.oauth2.server.authorization.web;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpMethod;
import org.springframework.security.crypto.keys.KeyManager;
import org.springframework.security.crypto.keys.ManagedKey;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/JwkSetEndpointFilter.class */
public class JwkSetEndpointFilter extends OncePerRequestFilter {
    public static final String DEFAULT_JWK_SET_ENDPOINT_URI = "/oauth2/jwks";
    private final KeyManager keyManager;
    private final RequestMatcher requestMatcher;

    public JwkSetEndpointFilter(KeyManager keyManager) {
        this(keyManager, DEFAULT_JWK_SET_ENDPOINT_URI);
    }

    public JwkSetEndpointFilter(KeyManager keyManager, String str) {
        Assert.notNull(keyManager, "keyManager cannot be null");
        Assert.hasText(str, "jwkSetEndpointUri cannot be empty");
        this.keyManager = keyManager;
        this.requestMatcher = new AntPathRequestMatcher(str, HttpMethod.GET.name());
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.requestMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        JWKSet buildJwkSet = buildJwkSet();
        httpServletResponse.setContentType("application/json");
        PrintWriter writer = httpServletResponse.getWriter();
        Throwable th = null;
        try {
            try {
                writer.write(buildJwkSet.toJSONObject().toString());
                if (writer != null) {
                    if (0 == 0) {
                        writer.close();
                        return;
                    }
                    try {
                        writer.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (writer != null) {
                if (th != null) {
                    try {
                        writer.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    writer.close();
                }
            }
            throw th4;
        }
    }

    private JWKSet buildJwkSet() {
        return new JWKSet((List) this.keyManager.getKeys().stream().filter(managedKey -> {
            return managedKey.isActive() && managedKey.isAsymmetric();
        }).map(this::convert).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList()));
    }

    private JWK convert(ManagedKey managedKey) {
        RSAKey rSAKey = null;
        if (managedKey.getPublicKey() instanceof RSAPublicKey) {
            rSAKey = new RSAKey.Builder((RSAPublicKey) managedKey.getPublicKey()).keyUse(KeyUse.SIGNATURE).algorithm(JWSAlgorithm.RS256).keyID(managedKey.getKeyId()).build();
        } else if (managedKey.getPublicKey() instanceof ECPublicKey) {
            ECPublicKey eCPublicKey = (ECPublicKey) managedKey.getPublicKey();
            rSAKey = new ECKey.Builder(Curve.forECParameterSpec(eCPublicKey.getParams()), eCPublicKey).keyUse(KeyUse.SIGNATURE).algorithm(JWSAlgorithm.ES256).keyID(managedKey.getKeyId()).build();
        }
        return rSAKey;
    }
}
