package com.google.api.auth;

import endpoints.repackaged.com.fasterxml.jackson.core.type.TypeReference;
import endpoints.repackaged.com.fasterxml.jackson.databind.ObjectMapper;
import endpoints.repackaged.com.google.api.client.http.GenericUrl;
import endpoints.repackaged.com.google.api.client.http.HttpRequestFactory;
import endpoints.repackaged.com.google.api.client.util.Preconditions;
import endpoints.repackaged.com.google.common.annotations.VisibleForTesting;
import endpoints.repackaged.com.google.common.base.Optional;
import endpoints.repackaged.com.google.common.collect.ImmutableList;
import endpoints.repackaged.org.jose4j.jwk.EllipticCurveJsonWebKey;
import endpoints.repackaged.org.jose4j.jwk.JsonWebKey;
import endpoints.repackaged.org.jose4j.jwk.JsonWebKeySet;
import endpoints.repackaged.org.jose4j.jwk.RsaJsonWebKey;
import endpoints.repackaged.org.jose4j.keys.X509Util;
import endpoints.repackaged.org.jose4j.lang.JoseException;
import java.io.IOException;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Map;

/* loaded from: input_file:com/google/api/auth/DefaultJwksSupplier.class */
public class DefaultJwksSupplier implements JwksSupplier {

    @VisibleForTesting
    static final String X509_CERT_PREFIX = "-----BEGIN CERTIFICATE-----";

    @VisibleForTesting
    static final String X509_CERT_SUFFIX = "-----END CERTIFICATE-----";
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    private final HttpRequestFactory httpRequestFactory;
    private final KeyUriSupplier keyUriSupplier;

    public DefaultJwksSupplier(HttpRequestFactory httpRequestFactory, KeyUriSupplier keyUriSupplier) {
        this.httpRequestFactory = (HttpRequestFactory) Preconditions.checkNotNull(httpRequestFactory);
        this.keyUriSupplier = (KeyUriSupplier) Preconditions.checkNotNull(keyUriSupplier);
    }

    @Override // com.google.api.auth.JwksSupplier
    public JsonWebKeySet supply(String str) {
        Preconditions.checkNotNull(str);
        Optional<GenericUrl> supply = this.keyUriSupplier.supply(str);
        if (!supply.isPresent()) {
            throw new UnauthenticatedException(String.format("Cannot find the jwks_uri for issuer %s: either the issuer is unknown or the OpenID discovery failed", str));
        }
        String retrieveJwksJson = retrieveJwksJson(supply.get());
        return ((Map) parse(retrieveJwksJson, new TypeReference<Map<String, Object>>() { // from class: com.google.api.auth.DefaultJwksSupplier.1
        })).containsKey(JsonWebKeySet.JWK_SET_MEMBER_NAME) ? extractJwks(retrieveJwksJson) : extractX509Certificate(retrieveJwksJson);
    }

    private String retrieveJwksJson(GenericUrl genericUrl) {
        try {
            return this.httpRequestFactory.buildGetRequest(genericUrl).execute().parseAsString();
        } catch (IOException e) {
            throw new UnauthenticatedException(String.format("Cannot retrive the JWKS json from %s", genericUrl.build()), e);
        }
    }

    private static <T> T parse(String str, TypeReference<T> typeReference) {
        try {
            return (T) OBJECT_MAPPER.readValue(str, typeReference);
        } catch (IOException e) {
            throw new UnauthenticatedException("Cannot parse the JSON string", e);
        }
    }

    private JsonWebKeySet extractX509Certificate(String str) {
        Map map = (Map) parse(str, new TypeReference<Map<String, String>>() { // from class: com.google.api.auth.DefaultJwksSupplier.2
        });
        ImmutableList.Builder builder = ImmutableList.builder();
        X509Util x509Util = new X509Util();
        for (Map.Entry entry : map.entrySet()) {
            try {
                JsonWebKey jsonWebKey = toJsonWebKey(x509Util.fromBase64Der(((String) entry.getValue()).trim().replace(X509_CERT_PREFIX, "").replace(X509_CERT_SUFFIX, "")).getPublicKey());
                jsonWebKey.setKeyId((String) entry.getKey());
                builder.add((ImmutableList.Builder) jsonWebKey);
            } catch (JoseException e) {
                throw new UnauthenticatedException("Failed to parse public key", e);
            }
        }
        return new JsonWebKeySet(builder.build());
    }

    private static JsonWebKeySet extractJwks(String str) {
        try {
            return new JsonWebKeySet(str);
        } catch (JoseException e) {
            throw new UnauthenticatedException("Cannot create a JsonWebKeySet");
        }
    }

    private static JsonWebKey toJsonWebKey(PublicKey publicKey) {
        if (publicKey instanceof RSAPublicKey) {
            return new RsaJsonWebKey((RSAPublicKey) publicKey);
        }
        if (publicKey instanceof ECPublicKey) {
            return new EllipticCurveJsonWebKey((ECPublicKey) publicKey);
        }
        throw new UnauthenticatedException("Unsupported public key type: " + publicKey.getClass().getSimpleName());
    }
}
