package com.google.api.auth;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequestFactory;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.io.IOException;
import java.net.URI;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:com/google/api/auth/DefaultKeyUriSupplier.class */
public class DefaultKeyUriSupplier implements KeyUriSupplier {
    private static final String HTTPS_PROTOCOL_PREFIX = "https://";
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    private static final String OPEN_ID_CONFIG_PATH = ".well-known/openid-configuration";
    private final HttpRequestFactory httpRequestFactory;
    private final Map<String, IssuerKeyUrlConfig> issuerKeyUrls;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/api/auth/DefaultKeyUriSupplier$ProviderMetadata.class */
    public static final class ProviderMetadata {
        private final String jwksUri;

        ProviderMetadata(@JsonProperty("jwks_uri") String str) {
            Preconditions.checkArgument(!Strings.isNullOrEmpty(str));
            this.jwksUri = str;
        }

        String getJwksUri() {
            return this.jwksUri;
        }
    }

    public DefaultKeyUriSupplier(HttpRequestFactory httpRequestFactory, Map<String, IssuerKeyUrlConfig> map) {
        Preconditions.checkNotNull(httpRequestFactory);
        Preconditions.checkNotNull(map);
        this.httpRequestFactory = httpRequestFactory;
        this.issuerKeyUrls = new ConcurrentHashMap(map);
    }

    @Override // com.google.api.auth.KeyUriSupplier
    public Optional<GenericUrl> supply(String str) {
        Preconditions.checkNotNull(str);
        if (!this.issuerKeyUrls.containsKey(str)) {
            return Optional.absent();
        }
        IssuerKeyUrlConfig issuerKeyUrlConfig = this.issuerKeyUrls.get(str);
        Optional<GenericUrl> jwksUri = issuerKeyUrlConfig.getJwksUri();
        if (jwksUri.isPresent()) {
            return jwksUri;
        }
        if (!issuerKeyUrlConfig.isOpenIdValid()) {
            return Optional.absent();
        }
        Optional<GenericUrl> discoverJwksUri = discoverJwksUri(str);
        this.issuerKeyUrls.put(str, new IssuerKeyUrlConfig(false, discoverJwksUri));
        return discoverJwksUri;
    }

    private Optional<GenericUrl> discoverJwksUri(String str) {
        return Optional.of(retrieveRemoteJwksUri(constructOpenIdUrl(str)));
    }

    private GenericUrl retrieveRemoteJwksUri(String str) {
        try {
            return new GenericUrl(((ProviderMetadata) OBJECT_MAPPER.readValue(this.httpRequestFactory.buildGetRequest(new GenericUrl(str)).execute().parseAsString(), ProviderMetadata.class)).getJwksUri());
        } catch (IOException e) {
            throw new UnauthenticatedException("Cannot retrieve or parse OpenId Provider Metadata", e);
        }
    }

    private static String constructOpenIdUrl(String str) {
        String str2 = str;
        if (!URI.create(str).isAbsolute()) {
            str2 = HTTPS_PROTOCOL_PREFIX + str;
        }
        if (!str2.endsWith("/")) {
            str2 = str2 + "/";
        }
        return str2 + OPEN_ID_CONFIG_PATH;
    }
}
