package com.azure.spring.aad;

import com.azure.spring.autoconfigure.aad.AADTokenClaim;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.KeySourceException;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.JWSAlgorithmFamilyJWSKeySelector;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.JWTClaimsSetAwareJWSKeySelector;
import java.net.URL;
import java.security.Key;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:com/azure/spring/aad/AADIssuerJWSKeySelector.class */
public class AADIssuerJWSKeySelector implements JWTClaimsSetAwareJWSKeySelector<SecurityContext> {
    private final AADTrustedIssuerRepository trustedIssuerRepo;
    private final int connectTimeout;
    private final int readTimeout;
    private final int sizeLimit;
    private final Map<String, JWSKeySelector<SecurityContext>> selectors = new ConcurrentHashMap();

    public AADIssuerJWSKeySelector(AADTrustedIssuerRepository aADTrustedIssuerRepository, int i, int i2, int i3) {
        this.trustedIssuerRepo = aADTrustedIssuerRepository;
        this.connectTimeout = i;
        this.readTimeout = i2;
        this.sizeLimit = i3;
    }

    public List<? extends Key> selectKeys(JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet, SecurityContext securityContext) throws KeySourceException {
        String str = (String) jWTClaimsSet.getClaim(AADTokenClaim.ISS);
        if (this.trustedIssuerRepo.isTrusted(str)) {
            return this.selectors.computeIfAbsent(str, this::fromIssuer).selectJWSKeys(jWSHeader, securityContext);
        }
        throw new IllegalArgumentException("The issuer: '" + str + "' is not registered in trusted issuer repository, so cannot create JWSKeySelector.");
    }

    private JWSKeySelector<SecurityContext> fromIssuer(String str) {
        String obj = AADJwtDecoderProviderConfiguration.getConfigurationForOidcIssuerLocation(getOidcIssuerLocation(str)).get("jwks_uri").toString();
        try {
            return JWSAlgorithmFamilyJWSKeySelector.fromJWKSource(new RemoteJWKSet(new URL(obj), new DefaultResourceRetriever(this.connectTimeout, this.readTimeout, this.sizeLimit)));
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    private String getOidcIssuerLocation(String str) {
        return this.trustedIssuerRepo.hasSpecialOidcIssuerLocation(str) ? this.trustedIssuerRepo.getSpecialOidcIssuerLocation(str) : str;
    }
}
