package io.avaje.oauth2.core.jwt;

import io.avaje.oauth2.core.data.JsonDataMapper;
import io.avaje.oauth2.core.data.KeySet;
import java.io.IOException;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.PublicKey;
import java.time.Duration;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:io/avaje/oauth2/core/jwt/RemoteKeySetSource.class */
final class RemoteKeySetSource implements JwtKeySource {
    private final HttpClient httpClient;
    private final URI jwksUri;
    private final JsonDataMapper jsonMapper;
    private final ConcurrentHashMap<String, PublicKey> publicKeys = new ConcurrentHashMap<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    public RemoteKeySetSource(String str, HttpClient httpClient, JsonDataMapper jsonDataMapper) {
        this.httpClient = httpClient;
        this.jwksUri = URI.create(str);
        this.jsonMapper = jsonDataMapper;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtKeySource build() {
        reloadKeys();
        return this;
    }

    private void reloadKeys() {
        for (KeySet.KeyInfo keyInfo : readKeySet().keys()) {
            this.publicKeys.put(keyInfo.kid(), UtilRSA.createRsaKey(keyInfo));
        }
    }

    @Override // io.avaje.oauth2.core.jwt.JwtKeySource
    public PublicKey key(String str) throws JwtKeyException {
        PublicKey publicKey = this.publicKeys.get(str);
        if (publicKey != null) {
            return publicKey;
        }
        reloadKeys();
        PublicKey publicKey2 = this.publicKeys.get(str);
        if (publicKey2 == null) {
            throw new JwtKeyException("Unable to provide key for " + str);
        }
        return publicKey2;
    }

    private KeySet readKeySet() {
        return this.jsonMapper.readKeySet(readBody());
    }

    private String readBody() {
        try {
            HttpResponse send = this.httpClient.send(request(), HttpResponse.BodyHandlers.ofString());
            if (send.statusCode() < 400) {
                return (String) send.body();
            }
            throw new JwtKeyException("Unexpected status code " + send.statusCode() + " obtaining jwks json from " + String.valueOf(this.jwksUri));
        } catch (IOException e) {
            throw new JwtKeyException("Error obtaining remote Key", e);
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            throw new JwtKeyException("Error obtaining remote Key", e2);
        }
    }

    private HttpRequest request() {
        return HttpRequest.newBuilder().timeout(Duration.ofMillis(5000L)).uri(this.jwksUri).GET().build();
    }
}
