package io.confluent.security.authentication.oauthbearer;

import io.confluent.security.util.SecurityContext;
import io.confluent.shaded.com.fasterxml.jackson.annotation.JsonProperty;
import io.confluent.shaded.com.fasterxml.jackson.annotation.JsonSetter;
import io.confluent.shaded.com.fasterxml.jackson.annotation.Nulls;
import io.confluent.shaded.com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import java.util.Collection;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import org.jose4j.http.Get;
import org.jose4j.http.SimpleGet;
import org.jose4j.jwk.HttpsJwks;
import org.jose4j.jwt.consumer.JwtConsumer;
import org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver;

@JsonDeserialize(builder = Builder.class)
/* loaded from: input_file:io/confluent/security/authentication/oauthbearer/JwtIssuerJwks.class */
public final class JwtIssuerJwks extends JwtIssuer {
    private final String name;
    private final Set<String> audience;
    private final String jwksUri;
    private final SimpleGet simpleGet;
    private JwtConsumer consumer;

    /* loaded from: input_file:io/confluent/security/authentication/oauthbearer/JwtIssuerJwks$Builder.class */
    public static class Builder {
        private String name;
        private Set<String> audience;
        private String jwksUri;
        private SimpleGet client;

        private Builder() {
        }

        @JsonSetter("name")
        public Builder name(String str) {
            this.name = str;
            return this;
        }

        @JsonSetter(value = "audience", nulls = Nulls.AS_EMPTY)
        public Builder audience(Set<String> set) {
            this.audience = set;
            return this;
        }

        @JsonProperty("jwksUri")
        public Builder jwksUri(String str) {
            this.jwksUri = str;
            return this;
        }

        Builder simpleGet(SimpleGet simpleGet) {
            this.client = simpleGet;
            return this;
        }

        public JwtIssuerJwks build() {
            Objects.requireNonNull(this.jwksUri, "jwksUri must not be null");
            Objects.requireNonNull(this.name, "name must not be null");
            return new JwtIssuerJwks(this.name, this.audience == null ? Collections.emptySet() : this.audience, this.jwksUri, this.client == null ? new Get() : this.client);
        }
    }

    private JwtIssuerJwks(String str, Set<String> set, String str2, SimpleGet simpleGet) {
        this.name = str;
        this.audience = Collections.unmodifiableSet(set);
        this.jwksUri = str2;
        this.simpleGet = simpleGet;
    }

    @Override // io.confluent.security.authentication.oauthbearer.JwtIssuer
    @JsonProperty("name")
    public String name() {
        return this.name;
    }

    @Override // io.confluent.security.authentication.oauthbearer.JwtIssuer
    @JsonProperty("audience")
    public Set<String> audience() {
        return this.audience;
    }

    @JsonProperty("jwksUri")
    public String jwksUri() {
        return this.jwksUri;
    }

    @Override // io.confluent.security.authentication.oauthbearer.JwtIssuer
    public ConstrainedVerificationKeyResolver keyResolver(Collection<Constraint> collection, SecurityContext securityContext) {
        HttpsJwks httpsJwks = new HttpsJwks(this.jwksUri);
        httpsJwks.setSimpleHttpGet(this.simpleGet);
        return new ConstrainedVerificationKeyResolver(new HttpsJwksVerificationKeyResolver(httpsJwks), collection);
    }

    @Override // io.confluent.security.authentication.oauthbearer.JwtIssuer
    public JwtConsumer createConsumer(Collection<Constraint> collection, boolean z, SecurityContext securityContext) {
        if (this.consumer == null) {
            this.consumer = super.createConsumer(collection, z, securityContext);
        }
        return this.consumer;
    }

    public static Builder builder() {
        return new Builder();
    }
}
