package io.confluent.security.authentication.oauthbearer;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonSetter;
import com.fasterxml.jackson.annotation.Nulls;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import io.confluent.security.util.SecurityContext;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.apache.kafka.server.license.LicenseTrackingInfoHolder;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.keys.EcKeyUtil;
import org.jose4j.keys.RsaKeyUtil;
import org.jose4j.keys.resolvers.JwksVerificationKeyResolver;
import org.jose4j.lang.JoseException;

@JsonDeserialize(builder = Builder.class)
/* loaded from: input_file:io/confluent/security/authentication/oauthbearer/JwtIssuerStatic.class */
public final class JwtIssuerStatic extends JwtIssuer {
    private final String name;
    private final Set<String> audience;
    private final JsonWebKeySet jwks;

    /* loaded from: input_file:io/confluent/security/authentication/oauthbearer/JwtIssuerStatic$Builder.class */
    public static class Builder {
        private String name;
        private Set<String> audience;
        private List<String> pems;

        private Builder() {
        }

        @JsonSetter("name")
        public Builder name(String str) {
            this.name = str;
            return this;
        }

        @JsonSetter(value = LicenseTrackingInfoHolder.AUDIENCE_STR, nulls = Nulls.AS_EMPTY)
        public Builder audience(Set<String> set) {
            this.audience = set;
            return this;
        }

        @JsonSetter(value = "pems", nulls = Nulls.AS_EMPTY)
        public Builder pems(List<String> list) {
            this.pems = list;
            return this;
        }

        public JwtIssuerStatic build() throws JoseException, InvalidKeySpecException {
            return new JwtIssuerStatic(this.name, this.audience == null ? Collections.emptySet() : this.audience, jwks(this.pems));
        }

        private JsonWebKeySet jwks(List<String> list) throws JoseException, InvalidKeySpecException {
            JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(new JsonWebKey[0]);
            RsaKeyUtil rsaKeyUtil = new RsaKeyUtil();
            EcKeyUtil ecKeyUtil = new EcKeyUtil();
            for (String str : list) {
                try {
                    jsonWebKeySet.addJsonWebKey(new RsaJsonWebKey((RSAPublicKey) rsaKeyUtil.fromPemEncoded(str)));
                } catch (InvalidKeySpecException e) {
                    jsonWebKeySet.addJsonWebKey(new EllipticCurveJsonWebKey((ECPublicKey) ecKeyUtil.fromPemEncoded(str)));
                }
            }
            return jsonWebKeySet;
        }
    }

    public JwtIssuerStatic(String str, Set<String> set, JsonWebKeySet jsonWebKeySet) {
        this.name = str;
        this.audience = Collections.unmodifiableSet(set);
        this.jwks = jsonWebKeySet;
    }

    @Override // io.confluent.security.authentication.oauthbearer.JwtIssuer
    @JsonProperty("name")
    public String name() {
        return this.name;
    }

    @Override // io.confluent.security.authentication.oauthbearer.JwtIssuer
    @JsonProperty(LicenseTrackingInfoHolder.AUDIENCE_STR)
    public Set<String> audience() {
        return this.audience;
    }

    @JsonIgnore
    JsonWebKeySet jwks() {
        return this.jwks;
    }

    @Override // io.confluent.security.authentication.oauthbearer.JwtIssuer
    public ConstrainedVerificationKeyResolver keyResolver(Collection<Constraint> collection, SecurityContext securityContext) {
        return new ConstrainedVerificationKeyResolver(new JwksVerificationKeyResolver(this.jwks.getJsonWebKeys()), collection);
    }

    public static Builder builder() {
        return new Builder();
    }
}
