package io.confluent.kafka.clients.plugins.auth.jwt;

import io.confluent.shaded.org.slf4j.Logger;
import io.confluent.shaded.org.slf4j.LoggerFactory;
import java.io.Closeable;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.util.Collections;
import java.util.List;
import java.util.Random;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.kafka.common.config.ConfigException;
import org.jose4j.http.SimpleGet;
import org.jose4j.jwk.HttpsJwks;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:io/confluent/kafka/clients/plugins/auth/jwt/AsyncHttpsJwks.class */
public final class AsyncHttpsJwks extends HttpsJwks implements Closeable {
    private final ScheduledExecutorService scheduler;
    private final AtomicReference<List<JsonWebKey>> jwks;
    private static final int DEFAULT_MIN_ERROR_BACKOFF_INTERVAL_MS = 100;
    private static final int DEFAULT_MAX_ERROR_BACKOFF_INTERVAL_MS = 500;
    public static final long DEFAULT_REFRESH_INTERVAL_MS = 3600000;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AsyncHttpsJwks.class);
    private static final Random RANDOM = new Random();

    public AsyncHttpsJwks(URI uri) {
        this(uri.toString());
    }

    public AsyncHttpsJwks(String str) {
        this(str, false, 3600000L);
    }

    public AsyncHttpsJwks(String str, boolean z, long j) {
        this(null, str, z, j);
    }

    public AsyncHttpsJwks(SimpleGet simpleGet, String str, boolean z, long j) {
        super(str);
        this.jwks = new AtomicReference<>();
        if (simpleGet != null) {
            setSimpleHttpGet(simpleGet);
        }
        j = j <= 0 ? 3600000L : j;
        validateJwksEndpoint(str, z);
        this.jwks.set(Collections.emptyList());
        setDefaultCacheDuration(j);
        this.scheduler = Executors.newSingleThreadScheduledExecutor();
        this.scheduler.scheduleAtFixedRate(this::refreshTask, 0L, j, TimeUnit.MILLISECONDS);
        log.info("Validation key refresh thread started with a refresh interval of {} ms.", Long.valueOf(j));
    }

    private void validateJwksEndpoint(String str, boolean z) {
        try {
            if (new URL(str).getProtocol().equalsIgnoreCase("https") || z) {
            } else {
                throw new ConfigException("Jwks endpoint must use HTTPS protocol.");
            }
        } catch (MalformedURLException e) {
            throw new ConfigException("Malformed JWKs endpoint.", e);
        }
    }

    private void refreshTask() {
        try {
            super.refresh();
            this.jwks.set(super.getJsonWebKeys());
        } catch (IOException | JoseException e) {
            log.error(String.format("Failed to obtain jwks from %s: %s", getLocation(), e.getMessage()));
            this.scheduler.schedule(this::refreshTask, retryBackoff(), TimeUnit.MILLISECONDS);
        }
    }

    @Override // org.jose4j.jwk.HttpsJwks
    public void refresh() {
        log.info("scheduling validation key refresh");
        this.scheduler.schedule(this::refreshTask, 0L, TimeUnit.MILLISECONDS);
    }

    void syncRefresh() {
        refreshTask();
    }

    private int retryBackoff() {
        return RANDOM.nextInt(400) + 100;
    }

    @Override // org.jose4j.jwk.HttpsJwks
    public List<JsonWebKey> getJsonWebKeys() {
        return this.jwks.get();
    }

    public boolean isRunning() {
        return (this.scheduler == null || this.scheduler.isShutdown()) ? false : true;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (isRunning()) {
            log.info("Shutting scheduler down.");
            this.scheduler.shutdownNow();
        }
    }
}
