package org.apache.kafka.common.security.oauthbearer.internals.secured;

import java.net.URL;
import java.util.Locale;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.utils.Time;
import org.jose4j.http.Get;
import org.jose4j.jwk.HttpsJwks;

/* loaded from: input_file:BOOT-INF/lib/kafka-clients-3.6.1.jar:org/apache/kafka/common/security/oauthbearer/internals/secured/VerificationKeyResolverFactory.class */
public class VerificationKeyResolverFactory {
    public static CloseableVerificationKeyResolver create(Map<String, ?> map, Map<String, Object> map2) {
        return create(map, null, map2);
    }

    public static CloseableVerificationKeyResolver create(Map<String, ?> map, String str, Map<String, Object> map2) {
        ConfigurationUtils configurationUtils = new ConfigurationUtils(map, str);
        URL validateUrl = configurationUtils.validateUrl(SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_URL);
        if (validateUrl.getProtocol().toLowerCase(Locale.ROOT).equals("file")) {
            return new JwksFileVerificationKeyResolver(configurationUtils.validateFile(SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_URL));
        }
        long longValue = configurationUtils.validateLong(SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_REFRESH_MS, true, 0L).longValue();
        JaasOptionsUtils jaasOptionsUtils = new JaasOptionsUtils(map2);
        SSLSocketFactory sSLSocketFactory = null;
        if (jaasOptionsUtils.shouldCreateSSLSocketFactory(validateUrl)) {
            sSLSocketFactory = jaasOptionsUtils.createSSLSocketFactory();
        }
        HttpsJwks httpsJwks = new HttpsJwks(validateUrl.toString());
        httpsJwks.setDefaultCacheDuration(longValue);
        if (sSLSocketFactory != null) {
            Get get = new Get();
            get.setSslSocketFactory(sSLSocketFactory);
            httpsJwks.setSimpleHttpGet(get);
        }
        return new RefreshingHttpsJwksVerificationKeyResolver(new RefreshingHttpsJwks(Time.SYSTEM, httpsJwks, longValue, configurationUtils.validateLong(SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MS).longValue(), configurationUtils.validateLong(SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MAX_MS).longValue()));
    }
}
