package com.atlassian.plugins.authentication.sso.web.oidc;

import com.atlassian.plugins.authentication.api.config.oidc.OidcConfig;
import com.nimbusds.oauth2.sdk.GeneralException;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/oidc/OidcDiscoverySupport.class */
public class OidcDiscoverySupport {
    private static final Logger log = LoggerFactory.getLogger(OidcDiscoverySupport.class);
    private final OidcTimeouts oidcTimeouts;

    @Inject
    public OidcDiscoverySupport(OidcTimeouts oidcTimeouts) {
        this.oidcTimeouts = oidcTimeouts;
    }

    public OidcConfig refresh(OidcConfig oidcConfig) throws OidcDiscoveryException {
        try {
            OIDCProviderMetadata fetch = fetch(oidcConfig.getIssuer());
            log.debug("Fetched configuration from [{}] using discovery.", oidcConfig.getIssuer());
            OidcConfig build = oidcConfig.toBuilder().setAuthorizationEndpoint(fetch.getAuthorizationEndpointURI().toString()).setTokenEndpoint(fetch.getTokenEndpointURI().toString()).setUserInfoEndpoint(fetch.getUserInfoEndpointURI().toString()).build();
            log.debug("Fetched configuration from [{}] using discovery: {}", oidcConfig.getIssuer(), build);
            return build;
        } catch (GeneralException | IOException e) {
            String stripEnd = StringUtils.stripEnd(oidcConfig.getIssuer(), "/");
            if (stripEnd.equals(oidcConfig.getIssuer())) {
                throw new OidcDiscoveryException(e);
            }
            return refresh(oidcConfig.toBuilder().setIssuer(stripEnd).build());
        }
    }

    protected OIDCProviderMetadata fetch(String str) throws IOException, GeneralException {
        return OIDCProviderMetadata.resolve(new Issuer(str), this.oidcTimeouts.getConnectTimeoutInMillis(), this.oidcTimeouts.getReadTimeoutInMillis());
    }
}
