package dev.sigstore.oidc.client;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.util.Key;
import dev.sigstore.http.HttpClients;
import dev.sigstore.http.HttpParams;
import dev.sigstore.http.ImmutableHttpParams;
import io.grpc.Internal;
import java.io.IOException;

/* loaded from: input_file:dev/sigstore/oidc/client/GithubActionsOidcClient.class */
public class GithubActionsOidcClient implements OidcClient {
    private static final String REQUEST_TOKEN_KEY = "ACTIONS_ID_TOKEN_REQUEST_TOKEN";
    private static final String REQUEST_URL_KEY = "ACTIONS_ID_TOKEN_REQUEST_URL";
    private static final String DEFAULT_AUDIENCE = "sigstore";
    private final String audience;
    private final HttpParams httpParams;

    /* loaded from: input_file:dev/sigstore/oidc/client/GithubActionsOidcClient$Builder.class */
    public static class Builder {
        private HttpParams httpParams = ImmutableHttpParams.builder().build();
        private String audience = GithubActionsOidcClient.DEFAULT_AUDIENCE;

        private Builder() {
        }

        public Builder audience(String str) {
            this.audience = str;
            return this;
        }

        public Builder httpParams(HttpParams httpParams) {
            this.httpParams = httpParams;
            return this;
        }

        public GithubActionsOidcClient build() {
            return new GithubActionsOidcClient(this.httpParams, this.audience);
        }
    }

    @Internal
    /* loaded from: input_file:dev/sigstore/oidc/client/GithubActionsOidcClient$GithubOidcJsonResponse.class */
    public static class GithubOidcJsonResponse extends GenericJson {

        @Key("value")
        private String value;

        String getValue() {
            return this.value;
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    private GithubActionsOidcClient(HttpParams httpParams, String str) {
        this.audience = str;
        this.httpParams = httpParams;
    }

    @Override // dev.sigstore.oidc.client.OidcClient
    public OidcToken getIDToken() throws OidcException {
        String str = System.getenv(REQUEST_TOKEN_KEY);
        String str2 = System.getenv(REQUEST_URL_KEY);
        if (str == null) {
            throw new OidcException("Could not get github actions environment variable 'ACTIONS_ID_TOKEN_REQUEST_TOKEN'");
        }
        if (str2 == null) {
            throw new OidcException("Could not get github actions environment variable 'ACTIONS_ID_TOKEN_REQUEST_URL'");
        }
        try {
            HttpRequest buildGetRequest = HttpClients.newHttpTransport(this.httpParams).createRequestFactory(httpRequest -> {
                httpRequest.setParser(new GsonFactory().createJsonObjectParser());
            }).buildGetRequest(new GenericUrl(str2 + "&audience=" + this.audience));
            buildGetRequest.getHeaders().setAuthorization("Bearer " + str);
            buildGetRequest.getHeaders().setAccept("application/json; api-version=2.0");
            buildGetRequest.getHeaders().setContentType("application/json");
            String value = ((GithubOidcJsonResponse) buildGetRequest.execute().parseAs(GithubOidcJsonResponse.class)).getValue();
            return ImmutableOidcToken.builder().idToken(value).subjectAlternativeName(JsonWebSignature.parse(new GsonFactory(), value).getPayload().getSubject()).build();
        } catch (IOException e) {
            throw new OidcException("Could not obtain github actions oidc token", e);
        }
    }
}
