package pl.edu.icm.unity.oauth.as.token;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import java.util.Date;
import java.util.UUID;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;
import pl.edu.icm.unity.oauth.as.OAuthToken;
import pl.edu.icm.unity.oauth.as.TokenSigner;

/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/AccessTokenFactory.class */
public class AccessTokenFactory {
    static final String JWT_AT_MEDIA_TYPE = "application/at+jwt";
    private final OAuthASProperties.AccessTokenFormat configuredFormat;
    private final TokenSigner tokenSigner;

    public AccessTokenFactory(OAuthASProperties oAuthASProperties) {
        this(oAuthASProperties.getAccessTokenFormat(), oAuthASProperties.getTokenSigner());
    }

    public AccessTokenFactory(OAuthASProperties.AccessTokenFormat accessTokenFormat, TokenSigner tokenSigner) {
        this.configuredFormat = accessTokenFormat;
        this.tokenSigner = tokenSigner;
    }

    public AccessToken create(OAuthToken oAuthToken, Date date) throws OAuthErrorException {
        return this.configuredFormat == OAuthASProperties.AccessTokenFormat.JWT ? createJWTAccessToken(oAuthToken, date) : createPlainAccessToken(oAuthToken);
    }

    public AccessToken create(OAuthToken oAuthToken, Date date, String str) throws OAuthErrorException {
        return (this.configuredFormat == OAuthASProperties.AccessTokenFormat.AS_REQUESTED && jwtRequested(str)) ? createJWTAccessToken(oAuthToken, date) : create(oAuthToken, date);
    }

    private boolean jwtRequested(String str) {
        return JWT_AT_MEDIA_TYPE.equals(str);
    }

    private AccessToken createPlainAccessToken(OAuthToken oAuthToken) {
        return new BearerAccessToken(oAuthToken.getTokenValidity(), new Scope(oAuthToken.getEffectiveScope()));
    }

    private AccessToken createJWTAccessToken(OAuthToken oAuthToken, Date date) throws OAuthErrorException {
        Scope scope = new Scope(oAuthToken.getEffectiveScope());
        JWTClaimsSet build = new JWTClaimsSet.Builder().subject(oAuthToken.getSubject()).issueTime(date).issuer(oAuthToken.getIssuerUri()).audience(oAuthToken.getAudience()).expirationTime(new Date(date.getTime() + (oAuthToken.getTokenValidity() * 1000))).jwtID(UUID.randomUUID().toString()).claim(TokenInfoResource.SCOPE, scope.toString()).claim("client_id", oAuthToken.getClientUsername()).build();
        return new BearerJWTAccessToken(sign(build).serialize(), oAuthToken.getTokenValidity(), scope, build);
    }

    private SignedJWT sign(JWTClaimsSet jWTClaimsSet) throws OAuthErrorException {
        try {
            return this.tokenSigner.sign(jWTClaimsSet, "at+jwt");
        } catch (JOSEException e) {
            throw new OAuthErrorException(BaseTokenResource.makeError(OAuth2Error.SERVER_ERROR, "server configuration problem"));
        }
    }
}
