package io.micronaut.security.token.jwt.signature.rsa;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import io.micronaut.context.exceptions.ConfigurationException;
import io.micronaut.security.token.jwt.endpoints.JwkProvider;
import io.micronaut.security.token.jwt.signature.SignatureGeneratorConfiguration;
import java.security.interfaces.RSAPrivateKey;
import javax.annotation.Nonnull;

/* loaded from: input_file:io/micronaut/security/token/jwt/signature/rsa/RSASignatureGenerator.class */
public class RSASignatureGenerator extends RSASignature implements SignatureGeneratorConfiguration {
    private RSAPrivateKey privateKey;
    private String keyId;

    public RSASignatureGenerator(RSASignatureGeneratorConfiguration rSASignatureGeneratorConfiguration) {
        super(rSASignatureGeneratorConfiguration);
        if (!supports(rSASignatureGeneratorConfiguration.getJwsAlgorithm())) {
            throw new ConfigurationException(supportedAlgorithmsMessage());
        }
        this.algorithm = rSASignatureGeneratorConfiguration.getJwsAlgorithm();
        this.privateKey = rSASignatureGeneratorConfiguration.getPrivateKey();
        if (rSASignatureGeneratorConfiguration instanceof JwkProvider) {
            ((JwkProvider) rSASignatureGeneratorConfiguration).retrieveJsonWebKeys().stream().map((v0) -> {
                return v0.getKeyID();
            }).findFirst().ifPresent(str -> {
                this.keyId = str;
            });
        }
    }

    @Override // io.micronaut.security.token.jwt.signature.SignatureGeneratorConfiguration
    public SignedJWT sign(JWTClaimsSet jWTClaimsSet) throws JOSEException {
        return signWithPrivateKey(jWTClaimsSet, this.privateKey);
    }

    protected SignedJWT signWithPrivateKey(JWTClaimsSet jWTClaimsSet, @Nonnull RSAPrivateKey rSAPrivateKey) throws JOSEException {
        RSASSASigner rSASSASigner = new RSASSASigner(rSAPrivateKey);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(this.algorithm).keyID(this.keyId).build(), jWTClaimsSet);
        signedJWT.sign(rSASSASigner);
        return signedJWT;
    }
}
