package net.leanix.dropkit.oauth.token;

import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.Key;
import java.util.Date;

/* loaded from: input_file:net/leanix/dropkit/oauth/token/OAuth2TokenCreator.class */
public class OAuth2TokenCreator {
    private static int DEFAULT_REFRESH_DURATION = 28800;
    OAuth2TokenConfig config;
    Key key;

    public OAuth2TokenCreator(OAuth2TokenConfig oAuth2TokenConfig) throws Exception {
        this.config = oAuth2TokenConfig;
        this.key = oAuth2TokenConfig.getSigningKey();
    }

    public String create(OAuth2Token oAuth2Token) throws Exception {
        if (oAuth2Token.getExpiration() == null) {
            throw new Exception("Expiration must not be null when creating new oauth2 token");
        }
        JwtBuilder expiration = Jwts.builder().setSubject(oAuth2Token.getPrincipal().getUsername()).claim("principal", oAuth2Token.getPrincipal()).setExpiration(oAuth2Token.getExpiration());
        if (oAuth2Token.getRefreshToken() != null) {
            expiration.claim("refresh_token", oAuth2Token.getRefreshToken());
            if (oAuth2Token.getRefreshExpiration() != null) {
                expiration.claim("refresh_exp", oAuth2Token.getRefreshExpiration());
            } else {
                expiration.claim("refresh_exp", new Date((oAuth2Token.getExpiration().getTime() / 1000) + DEFAULT_REFRESH_DURATION));
            }
        }
        return expiration.signWith(SignatureAlgorithm.RS256, this.key).compact();
    }
}
