package org.apereo.cas.uma.ticket.rpt;

import java.util.ArrayList;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.BaseIdTokenGeneratorService;
import org.apereo.cas.ticket.IdTokenSigningAndEncryptionService;
import org.apereo.cas.ticket.accesstoken.AccessToken;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.uma.ticket.permission.UmaPermissionTicket;
import org.apereo.cas.util.Pac4jUtils;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/uma/ticket/rpt/UmaIdTokenGeneratorService.class */
public class UmaIdTokenGeneratorService extends BaseIdTokenGeneratorService {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(UmaIdTokenGeneratorService.class);

    public UmaIdTokenGeneratorService(CasConfigurationProperties casConfigurationProperties, IdTokenSigningAndEncryptionService idTokenSigningAndEncryptionService, ServicesManager servicesManager, TicketRegistry ticketRegistry) {
        super(casConfigurationProperties, idTokenSigningAndEncryptionService, servicesManager, ticketRegistry);
    }

    public String generate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessToken accessToken, long j, OAuth20ResponseTypes oAuth20ResponseTypes, OAuthRegisteredService oAuthRegisteredService) {
        J2EContext pac4jJ2EContext = Pac4jUtils.getPac4jJ2EContext(httpServletRequest, httpServletResponse);
        LOGGER.debug("Attempting to produce claims for the rpt access token [{}]", accessToken);
        return encodeAndFinalizeToken(buildJwtClaims(httpServletRequest, accessToken, j, oAuthRegisteredService, getAuthenticatedProfile(httpServletRequest, httpServletResponse), pac4jJ2EContext, oAuth20ResponseTypes), oAuthRegisteredService, accessToken);
    }

    protected JwtClaims buildJwtClaims(HttpServletRequest httpServletRequest, AccessToken accessToken, long j, OAuthRegisteredService oAuthRegisteredService, UserProfile userProfile, J2EContext j2EContext, OAuth20ResponseTypes oAuth20ResponseTypes) {
        UmaPermissionTicket umaPermissionTicket = (UmaPermissionTicket) httpServletRequest.getAttribute(UmaPermissionTicket.class.getName());
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setJwtId(UUID.randomUUID().toString());
        jwtClaims.setIssuer(this.casProperties.getAuthn().getUma().getIssuer());
        jwtClaims.setAudience(String.valueOf(umaPermissionTicket.getResourceSet().getId()));
        NumericDate now = NumericDate.now();
        now.addSeconds(j);
        jwtClaims.setExpirationTime(now);
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setSubject(userProfile.getId());
        umaPermissionTicket.getClaims().forEach((str, obj) -> {
            jwtClaims.setStringListClaim(str, new String[]{obj.toString()});
        });
        jwtClaims.setStringListClaim("scope", new ArrayList(umaPermissionTicket.getScopes()));
        jwtClaims.setStringListClaim("client_id", new String[]{oAuthRegisteredService.getClientId()});
        return jwtClaims;
    }
}
