package org.apereo.cas.uma.ticket.rpt;

import java.nio.charset.StandardCharsets;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.BaseIdTokenSigningAndEncryptionService;
import org.apereo.cas.util.ResourceUtils;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:org/apereo/cas/uma/ticket/rpt/UmaRequestingPartyTokenSigningService.class */
public class UmaRequestingPartyTokenSigningService extends BaseIdTokenSigningAndEncryptionService {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(UmaRequestingPartyTokenSigningService.class);
    private final RsaJsonWebKey jsonWebKey;

    public UmaRequestingPartyTokenSigningService(Resource resource, String str) {
        super(str);
        if (ResourceUtils.doesResourceExist(resource)) {
            JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8));
            if (jsonWebKeySet.getJsonWebKeys().isEmpty()) {
                throw new IllegalArgumentException("No JSON web keys are found in the JWKS keystore " + resource);
            }
            this.jsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.class.cast(jsonWebKeySet.getJsonWebKeys().get(0));
        } else {
            LOGGER.warn("JWKS file for UMA RPT tokens is undefined or cannot be located. Tokens will not be signed");
            this.jsonWebKey = null;
        }
    }

    public String encode(OAuthRegisteredService oAuthRegisteredService, JwtClaims jwtClaims) {
        LOGGER.debug("Generated claims to put into token are [{}]", jwtClaims.toJson());
        JsonWebSignature createJsonWebSignature = createJsonWebSignature(jwtClaims);
        if (this.jsonWebKey != null) {
            configureJsonWebSignatureForIdTokenSigning(oAuthRegisteredService, createJsonWebSignature, this.jsonWebKey);
        }
        return createJsonWebSignature.getCompactSerialization();
    }

    protected PublicJsonWebKey getSigningKey() {
        return this.jsonWebKey;
    }
}
