package com.bornium.security.oauth2openid.token;

import com.bornium.security.oauth2openid.server.endpoints.Parameters;
import java.time.Duration;
import java.util.Map;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwk.RsaJwkGenerator;
import org.jose4j.jwk.Use;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:lib/oauth2-openid-1.0.1.jar:com/bornium/security/oauth2openid/token/IdTokenProvider.class */
public class IdTokenProvider {
    private final RsaJsonWebKey rsaJsonWebKey;

    public IdTokenProvider() throws JoseException {
        this(generateKey());
    }

    private static RsaJsonWebKey generateKey() throws JoseException {
        RsaJsonWebKey generateJwk = RsaJwkGenerator.generateJwk(2048);
        generateJwk.setKeyId("k1");
        generateJwk.setAlgorithm(AlgorithmIdentifiers.RSA_USING_SHA256);
        generateJwk.setUse(Use.SIGNATURE);
        return generateJwk;
    }

    public IdTokenProvider(RsaJsonWebKey rsaJsonWebKey) throws JoseException {
        this.rsaJsonWebKey = rsaJsonWebKey;
    }

    public String getJwk() {
        return "{\"keys\": [ " + this.rsaJsonWebKey.toJson() + "]}";
    }

    public String createIdToken(String str, String str2, String str3, Duration duration, String str4, String str5, Map<String, Object> map) throws JoseException {
        return createIdToken(createClaims(str, str2, str3, duration, str4, str5, map));
    }

    public String createIdTokenNoNullClaims(String str, String str2, String str3, Duration duration, String str4, String str5, Map<String, Object> map) throws JoseException {
        return createIdToken(createClaimsNoNulls(str, str2, str3, duration, str4, str5, map));
    }

    public String createIdToken(JwtClaims jwtClaims) throws JoseException {
        return signJwt(jwtClaims).getCompactSerialization();
    }

    public JwtClaims createJwtClaims(Duration duration, Map<String, Object> map) {
        JwtClaims jwtClaims = new JwtClaims();
        NumericDate now = NumericDate.now();
        now.addSeconds(duration.getSeconds());
        jwtClaims.setExpirationTime(now);
        for (String str : map.keySet()) {
            jwtClaims.setClaim(str, map.get(str));
        }
        return jwtClaims;
    }

    public JsonWebSignature signJwt(JwtClaims jwtClaims) {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        jsonWebSignature.setKey(this.rsaJsonWebKey.getPrivateKey());
        jsonWebSignature.setKeyIdHeaderValue(this.rsaJsonWebKey.getKeyId());
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        return jsonWebSignature;
    }

    public String toString(JsonWebSignature jsonWebSignature) throws JoseException {
        return jsonWebSignature.getCompactSerialization();
    }

    public String createSignedJwt(Duration duration, Map<String, Object> map) throws JoseException {
        return toString(signJwt(createJwtClaims(duration, map)));
    }

    private JwtClaims createClaims(String str, String str2, String str3, Duration duration, String str4, String str5, Map<String, Object> map) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(str);
        jwtClaims.setSubject(str2);
        jwtClaims.setAudience(str3);
        jwtClaims.setIssuedAtToNow();
        NumericDate now = NumericDate.now();
        now.addSeconds(duration.getSeconds());
        jwtClaims.setExpirationTime(now);
        jwtClaims.setNotBeforeMinutesInThePast(2.0f);
        map.put("nonce", str5);
        map.put("auth_time", str4);
        map.put("azp", str3);
        Map<String, Object> stripNullParams = Parameters.stripNullParams(map);
        for (String str6 : stripNullParams.keySet()) {
            jwtClaims.setClaim(str6, stripNullParams.get(str6));
        }
        return jwtClaims;
    }

    private JwtClaims createClaimsNoNulls(String str, String str2, String str3, Duration duration, String str4, String str5, Map<String, Object> map) {
        JwtClaims createClaims = createClaims(str, str2, str3, duration, str4, str5, map);
        createClaims.getClaimNames().stream().forEach(str6 -> {
            if (createClaims.getClaimValue(str6) == null) {
                createClaims.unsetClaim(str6);
            }
        });
        return createClaims;
    }

    public RsaJsonWebKey getRsaJsonWebKey() {
        return this.rsaJsonWebKey;
    }
}
