package org.mitre.openid.connect.token;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.util.Date;
import java.util.UUID;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/classes/org/mitre/openid/connect/token/ConnectTokenEnhancer.class */
public class ConnectTokenEnhancer implements TokenEnhancer {
    Logger logger = LoggerFactory.getLogger(ConnectTokenEnhancer.class);

    @Autowired
    private ConfigurationPropertiesBean configBean;

    @Autowired
    private JwtSigningAndValidationService jwtService;

    @Autowired
    private ClientDetailsEntityService clientService;

    @Override // org.springframework.security.oauth2.provider.token.TokenEnhancer
    public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
        OAuth2AccessTokenEntity oAuth2AccessTokenEntity = (OAuth2AccessTokenEntity) oAuth2AccessToken;
        String clientId = oAuth2Authentication.getAuthorizationRequest().getClientId();
        ClientDetailsEntity loadClientByClientId = this.clientService.loadClientByClientId(clientId);
        JWTClaimsSet jWTClaimsSet = new JWTClaimsSet();
        jWTClaimsSet.setAudience(Lists.newArrayList(clientId));
        jWTClaimsSet.setIssuer(this.configBean.getIssuer());
        jWTClaimsSet.setIssueTime(new Date());
        jWTClaimsSet.setExpirationTime(oAuth2AccessTokenEntity.getExpiration());
        jWTClaimsSet.setJWTID(UUID.randomUUID().toString());
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(this.jwtService.getDefaultSigningAlgorithm()), jWTClaimsSet);
        this.jwtService.signJwt(signedJWT);
        oAuth2AccessTokenEntity.setJwt(signedJWT);
        if (oAuth2Authentication.getAuthorizationRequest().getScope().contains("openid")) {
            String name = oAuth2Authentication.getName();
            OAuth2AccessTokenEntity oAuth2AccessTokenEntity2 = new OAuth2AccessTokenEntity();
            JWTClaimsSet jWTClaimsSet2 = new JWTClaimsSet();
            jWTClaimsSet2.setCustomClaim("auth_time", Long.valueOf(new Date().getTime()));
            jWTClaimsSet2.setIssueTime(new Date());
            if (loadClientByClientId.getIdTokenValiditySeconds() != null) {
                Date date = new Date(System.currentTimeMillis() + (loadClientByClientId.getIdTokenValiditySeconds().intValue() * 1000));
                jWTClaimsSet2.setExpirationTime(date);
                oAuth2AccessTokenEntity2.setExpiration(date);
            }
            jWTClaimsSet2.setIssuer(this.configBean.getIssuer());
            jWTClaimsSet2.setSubject(name);
            jWTClaimsSet2.setAudience(Lists.newArrayList(clientId));
            String str = oAuth2Authentication.getAuthorizationRequest().getAuthorizationParameters().get("nonce");
            if (!Strings.isNullOrEmpty(str)) {
                jWTClaimsSet2.setCustomClaim("nonce", str);
            }
            SignedJWT signedJWT2 = new SignedJWT(new JWSHeader(this.jwtService.getDefaultSigningAlgorithm()), jWTClaimsSet2);
            this.jwtService.signJwt(signedJWT2);
            oAuth2AccessTokenEntity2.setJwt(signedJWT2);
            oAuth2AccessTokenEntity2.setAuthenticationHolder(oAuth2AccessTokenEntity.getAuthenticationHolder());
            oAuth2AccessTokenEntity2.setScope(Sets.newHashSet(OAuth2AccessTokenEntity.ID_TOKEN_SCOPE));
            oAuth2AccessTokenEntity2.setClient(oAuth2AccessTokenEntity.getClient());
            oAuth2AccessTokenEntity.setIdToken(oAuth2AccessTokenEntity2);
        }
        return oAuth2AccessTokenEntity;
    }

    public ConfigurationPropertiesBean getConfigBean() {
        return this.configBean;
    }

    public void setConfigBean(ConfigurationPropertiesBean configurationPropertiesBean) {
        this.configBean = configurationPropertiesBean;
    }

    public JwtSigningAndValidationService getJwtService() {
        return this.jwtService;
    }

    public void setJwtService(JwtSigningAndValidationService jwtSigningAndValidationService) {
        this.jwtService = jwtSigningAndValidationService;
    }

    public ClientDetailsEntityService getClientService() {
        return this.clientService;
    }

    public void setClientService(ClientDetailsEntityService clientDetailsEntityService) {
        this.clientService = clientDetailsEntityService;
    }
}
