package org.pac4j.jwt.profile;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.util.Date;
import java.util.Map;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.jwt.JwtConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/jwt/profile/JwtGenerator.class */
public class JwtGenerator<U extends UserProfile> {
    public static final String INTERNAL_ROLES = "$int_roles";
    public static final String INTERNAL_PERMISSIONS = "$int_perms";
    protected final Logger logger;
    private String signingSecret;
    private String encryptionSecret;
    private JWSAlgorithm jwsAlgorithm;
    private JWEAlgorithm jweAlgorithm;
    private EncryptionMethod encryptionMethod;

    public JwtGenerator(String str) {
        this(str, true);
    }

    public JwtGenerator(String str, boolean z) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.jwsAlgorithm = JWSAlgorithm.HS256;
        this.jweAlgorithm = JWEAlgorithm.DIR;
        this.encryptionMethod = EncryptionMethod.A256GCM;
        this.signingSecret = str;
        if (z) {
            this.encryptionSecret = str;
        }
    }

    public JwtGenerator(String str, String str2) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.jwsAlgorithm = JWSAlgorithm.HS256;
        this.jweAlgorithm = JWEAlgorithm.DIR;
        this.encryptionMethod = EncryptionMethod.A256GCM;
        this.signingSecret = str;
        this.encryptionSecret = str2;
    }

    public String generate(U u) {
        CommonHelper.assertNotNull("profile", u);
        CommonHelper.assertNull("profile.sub", u.getAttribute(JwtConstants.SUBJECT));
        CommonHelper.assertNull("profile.iat", u.getAttribute(JwtConstants.ISSUE_TIME));
        CommonHelper.assertNull(INTERNAL_ROLES, u.getAttribute(INTERNAL_ROLES));
        CommonHelper.assertNull(INTERNAL_PERMISSIONS, u.getAttribute(INTERNAL_PERMISSIONS));
        CommonHelper.assertNotBlank("signingSecret", this.signingSecret);
        CommonHelper.assertNotNull("jwsAlgorithm", this.jwsAlgorithm);
        try {
            MACSigner mACSigner = new MACSigner(this.signingSecret);
            JWTClaimsSet.Builder issueTime = new JWTClaimsSet.Builder().subject(u.getTypedId()).issueTime(new Date());
            Map attributes = u.getAttributes();
            for (String str : attributes.keySet()) {
                issueTime.claim(str, attributes.get(str));
            }
            issueTime.claim(INTERNAL_ROLES, u.getRoles());
            issueTime.claim(INTERNAL_PERMISSIONS, u.getPermissions());
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(this.jwsAlgorithm), issueTime.build());
            signedJWT.sign(mACSigner);
            if (!CommonHelper.isNotBlank(this.encryptionSecret)) {
                return signedJWT.serialize();
            }
            CommonHelper.assertNotNull("jweAlgorithm", this.jweAlgorithm);
            CommonHelper.assertNotNull("encryptionMethod", this.encryptionMethod);
            JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(this.jweAlgorithm, this.encryptionMethod).contentType("JWT").build(), new Payload(signedJWT));
            jWEObject.encrypt(new DirectEncrypter(this.encryptionSecret.getBytes("UTF-8")));
            return jWEObject.serialize();
        } catch (Exception e) {
            throw new TechnicalException("Cannot generate JWT", e);
        }
    }

    public String getSigningSecret() {
        return this.signingSecret;
    }

    public void setSigningSecret(String str) {
        this.signingSecret = str;
    }

    public String getEncryptionSecret() {
        return this.encryptionSecret;
    }

    public void setEncryptionSecret(String str) {
        this.encryptionSecret = str;
    }

    public JWSAlgorithm getJwsAlgorithm() {
        return this.jwsAlgorithm;
    }

    public void setJwsAlgorithm(JWSAlgorithm jWSAlgorithm) {
        this.jwsAlgorithm = jWSAlgorithm;
    }

    public JWEAlgorithm getJweAlgorithm() {
        return this.jweAlgorithm;
    }

    public void setJweAlgorithm(JWEAlgorithm jWEAlgorithm) {
        this.jweAlgorithm = jWEAlgorithm;
    }

    public EncryptionMethod getEncryptionMethod() {
        return this.encryptionMethod;
    }

    public void setEncryptionMethod(EncryptionMethod encryptionMethod) {
        this.encryptionMethod = encryptionMethod;
    }
}
