package org.apereo.cas.support.oauth.web.response.accesstoken.response;

import com.nimbusds.jose.Header;
import com.nimbusds.jwt.JWTParser;
import java.text.ParseException;
import java.util.HashMap;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceCipherExecutor;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.DateTimeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/response/OAuth20JwtAccessTokenEncoder.class */
public class OAuth20JwtAccessTokenEncoder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth20JwtAccessTokenEncoder.class);
    private final JwtBuilder accessTokenJwtBuilder;
    private final OAuth20AccessToken accessToken;
    private final RegisteredService registeredService;
    private final Service service;

    @Generated
    /* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/response/OAuth20JwtAccessTokenEncoder$OAuth20JwtAccessTokenEncoderBuilder.class */
    public static class OAuth20JwtAccessTokenEncoderBuilder {

        @Generated
        private JwtBuilder accessTokenJwtBuilder;

        @Generated
        private OAuth20AccessToken accessToken;

        @Generated
        private RegisteredService registeredService;

        @Generated
        private Service service;

        @Generated
        OAuth20JwtAccessTokenEncoderBuilder() {
        }

        @Generated
        public OAuth20JwtAccessTokenEncoderBuilder accessTokenJwtBuilder(JwtBuilder jwtBuilder) {
            this.accessTokenJwtBuilder = jwtBuilder;
            return this;
        }

        @Generated
        public OAuth20JwtAccessTokenEncoderBuilder accessToken(OAuth20AccessToken oAuth20AccessToken) {
            this.accessToken = oAuth20AccessToken;
            return this;
        }

        @Generated
        public OAuth20JwtAccessTokenEncoderBuilder registeredService(RegisteredService registeredService) {
            this.registeredService = registeredService;
            return this;
        }

        @Generated
        public OAuth20JwtAccessTokenEncoderBuilder service(Service service) {
            this.service = service;
            return this;
        }

        @Generated
        public OAuth20JwtAccessTokenEncoder build() {
            return new OAuth20JwtAccessTokenEncoder(this.accessTokenJwtBuilder, this.accessToken, this.registeredService, this.service);
        }

        @Generated
        public String toString() {
            return "OAuth20JwtAccessTokenEncoder.OAuth20JwtAccessTokenEncoderBuilder(accessTokenJwtBuilder=" + this.accessTokenJwtBuilder + ", accessToken=" + this.accessToken + ", registeredService=" + this.registeredService + ", service=" + this.service + ")";
        }
    }

    public String encode() {
        OAuthRegisteredService oAuthRegisteredService = (OAuthRegisteredService) OAuthRegisteredService.class.cast(this.registeredService);
        if (oAuthRegisteredService == null || !oAuthRegisteredService.isJwtAccessToken()) {
            return this.accessToken.getId();
        }
        return this.accessTokenJwtBuilder.build(getJwtRequestBuilder(oAuthRegisteredService, this.accessToken));
    }

    public String decode(String str) {
        Object customParam;
        try {
            if (StringUtils.isBlank(str)) {
                LOGGER.warn("No access token is provided to decode");
                return null;
            }
            Header header = JWTParser.parse(str).getHeader();
            OAuthRegisteredService oAuthRegisteredService = this.registeredService;
            if (oAuthRegisteredService == null && (customParam = header.getCustomParam(RegisteredServiceCipherExecutor.CUSTOM_HEADER_REGISTERED_SERVICE_ID)) != null) {
                oAuthRegisteredService = (OAuthRegisteredService) this.accessTokenJwtBuilder.getServicesManager().findServiceBy(Long.parseLong(customParam.toString()), OAuthRegisteredService.class);
            }
            return this.accessTokenJwtBuilder.unpack(Optional.ofNullable(oAuthRegisteredService), str).getJWTID();
        } catch (ParseException e) {
            LOGGER.trace(e.getMessage(), e);
            return str;
        }
    }

    protected JwtBuilder.JwtRequest getJwtRequestBuilder(OAuthRegisteredService oAuthRegisteredService, OAuth20AccessToken oAuth20AccessToken) {
        Authentication authentication = oAuth20AccessToken.getAuthentication();
        HashMap hashMap = new HashMap(authentication.getAttributes());
        hashMap.putAll(authentication.getPrincipal().getAttributes());
        return JwtBuilder.JwtRequest.builder().serviceAudience(this.service.getId()).issueDate(DateTimeUtils.dateOf(authentication.getAuthenticationDate())).jwtId(oAuth20AccessToken.getId()).subject(authentication.getPrincipal().getId()).validUntilDate(DateTimeUtils.dateOf(authentication.getAuthenticationDate().plusSeconds(oAuth20AccessToken.getExpirationPolicy().getTimeToLive().longValue()))).attributes(hashMap).registeredService(oAuthRegisteredService).build();
    }

    @Generated
    OAuth20JwtAccessTokenEncoder(JwtBuilder jwtBuilder, OAuth20AccessToken oAuth20AccessToken, RegisteredService registeredService, Service service) {
        this.accessTokenJwtBuilder = jwtBuilder;
        this.accessToken = oAuth20AccessToken;
        this.registeredService = registeredService;
        this.service = service;
    }

    @Generated
    public static OAuth20JwtAccessTokenEncoderBuilder builder() {
        return new OAuth20JwtAccessTokenEncoderBuilder();
    }

    @Generated
    public JwtBuilder getAccessTokenJwtBuilder() {
        return this.accessTokenJwtBuilder;
    }

    @Generated
    public OAuth20AccessToken getAccessToken() {
        return this.accessToken;
    }

    @Generated
    public RegisteredService getRegisteredService() {
        return this.registeredService;
    }

    @Generated
    public Service getService() {
        return this.service;
    }
}
