package org.apereo.cas.uma.ticket.rpt;

import java.nio.charset.StandardCharsets;
import java.util.Optional;
import java.util.Set;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.BaseTokenSigningAndEncryptionService;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.jwt.JsonWebTokenSigner;
import org.jooq.lambda.Unchecked;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwt.JwtClaims;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:org/apereo/cas/uma/ticket/rpt/UmaRequestingPartyTokenSigningService.class */
public class UmaRequestingPartyTokenSigningService extends BaseTokenSigningAndEncryptionService {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(UmaRequestingPartyTokenSigningService.class);
    private final PublicJsonWebKey jsonWebKeySigningKey;
    private final CasConfigurationProperties casProperties;

    public UmaRequestingPartyTokenSigningService(CasConfigurationProperties casConfigurationProperties) {
        Resource location = casConfigurationProperties.getAuthn().getOauth().getUma().getRequestingPartyToken().getJwksFile().getLocation();
        this.jsonWebKeySigningKey = (PublicJsonWebKey) FunctionUtils.doIf(ResourceUtils.doesResourceExist(location), Unchecked.supplier(() -> {
            return (RsaJsonWebKey) RsaJsonWebKey.class.cast(new JsonWebKeySet(IOUtils.toString(location.getInputStream(), StandardCharsets.UTF_8)).getJsonWebKeys().get(0));
        }), () -> {
            LOGGER.warn("JWKS file for UMA RPT tokens cannot be located. Tokens will not be signed");
            return null;
        }).get();
        this.casProperties = casConfigurationProperties;
    }

    public String encode(OAuthRegisteredService oAuthRegisteredService, JwtClaims jwtClaims) {
        LOGGER.debug("Generated claims to put into token are [{}]", jwtClaims.toJson());
        return signToken(oAuthRegisteredService, jwtClaims, this.jsonWebKeySigningKey);
    }

    public Set<String> getAllowedSigningAlgorithms(OAuthRegisteredService oAuthRegisteredService) {
        return JsonWebTokenSigner.ALGORITHM_ALL_EXCEPT_NONE;
    }

    public String resolveIssuer(Optional<OAuthRegisteredService> optional) {
        return this.casProperties.getAuthn().getOauth().getUma().getCore().getIssuer();
    }

    @Generated
    public PublicJsonWebKey getJsonWebKeySigningKey() {
        return this.jsonWebKeySigningKey;
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }
}
