package org.apereo.cas.uma.ticket.rpt;

import java.util.ArrayList;
import java.util.UUID;
import lombok.Generated;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.BaseIdTokenGeneratorService;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.uma.UmaConfigurationContext;
import org.apereo.cas.uma.ticket.permission.UmaPermissionTicket;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;

/* loaded from: input_file:org/apereo/cas/uma/ticket/rpt/UmaIdTokenGeneratorService.class */
public class UmaIdTokenGeneratorService extends BaseIdTokenGeneratorService<UmaConfigurationContext> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(UmaIdTokenGeneratorService.class);

    public UmaIdTokenGeneratorService(ObjectProvider<UmaConfigurationContext> objectProvider) {
        super(objectProvider);
    }

    public String generate(OAuth20AccessToken oAuth20AccessToken, UserProfile userProfile, OAuth20ResponseTypes oAuth20ResponseTypes, OAuth20GrantTypes oAuth20GrantTypes, OAuthRegisteredService oAuthRegisteredService) throws Exception {
        long seconds = Beans.newDuration(((UmaConfigurationContext) getConfigurationContext()).getCasProperties().getAuthn().getOauth().getUma().getRequestingPartyToken().getMaxTimeToLiveInSeconds()).getSeconds();
        LOGGER.debug("Attempting to produce claims for the RPT access token [{}]", oAuth20AccessToken);
        return encodeAndFinalizeToken(buildJwtClaims(oAuth20AccessToken, seconds, userProfile, oAuthRegisteredService, oAuth20ResponseTypes), oAuthRegisteredService, oAuth20AccessToken);
    }

    protected JwtClaims buildJwtClaims(OAuth20AccessToken oAuth20AccessToken, long j, UserProfile userProfile, OAuthRegisteredService oAuthRegisteredService, OAuth20ResponseTypes oAuth20ResponseTypes) {
        UmaPermissionTicket umaPermissionTicket = (UmaPermissionTicket) userProfile.getAttribute(UmaPermissionTicket.class.getName());
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setJwtId(UUID.randomUUID().toString());
        jwtClaims.setIssuer(((UmaConfigurationContext) getConfigurationContext()).getCasProperties().getAuthn().getOauth().getUma().getCore().getIssuer());
        jwtClaims.setAudience(String.valueOf(umaPermissionTicket.getResourceSet().getId()));
        NumericDate now = NumericDate.now();
        now.addSeconds(j);
        jwtClaims.setExpirationTime(now);
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setSubject(userProfile.getId());
        umaPermissionTicket.getClaims().forEach((str, obj) -> {
            jwtClaims.setStringListClaim(str, new String[]{obj.toString()});
        });
        jwtClaims.setStringListClaim("scope", new ArrayList(umaPermissionTicket.getScopes()));
        jwtClaims.setStringListClaim("client_id", new String[]{oAuthRegisteredService.getClientId()});
        return jwtClaims;
    }
}
