package org.apereo.cas.shell.commands.jwt;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import lombok.Generated;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.hjson.JsonValue;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.shell.standard.ShellCommandGroup;
import org.springframework.shell.standard.ShellComponent;
import org.springframework.shell.standard.ShellMethod;
import org.springframework.shell.standard.ShellOption;

@ShellCommandGroup("JWT")
@ShellComponent
/* loaded from: input_file:org/apereo/cas/shell/commands/jwt/GenerateFullJwtCommand.class */
public class GenerateFullJwtCommand {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(GenerateFullJwtCommand.class);
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(false).build().toObjectMapper();

    @ShellMethod(key = {"generate-full-jwt"}, value = "Generate JWT and sign it using a given keystore")
    public String generateKey(@ShellOption(value = {"jwks", "--jwks"}, defaultValue = "", help = "Path to the JWKS file used to sign the token") String str, @ShellOption(value = {"iss", "--iss"}, defaultValue = "https://localhost:8443/cas/oidc", help = "Issuer") String str2, @ShellOption(value = {"claims", "--claims"}, defaultValue = "{}", help = "JWT claims as JSON") String str3, @ShellOption(value = {"aud", "--aud"}, defaultValue = "CAS", help = "Audience") String str4, @ShellOption(value = {"exp", "--exp"}, defaultValue = "300", help = "Expiration in seconds") String str5, @ShellOption(value = {"sub", "--sub"}, help = "Subject") String str6) throws Exception {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setJwtId(RandomUtils.randomAlphanumeric(8));
        jwtClaims.setIssuer(str2);
        jwtClaims.setAudience(str4);
        if (NumberUtils.isParsable(str5)) {
            long parseLong = Long.parseLong(str5);
            if (parseLong > 0) {
                NumericDate now = NumericDate.now();
                now.addSeconds(parseLong);
                jwtClaims.setExpirationTime(now);
            }
        } else {
            jwtClaims.setExpirationTime(NumericDate.fromMilliseconds(Beans.newDuration(str5).toSeconds()));
        }
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setNotBeforeMinutesInThePast(1.0f);
        jwtClaims.setSubject(str6);
        ((Map) MAPPER.readValue(JsonValue.readHjson(str3).toString(), Map.class)).forEach((obj, obj2) -> {
            jwtClaims.setClaim(obj.toString(), obj2);
        });
        if (!StringUtils.isNotBlank(str)) {
            String serialize = new PlainJWT(JWTClaimsSet.parse(jwtClaims.getClaimsMap())).serialize();
            LOGGER.info("Producing plain JWT:\n{}\n", serialize);
            return serialize;
        }
        JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(FileUtils.readFileToString(new File(str), StandardCharsets.UTF_8));
        String str7 = new String(EncodingUtils.signJwsRSASha512(((PublicJsonWebKey) jsonWebKeySet.getJsonWebKeys().stream().filter(jsonWebKey -> {
            return StringUtils.equalsIgnoreCase(jsonWebKey.getUse(), "signing");
        }).findFirst().orElseGet(() -> {
            return (JsonWebKey) jsonWebKeySet.getJsonWebKeys().getFirst();
        })).getPrivateKey(), jwtClaims.toJson().getBytes(StandardCharsets.UTF_8), Map.of()), StandardCharsets.UTF_8);
        LOGGER.info("Producing signed JWT:\n{}\n", str7);
        return str7;
    }
}
