package org.apereo.cas.token;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.ProtocolAttributeEncoder;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/token/JwtTokenTicketBuilder.class */
public class JwtTokenTicketBuilder implements TokenTicketBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtTokenTicketBuilder.class);
    private final TicketValidator ticketValidator;
    private final ExpirationPolicyBuilder expirationPolicy;
    private final JwtBuilder jwtBuilder;
    private final ServicesManager servicesManager;
    private final CasConfigurationProperties casProperties;

    /* JADX WARN: Type inference failed for: r0v24, types: [org.apereo.cas.token.JwtBuilder$JwtRequest$JwtRequestBuilder] */
    @Override // org.apereo.cas.token.TokenTicketBuilder
    public String build(String str, WebApplicationService webApplicationService) {
        Assertion assertion = (Assertion) FunctionUtils.doUnchecked(() -> {
            return this.ticketValidator.validate(str, webApplicationService.getId());
        });
        Map convertAttributeValuesToMultiValuedObjects = CoreAuthenticationUtils.convertAttributeValuesToMultiValuedObjects(assertion.getAttributes());
        convertAttributeValuesToMultiValuedObjects.putAll(CoreAuthenticationUtils.convertAttributeValuesToMultiValuedObjects(assertion.getPrincipal().getAttributes()));
        LOGGER.trace("Assertion attributes received are [{}]", convertAttributeValuesToMultiValuedObjects);
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(webApplicationService);
        Map<String, List<Object>> decodeAttributes = ProtocolAttributeEncoder.decodeAttributes(convertAttributeValuesToMultiValuedObjects, findServiceBy, webApplicationService);
        LOGGER.debug("Final attributes decoded are [{}]", decodeAttributes);
        boolean z = assertion.getValidUntilDate() != null;
        Objects.requireNonNull(assertion);
        JwtBuilder.JwtRequest build = JwtBuilder.JwtRequest.builder().registeredService(Optional.ofNullable(findServiceBy)).serviceAudience(webApplicationService.getId()).issueDate(assertion.getAuthenticationDate()).jwtId(str).subject(assertion.getPrincipal().getName()).validUntilDate((Date) FunctionUtils.doIf(z, assertion::getValidUntilDate, () -> {
            return DateTimeUtils.dateOf(ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(getTimeToLive().longValue()));
        }).get()).attributes(decodeAttributes).issuer(this.casProperties.getServer().getPrefix()).build();
        LOGGER.debug("Building JWT using [{}]", build);
        return this.jwtBuilder.build(build);
    }

    /* JADX WARN: Type inference failed for: r0v12, types: [org.apereo.cas.token.JwtBuilder$JwtRequest$JwtRequestBuilder] */
    @Override // org.apereo.cas.token.TokenTicketBuilder
    public String build(TicketGrantingTicket ticketGrantingTicket, Map<String, List<Object>> map) {
        Authentication authentication = ticketGrantingTicket.getAuthentication();
        HashMap hashMap = new HashMap(authentication.getAttributes());
        hashMap.putAll(authentication.getPrincipal().getAttributes());
        hashMap.putAll(map);
        return this.jwtBuilder.build(JwtBuilder.JwtRequest.builder().serviceAudience(this.casProperties.getServer().getPrefix()).registeredService(Optional.empty()).issueDate(DateTimeUtils.dateOf(ticketGrantingTicket.getCreationTime())).jwtId(ticketGrantingTicket.getId()).subject(authentication.getPrincipal().getId()).validUntilDate(DateTimeUtils.dateOf(ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(getTimeToLive().longValue()))).attributes(hashMap).issuer(this.casProperties.getServer().getPrefix()).build());
    }

    protected Long getTimeToLive() {
        Long timeToLive = this.expirationPolicy.buildTicketExpirationPolicy().getTimeToLive();
        if (Long.MAX_VALUE == timeToLive.longValue()) {
            return 2147483647L;
        }
        return timeToLive;
    }

    @Generated
    public TicketValidator getTicketValidator() {
        return this.ticketValidator;
    }

    @Generated
    public ExpirationPolicyBuilder getExpirationPolicy() {
        return this.expirationPolicy;
    }

    @Generated
    public JwtBuilder getJwtBuilder() {
        return this.jwtBuilder;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public JwtTokenTicketBuilder(TicketValidator ticketValidator, ExpirationPolicyBuilder expirationPolicyBuilder, JwtBuilder jwtBuilder, ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties) {
        this.ticketValidator = ticketValidator;
        this.expirationPolicy = expirationPolicyBuilder;
        this.jwtBuilder = jwtBuilder;
        this.servicesManager = servicesManager;
        this.casProperties = casConfigurationProperties;
    }
}
