package be.atbash.ee.security.sso.server.endpoint.helper;

import be.atbash.ee.security.octopus.config.exception.ConfigurationException;
import be.atbash.ee.security.octopus.subject.UserPrincipal;
import be.atbash.ee.security.octopus.util.TimeUtil;
import be.atbash.ee.security.octopus.util.URLUtil;
import be.atbash.ee.security.sso.server.client.ClientInfo;
import be.atbash.ee.security.sso.server.client.ClientInfoRetriever;
import be.atbash.ee.security.sso.server.config.OctopusSSOServerConfiguration;
import be.atbash.util.exception.AtbashUnexpectedException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.Audience;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import java.util.Date;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;

@ApplicationScoped
/* loaded from: input_file:be/atbash/ee/security/sso/server/endpoint/helper/OIDCTokenHelper.class */
public class OIDCTokenHelper {

    @Inject
    private OctopusSSOServerConfiguration ssoServerConfiguration;

    @Inject
    private URLUtil urlUtil;

    @Inject
    private TimeUtil timeUtil;

    @Inject
    private ClientInfoRetriever clientInfoRetriever;

    public IDTokenClaimsSet defineIDToken(HttpServletRequest httpServletRequest, UserPrincipal userPrincipal, ClientID clientID) {
        return defineIDToken(httpServletRequest, userPrincipal, clientID, null);
    }

    public IDTokenClaimsSet defineIDToken(HttpServletRequest httpServletRequest, UserPrincipal userPrincipal, ClientID clientID, AuthenticationRequest authenticationRequest) {
        Issuer issuer = new Issuer(this.urlUtil.determineRoot(httpServletRequest));
        Subject subject = new Subject(userPrincipal.getName());
        List singleAudienceList = new Audience(clientID.getValue()).toSingleAudienceList();
        Date date = new Date();
        IDTokenClaimsSet iDTokenClaimsSet = new IDTokenClaimsSet(issuer, subject, singleAudienceList, this.timeUtil.addSecondsToDate(this.ssoServerConfiguration.getSSOAccessTokenTimeToLive(), date), date);
        if (authenticationRequest != null) {
            iDTokenClaimsSet.setNonce(authenticationRequest.getNonce());
        }
        return iDTokenClaimsSet;
    }

    public SignedJWT signIdToken(ClientID clientID, IDTokenClaimsSet iDTokenClaimsSet) {
        try {
            ClientInfo retrieveInfo = this.clientInfoRetriever.retrieveInfo(clientID.getValue());
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), iDTokenClaimsSet.toJWTClaimsSet());
            signedJWT.sign(new MACSigner(retrieveInfo.getIdTokenSecret()));
            return signedJWT;
        } catch (ParseException | JOSEException e) {
            throw new AtbashUnexpectedException(e);
        } catch (KeyLengthException e2) {
            throw new ConfigurationException(e2.getMessage());
        }
    }
}
