package com.atlassian.asap.service.core.impl;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.JwtBuilder;
import com.atlassian.asap.api.JwtClaims;
import com.atlassian.asap.api.client.http.AuthorizationHeaderGenerator;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.api.exception.InvalidTokenException;
import com.atlassian.asap.core.exception.MissingRequiredClaimException;
import com.atlassian.asap.service.api.AuthorizationBuilder;
import com.atlassian.asap.service.core.spi.AsapConfiguration;
import com.google.common.collect.ImmutableSet;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.json.JsonObject;

/* loaded from: input_file:com/atlassian/asap/service/core/impl/AuthorizationBuilderImpl.class */
public class AuthorizationBuilderImpl implements AuthorizationBuilder {
    private final AsapConfiguration config;
    private final AuthorizationHeaderGenerator authHeaderGenerator;
    private Optional<String> subject = Optional.empty();
    private Optional<Duration> expiration = Optional.empty();
    private Set<String> audience = ImmutableSet.of();
    private Optional<JsonObject> customClaims = Optional.empty();
    private Optional<Optional<Instant>> notBefore = Optional.empty();

    public AuthorizationBuilderImpl(AsapConfiguration asapConfiguration, AuthorizationHeaderGenerator authorizationHeaderGenerator) {
        this.config = (AsapConfiguration) Objects.requireNonNull(asapConfiguration, "config");
        this.authHeaderGenerator = (AuthorizationHeaderGenerator) Objects.requireNonNull(authorizationHeaderGenerator, "authHeaderGenerator");
    }

    public AuthorizationBuilder subject(Optional<String> optional) {
        this.subject = (Optional) Objects.requireNonNull(optional);
        return this;
    }

    public AuthorizationBuilder audience(Iterable<String> iterable) {
        this.audience = ImmutableSet.copyOf(iterable);
        return this;
    }

    public AuthorizationBuilder expiration(Optional<Duration> optional) {
        this.expiration = (Optional) Objects.requireNonNull(optional);
        return this;
    }

    public AuthorizationBuilder customClaims(Optional<JsonObject> optional) {
        this.customClaims = (Optional) Objects.requireNonNull(optional);
        return this;
    }

    public AuthorizationBuilder notBefore(Optional<Instant> optional) {
        this.notBefore = Optional.of((Optional) Objects.requireNonNull(optional));
        return this;
    }

    public String build() throws InvalidTokenException, CannotRetrieveKeyException {
        return this.authHeaderGenerator.generateAuthorizationHeader(buildJwt());
    }

    private Jwt buildJwt() throws InvalidTokenException {
        if (this.audience.isEmpty()) {
            throw new MissingRequiredClaimException(JwtClaims.RegisteredClaim.AUDIENCE);
        }
        Instant now = Instant.now();
        JwtBuilder audience = JwtBuilder.newJwt().issuer(this.config.issuer()).keyId(this.config.keyId()).subject(this.subject).issuedAt(now).audience(this.audience);
        this.expiration.ifPresent(duration -> {
            audience.expirationTime(now.plus((TemporalAmount) duration));
        });
        Optional<JsonObject> optional = this.customClaims;
        Objects.requireNonNull(audience);
        optional.ifPresent(audience::customClaims);
        Optional<Optional<Instant>> optional2 = this.notBefore;
        Objects.requireNonNull(audience);
        optional2.ifPresent(audience::notBefore);
        return audience.build();
    }
}
