package org.adorsys.jtstamp.service;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.net.URI;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.adorsys.jjwk.keystore.JwkExport;
import org.adorsys.jjwk.selector.JWSSignerAndAlgorithm;
import org.adorsys.jjwk.selector.JWSSignerAndAlgorithmBuilder;
import org.adorsys.jtstamp.exception.TsMissingFieldException;
import org.adorsys.jtstamp.exception.TsSignatureException;
import org.adorsys.jtstamp.model.TsData;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/adorsys/jtstamp/service/TsService.class */
public class TsService {
    public static final String FIELD_OID = "oid";
    public static final String FIELD_HALG = "halg";
    public static final String FIELD_HVAL = "hval";
    public static final String JOSE_OBJECT_TYPE_STAMP = "STAMP";
    private final JWKSet serverKeys;

    public TsService(JWKSet jWKSet) {
        this.serverKeys = jWKSet;
    }

    public String stamp(TsData tsData, String str) throws TsMissingFieldException, TsSignatureException {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        if (StringUtils.isNotBlank(tsData.getSub())) {
            builder.subject(tsData.getSub());
        }
        if (StringUtils.isNotBlank(tsData.getOid())) {
            builder.claim(FIELD_OID, tsData.getOid());
        }
        if (StringUtils.isBlank(tsData.getHalg())) {
            throw new TsMissingFieldException(FIELD_HALG);
        }
        builder.claim(FIELD_HALG, tsData.getHalg());
        if (StringUtils.isBlank(tsData.getHval())) {
            throw new TsMissingFieldException(FIELD_HVAL);
        }
        builder.claim(FIELD_HVAL, tsData.getHval());
        builder.issueTime(new Date());
        if (tsData.isInclIss()) {
            builder.issuer(str);
        }
        JWTClaimsSet build = builder.build();
        JOSEObjectType jOSEObjectType = new JOSEObjectType(JOSE_OBJECT_TYPE_STAMP);
        JWK randomKey = JwkExport.randomKey(JwkExport.selectKeypairs(this.serverKeys));
        JWSSignerAndAlgorithm build2 = JWSSignerAndAlgorithmBuilder.build(randomKey);
        SignedJWT signedJWT = new SignedJWT(tsData.isInclKid() ? new JWSHeader(build2.getJwsAlgorithm(), jOSEObjectType, (String) null, (Set) null, (URI) null, (JWK) null, (URI) null, (Base64URL) null, (Base64URL) null, (List) null, randomKey.getKeyID(), (Map) null, (Base64URL) null) : new JWSHeader(build2.getJwsAlgorithm(), jOSEObjectType, (String) null, (Set) null, (URI) null, (JWK) null, (URI) null, (Base64URL) null, (Base64URL) null, (List) null, (String) null, (Map) null, (Base64URL) null), build);
        try {
            signedJWT.sign(build2.getSigner());
            return signedJWT.serialize();
        } catch (JOSEException e) {
            throw new TsSignatureException(e);
        }
    }
}
