package de.adorsys.ledgers.um.impl.service;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import de.adorsys.ledgers.um.api.domain.AccessTokenBO;
import de.adorsys.ledgers.um.api.domain.AisConsentBO;
import de.adorsys.ledgers.um.api.domain.BearerTokenBO;
import de.adorsys.ledgers.um.api.domain.TokenUsageBO;
import de.adorsys.ledgers.um.db.domain.AccountAccess;
import de.adorsys.ledgers.um.db.domain.UserRole;
import de.adorsys.ledgers.util.Ids;
import de.adorsys.ledgers.util.exception.UserManagementErrorCode;
import de.adorsys.ledgers.util.exception.UserManagementModuleException;
import java.io.IOException;
import java.time.LocalDate;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import net.minidev.json.JSONStyle;
import net.minidev.json.JSONValue;
import net.minidev.json.reader.JsonWriterI;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:de/adorsys/ledgers/um/impl/service/BearerTokenService.class */
public class BearerTokenService {
    private static final String SCA_ID = "sca_id";
    private static final String AUTHORISATION_ID = "authorisation_id";
    private static final String ACCOUNT_ACCESSES = "account_accesses";
    private static final String CONSENT = "consent";
    private static final String USAGE = "token_usage";
    private static final String ROLE = "role";
    private static final String LOGIN = "login";
    private static final String ACT = "act";
    private static final String MISSING_ROLE = "Missing field for claim role";
    private static final String MISSING_LOGIN = "Missing field for claim login";
    private static final String MISSING_USAGE = "Missing field for claim token_usage";
    private final HashMacSecretSource secretSource;
    private final ObjectMapper objectMapper;

    public BearerTokenBO bearerToken(String str, String str2, List<AccountAccess> list, AisConsentBO aisConsentBO, UserRole userRole, String str3, String str4, Date date, Date date2, TokenUsageBO tokenUsageBO, Map<String, String> map) {
        JWTClaimsSet genJWT = genJWT(str, str2, list, aisConsentBO, userRole, str3, str4, date, date2, tokenUsageBO, map);
        return bearerToken(signJWT(genJWT), Long.valueOf((date2.getTime() - date.getTime()) / 1000).intValue(), toAccessTokenObject(genJWT));
    }

    private JWTClaimsSet genJWT(String str, String str2, List<AccountAccess> list, AisConsentBO aisConsentBO, UserRole userRole, String str3, String str4, Date date, Date date2, TokenUsageBO tokenUsageBO, Map<String, String> map) {
        JWTClaimsSet.Builder claim = new JWTClaimsSet.Builder().subject((String) Objects.requireNonNull(str, "Missing userId")).jwtID(Ids.id()).issueTime(date).expirationTime(date2).claim(LOGIN, Objects.requireNonNull(str2, MISSING_LOGIN)).claim(ROLE, Objects.requireNonNull(userRole, MISSING_ROLE)).claim(USAGE, ((TokenUsageBO) Objects.requireNonNull(tokenUsageBO, MISSING_USAGE)).name());
        if (list != null && !list.isEmpty()) {
            claim = claim.claim(ACCOUNT_ACCESSES, list);
        }
        if (StringUtils.isNotBlank(str3)) {
            claim = claim.claim(SCA_ID, str3);
        }
        if (StringUtils.isNotBlank(str4)) {
            claim = claim.claim(AUTHORISATION_ID, str4);
        }
        if (aisConsentBO != null) {
            claim = claim.claim(CONSENT, aisConsentBO);
        }
        if (map != null) {
            claim = claim.claim(ACT, map);
        }
        return claim.build();
    }

    private String signJWT(JWTClaimsSet jWTClaimsSet) {
        JWSHeader build = new JWSHeader.Builder(JWSAlgorithm.HS256).keyID(Ids.id()).build();
        JSONValue.registerWriter(LocalDate.class, new JsonWriterI<LocalDate>() { // from class: de.adorsys.ledgers.um.impl.service.BearerTokenService.1
            public void writeJSONString(LocalDate localDate, Appendable appendable, JSONStyle jSONStyle) throws IOException {
                if (localDate == null) {
                    appendable.append("null");
                } else {
                    appendable.append(BearerTokenService.this.objectMapper.writeValueAsString(localDate));
                }
            }
        });
        SignedJWT signedJWT = new SignedJWT(build, jWTClaimsSet);
        try {
            signedJWT.sign(new MACSigner(this.secretSource.getHmacSecret()));
            return signedJWT.serialize();
        } catch (JOSEException e) {
            throw UserManagementModuleException.builder().errorCode(UserManagementErrorCode.TOKEN_CREATION_ERROR).devMsg(String.format("Error signing user token %s", e)).build();
        }
    }

    public BearerTokenBO bearerToken(String str, int i, AccessTokenBO accessTokenBO) {
        BearerTokenBO bearerTokenBO = new BearerTokenBO();
        bearerTokenBO.setAccess_token(str);
        bearerTokenBO.setAccessTokenObject(accessTokenBO);
        bearerTokenBO.setExpires_in(i);
        return bearerTokenBO;
    }

    public int expiresIn(Date date, JWTClaimsSet jWTClaimsSet) {
        return Long.valueOf(jWTClaimsSet.getExpirationTime() == null ? -1L : (jWTClaimsSet.getExpirationTime().getTime() - date.getTime()) / 1000).intValue();
    }

    public AccessTokenBO toAccessTokenObject(JWTClaimsSet jWTClaimsSet) {
        return (AccessTokenBO) this.objectMapper.convertValue(jWTClaimsSet.toJSONObject(false), AccessTokenBO.class);
    }

    public BearerTokenService(HashMacSecretSource hashMacSecretSource, ObjectMapper objectMapper) {
        this.secretSource = hashMacSecretSource;
        this.objectMapper = objectMapper;
    }
}
