package no.difi.meldingsutveksling.dpi.client.internal;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import lombok.Generated;
import net.minidev.json.JSONObject;
import no.difi.move.common.cert.KeystoreHelper;
import no.difi.move.common.cert.X509CertificateHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/difi/meldingsutveksling/dpi/client/internal/CreateJWT.class */
public class CreateJWT {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CreateJWT.class);
    private final JWSHeader jwsHeader;
    private final JWSSigner jwsSigner;

    public CreateJWT(KeystoreHelper keystoreHelper) {
        this.jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).x509CertChain(getX509CertChain(keystoreHelper)).build();
        this.jwsSigner = new RSASSASigner(keystoreHelper.loadPrivateKey());
    }

    private List<Base64> getX509CertChain(KeystoreHelper keystoreHelper) {
        return Collections.singletonList(Base64.encode(X509CertificateHelper.getEncoded(keystoreHelper.getX509Certificate())));
    }

    public String createJWT(Map<String, Object> map) {
        JWSObject jwsObject = getJwsObject(map);
        sign(jwsObject);
        return jwsObject.serialize();
    }

    private void sign(JWSObject jWSObject) {
        try {
            jWSObject.sign(this.jwsSigner);
        } catch (JOSEException e) {
            throw new IllegalStateException("Signing failed!", e);
        }
    }

    private JWSObject getJwsObject(Map<String, Object> map) {
        return new JWSObject(this.jwsHeader, new Payload(new JSONObject(map)));
    }
}
