package io.jans.as.server.service.session;

import com.mysql.cj.util.StringUtils;
import io.jans.as.common.claims.Audience;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.config.WebKeysConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.server.authorize.ws.rs.AuthzRequest;
import io.jans.as.server.model.token.JwtSigner;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.DiscoveryService;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.Calendar;
import java.util.Date;
import java.util.UUID;
import org.json.JSONObject;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/as/server/service/session/SessionJwtService.class */
public class SessionJwtService {

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private WebKeysConfiguration webKeysConfiguration;

    @Inject
    private ClientService clientService;

    @Inject
    private DiscoveryService discoveryService;

    @Inject
    private SessionStatusListIndexService sessionStatusListIndexService;

    public String createSessionJwt(AuthzRequest authzRequest, SessionId sessionId, Client client) {
        if (!this.appConfiguration.isFeatureEnabled(FeatureFlagType.SESSION_STATUS_LIST)) {
            this.log.debug("Skip Session JWT created because session_status_list feature flag is not enabled");
            return "";
        }
        try {
            Integer orGenerateSessionIndex = getOrGenerateSessionIndex(sessionId);
            SignatureAlgorithm fromString = SignatureAlgorithm.fromString(this.appConfiguration.getDefaultSignatureAlgorithm());
            String sessionJwtSignedResponseAlg = client.getAttributes().getSessionJwtSignedResponseAlg();
            if (StringUtils.isNullOrEmpty(sessionJwtSignedResponseAlg) && SignatureAlgorithm.fromString(sessionJwtSignedResponseAlg) != null) {
                fromString = SignatureAlgorithm.fromString(sessionJwtSignedResponseAlg);
            }
            Date date = new Date();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(date);
            calendar.add(13, this.appConfiguration.getSessionIdLifetime().intValue());
            JwtSigner jwtSigner = new JwtSigner(this.appConfiguration, this.webKeysConfiguration, fromString, client.getClientId(), this.clientService.decryptSecret(client.getClientSecret()));
            Jwt newJwt = jwtSigner.newJwt();
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("idx", orGenerateSessionIndex);
            jSONObject.put("uri", this.discoveryService.getSessionStatusListEndpoint());
            newJwt.getClaims().setExpirationTime(calendar.getTime());
            newJwt.getClaims().setIat(date);
            newJwt.getClaims().setNbf(date);
            newJwt.getClaims().setClaim("sid", sessionId.getOutsideSid());
            newJwt.getClaims().setClaim("jti", UUID.randomUUID().toString());
            newJwt.getClaims().setClaim("status_list", jSONObject);
            Audience.setAudience(newJwt.getClaims(), client);
            String jwt = jwtSigner.sign().toString();
            this.log.debug("Session JWT is successfully generated: {}", jwt);
            return jwt;
        } catch (Exception e) {
            this.log.error("Failed to create Session JWT for session {}", sessionId.getId(), e);
            return "";
        }
    }

    private Integer getOrGenerateSessionIndex(SessionId sessionId) {
        Integer index = sessionId.getPredefinedAttributes().getIndex();
        if (index == null) {
            index = this.sessionStatusListIndexService.next();
            sessionId.getPredefinedAttributes().setIndex(index);
        }
        return index;
    }
}
