package io.jans.as.server.model.token;

import com.google.common.base.Preconditions;
import io.jans.as.common.model.registration.Client;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.jwk.Algorithm;
import io.jans.as.model.jwk.JSONWebKeySet;
import io.jans.as.model.jwk.Use;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.jwt.JwtType;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.ServerCryptoProvider;
import io.jans.service.cdi.util.CdiUtil;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/as/server/model/token/JwtSigner.class */
public class JwtSigner {
    private static final Logger log = LoggerFactory.getLogger(JwtSigner.class);
    private AbstractCryptoProvider cryptoProvider;
    private final SignatureAlgorithm signatureAlgorithm;
    private final String audience;
    private final String hmacSharedSecret;
    private final AppConfiguration appConfiguration;
    private final JSONWebKeySet webKeys;
    private Jwt jwt;

    public JwtSigner(AppConfiguration appConfiguration, JSONWebKeySet jSONWebKeySet, SignatureAlgorithm signatureAlgorithm, String str) {
        this(appConfiguration, jSONWebKeySet, signatureAlgorithm, str, null);
    }

    public JwtSigner(AppConfiguration appConfiguration, JSONWebKeySet jSONWebKeySet, SignatureAlgorithm signatureAlgorithm, String str, String str2) {
        this(appConfiguration, jSONWebKeySet, signatureAlgorithm, str, str2, null);
    }

    public JwtSigner(AppConfiguration appConfiguration, JSONWebKeySet jSONWebKeySet, SignatureAlgorithm signatureAlgorithm, String str, String str2, AbstractCryptoProvider abstractCryptoProvider) {
        this.appConfiguration = appConfiguration;
        this.webKeys = jSONWebKeySet;
        this.signatureAlgorithm = signatureAlgorithm;
        this.audience = str;
        this.hmacSharedSecret = str2;
        this.cryptoProvider = abstractCryptoProvider != null ? abstractCryptoProvider : new ServerCryptoProvider((AbstractCryptoProvider) CdiUtil.bean(AbstractCryptoProvider.class));
    }

    public static JwtSigner newJwtSigner(AppConfiguration appConfiguration, JSONWebKeySet jSONWebKeySet, Client client) throws Exception {
        Preconditions.checkNotNull(client);
        SignatureAlgorithm fromString = SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm());
        if (client.getIdTokenSignedResponseAlg() != null) {
            fromString = SignatureAlgorithm.fromString(client.getIdTokenSignedResponseAlg());
        }
        return new JwtSigner(appConfiguration, jSONWebKeySet, fromString, client.getClientId(), ((ClientService) CdiUtil.bean(ClientService.class)).decryptSecret(client.getClientSecret()));
    }

    public Jwt newJwt() throws Exception {
        this.jwt = new Jwt();
        String kid = getKid();
        if (kid != null) {
            this.jwt.getHeader().setKeyId(kid);
        }
        this.jwt.getHeader().setType(JwtType.JWT);
        this.jwt.getHeader().setAlgorithm(this.signatureAlgorithm);
        this.jwt.getClaims().setIssuer(this.appConfiguration.getIssuer());
        this.jwt.getClaims().setAudience(this.audience);
        return this.jwt;
    }

    private String getKid() throws Exception {
        String staticKid = this.appConfiguration.getStaticKid();
        if (!StringUtils.isNotBlank(staticKid)) {
            return this.cryptoProvider.getKeyId(this.webKeys, Algorithm.fromString(this.signatureAlgorithm.getName()), Use.SIGNATURE);
        }
        log.trace("Use staticKid: " + staticKid);
        return staticKid;
    }

    public Jwt sign() throws Exception {
        this.jwt.setEncodedSignature(this.cryptoProvider.sign(this.jwt.getSigningInput(), this.jwt.getHeader().getKeyId(), this.hmacSharedSecret, this.signatureAlgorithm));
        return this.jwt;
    }

    public Jwt getJwt() {
        return this.jwt;
    }

    public void setJwt(Jwt jwt) {
        this.jwt = jwt;
    }

    public SignatureAlgorithm getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public void setCryptoProvider(AbstractCryptoProvider abstractCryptoProvider) {
        this.cryptoProvider = abstractCryptoProvider;
    }
}
