package io.jans.as.server.session.ws.rs;

import io.jans.as.common.claims.Audience;
import io.jans.as.common.model.common.User;
import io.jans.as.common.model.registration.Client;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.token.JsonWebResponse;
import io.jans.as.server.model.token.JwrService;
import io.jans.as.server.service.SectorIdentifierService;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import java.util.Calendar;
import java.util.Date;
import java.util.UUID;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONObject;
import org.msgpack.core.Preconditions;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/session/ws/rs/LogoutTokenFactory.class */
public class LogoutTokenFactory {
    private static final String EVENTS_KEY = "http://schemas.openid.net/event/backchannel-logout";

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private JwrService jwrService;

    @Inject
    private SectorIdentifierService sectorIdentifierService;

    public JsonWebResponse createLogoutToken(Client client, String str, User user) {
        try {
            Preconditions.checkNotNull(client);
            JsonWebResponse createJwr = this.jwrService.createJwr(client);
            fillClaims(createJwr, client, str, user);
            this.jwrService.encode(createJwr, client);
            return createJwr;
        } catch (Exception e) {
            this.log.error("Failed to create logout_token for client: {}", client.getClientId());
            return null;
        }
    }

    private void fillClaims(JsonWebResponse jsonWebResponse, Client client, String str, User user) {
        int idTokenLifetime = this.appConfiguration.getIdTokenLifetime();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(13, idTokenLifetime);
        jsonWebResponse.getClaims().setExpirationTime(calendar.getTime());
        jsonWebResponse.getClaims().setIat(time);
        jsonWebResponse.getClaims().setNbf(time);
        jsonWebResponse.getClaims().setIssuer(this.appConfiguration.getIssuer());
        jsonWebResponse.getClaims().setJwtId(UUID.randomUUID());
        jsonWebResponse.getClaims().setClaim("events", getLogoutTokenEvents());
        Audience.setAudience(jsonWebResponse.getClaims(), client);
        if (StringUtils.isNotBlank(str) && BooleanUtils.isTrue(client.getAttributes().getBackchannelLogoutSessionRequired())) {
            jsonWebResponse.getClaims().setClaim("sid", str);
        }
        String sub = this.sectorIdentifierService.getSub(client, user, false);
        if (StringUtils.isNotBlank(sub)) {
            jsonWebResponse.getClaims().setSubjectIdentifier(sub);
        }
    }

    private JSONObject getLogoutTokenEvents() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(EVENTS_KEY, new JSONObject());
        return jSONObject;
    }
}
