package io.jans.as.server.service.logout;

import io.jans.as.common.claims.Audience;
import io.jans.as.common.model.registration.Client;
import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.config.WebKeysConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.util.CertUtils;
import io.jans.as.server.model.common.AuthorizationGrant;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.as.server.model.common.LogoutStatusJwt;
import io.jans.as.server.model.token.JwtSigner;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.DiscoveryService;
import io.jans.as.server.service.SessionIdService;
import io.jans.as.server.service.token.StatusListIndexService;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.WebApplicationException;
import java.util.Calendar;
import java.util.Date;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONObject;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/as/server/service/logout/LogoutStatusJwtService.class */
public class LogoutStatusJwtService {

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private WebKeysConfiguration webKeysConfiguration;

    @Inject
    private ClientService clientService;

    @Inject
    private DiscoveryService discoveryService;

    @Inject
    private StatusListIndexService statusListIndexService;

    @Inject
    private SessionIdService sessionIdService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    public LogoutStatusJwt createLogoutStatusJwt(ExecutionContext executionContext, AuthorizationGrant authorizationGrant) {
        try {
            executionContext.initFromGrantIfNeeded(authorizationGrant);
            executionContext.generateRandomTokenReferenceId();
            Integer logoutStatusJwtLifetime = this.appConfiguration.getLogoutStatusJwtLifetime();
            LogoutStatusJwt logoutStatusJwt = new LogoutStatusJwt(logoutStatusJwtLifetime.intValue());
            logoutStatusJwt.setSessionDn(authorizationGrant.getSessionDn());
            logoutStatusJwt.setX5ts256(CertUtils.confirmationMethodHashS256(executionContext.getCertAsPem()));
            logoutStatusJwt.setReferenceId(executionContext.getTokenReferenceId());
            String dpop = executionContext.getDpop();
            if (StringUtils.isNoneBlank(new CharSequence[]{dpop})) {
                logoutStatusJwt.setDpop(dpop);
            }
            Integer num = null;
            if (this.errorResponseFactory.isFeatureFlagEnabled(FeatureFlagType.STATUS_LIST)) {
                num = this.statusListIndexService.next();
                executionContext.setStatusListIndex(num);
                logoutStatusJwt.setStatusListIndex(num);
            }
            if (logoutStatusJwt.getExpiresIn() < 0) {
                this.log.trace("Failed to create logout status jwt with negative expiration time");
                return null;
            }
            Client client = authorizationGrant.getClient();
            SignatureAlgorithm fromString = SignatureAlgorithm.fromString(this.appConfiguration.getDefaultSignatureAlgorithm());
            String logoutStatusJwtSignedResponseAlg = client.getAttributes().getLogoutStatusJwtSignedResponseAlg();
            if (com.mysql.cj.util.StringUtils.isNullOrEmpty(logoutStatusJwtSignedResponseAlg) && SignatureAlgorithm.fromString(logoutStatusJwtSignedResponseAlg) != null) {
                fromString = SignatureAlgorithm.fromString(logoutStatusJwtSignedResponseAlg);
            }
            JwtSigner jwtSigner = new JwtSigner(this.appConfiguration, this.webKeysConfiguration, fromString, client.getClientId(), this.clientService.decryptSecret(client.getClientSecret()));
            Jwt newJwt = jwtSigner.newJwt();
            logoutStatusJwt.setJti(fillPayload(newJwt, num, logoutStatusJwtLifetime, authorizationGrant.getSessionDn()));
            Audience.setAudience(newJwt.getClaims(), client);
            String jwt = jwtSigner.sign().toString();
            if (this.log.isDebugEnabled()) {
                this.log.debug("Created Logout Status JWT: {}", jwt + ", claims: " + jwtSigner.getJwt().getClaims().toJsonString());
            }
            logoutStatusJwt.setCode(jwt);
            return logoutStatusJwt;
        } catch (Exception e) {
            this.log.error("Failed to create Logout Status JWT", e);
            return null;
        } catch (WebApplicationException e2) {
            throw e2;
        }
    }

    public String fillPayload(Jwt jwt, Integer num, Integer num2, String str) {
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(13, num2.intValue());
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("idx", num);
        jSONObject.put("uri", this.discoveryService.getTokenStatusListEndpoint());
        jwt.getClaims().setExpirationTime(calendar.getTime());
        jwt.getClaims().setIat(date);
        jwt.getClaims().setNbf(date);
        String uuid = UUID.randomUUID().toString();
        jwt.getClaims().setClaim("jti", uuid);
        jwt.getClaims().setClaim("status_list", jSONObject);
        return uuid;
    }
}
