package org.xdi.oxauth.model.token;

import org.python.jline.internal.Preconditions;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.crypto.AbstractCryptoProvider;
import org.xdi.oxauth.model.crypto.CryptoProviderFactory;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.jwk.JSONWebKeySet;
import org.xdi.oxauth.model.jwk.Use;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.jwt.JwtType;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.service.ClientService;
import org.xdi.service.cdi.util.CdiUtil;

/* loaded from: input_file:org/xdi/oxauth/model/token/JwtSigner.class */
public class JwtSigner {
    private AbstractCryptoProvider cryptoProvider;
    private SignatureAlgorithm signatureAlgorithm;
    private String audience;
    private String hmacSharedSecret;
    private AppConfiguration appConfiguration;
    private JSONWebKeySet webKeys;
    private Jwt jwt;

    public JwtSigner(AppConfiguration appConfiguration, JSONWebKeySet jSONWebKeySet, SignatureAlgorithm signatureAlgorithm, String str) throws Exception {
        this(appConfiguration, jSONWebKeySet, signatureAlgorithm, str, null);
    }

    public JwtSigner(AppConfiguration appConfiguration, JSONWebKeySet jSONWebKeySet, SignatureAlgorithm signatureAlgorithm, String str, String str2) throws Exception {
        this.appConfiguration = appConfiguration;
        this.webKeys = jSONWebKeySet;
        this.signatureAlgorithm = signatureAlgorithm;
        this.audience = str;
        this.hmacSharedSecret = str2;
        this.cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration);
    }

    public static JwtSigner newJwtSigner(AppConfiguration appConfiguration, JSONWebKeySet jSONWebKeySet, Client client) throws Exception {
        Preconditions.checkNotNull(client);
        SignatureAlgorithm fromString = SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm());
        if (client.getIdTokenSignedResponseAlg() != null) {
            fromString = SignatureAlgorithm.fromString(client.getIdTokenSignedResponseAlg());
        }
        return new JwtSigner(appConfiguration, jSONWebKeySet, fromString, client.getClientId(), ((ClientService) CdiUtil.bean(ClientService.class)).decryptSecret(client.getClientSecret()));
    }

    public Jwt newJwt() throws Exception {
        this.jwt = new Jwt();
        String keyId = this.cryptoProvider.getKeyId(this.webKeys, this.signatureAlgorithm, Use.SIGNATURE);
        if (keyId != null) {
            this.jwt.getHeader().setKeyId(keyId);
        }
        this.jwt.getHeader().setType(JwtType.JWT);
        this.jwt.getHeader().setAlgorithm(this.signatureAlgorithm);
        this.jwt.getClaims().setIssuer(this.appConfiguration.getIssuer());
        this.jwt.getClaims().setAudience(this.audience);
        return this.jwt;
    }

    public Jwt sign() throws Exception {
        this.jwt.setEncodedSignature(this.cryptoProvider.sign(this.jwt.getSigningInput(), this.jwt.getHeader().getKeyId(), this.hmacSharedSecret, this.signatureAlgorithm));
        return this.jwt;
    }

    public Jwt getJwt() {
        return this.jwt;
    }

    public SignatureAlgorithm getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }
}
