package com.ibm.ws.security.jwt.utils;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.jwt.Claims;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.jwt.config.JwtConfig;
import com.ibm.ws.security.jwt.internal.ClaimsImpl;
import com.ibm.ws.security.jwt.internal.JwtTokenException;
import com.ibm.ws.security.jwt.registry.RegistryClaims;
import java.util.List;
import java.util.Map;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.NumericDate;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/jwt/utils/JwtCreator.class */
public class JwtCreator {
    private static final String JTI_CLAIM = "jti";
    static final long serialVersionUID = 8093072144774381461L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.jwt.utils.JwtCreator", JwtCreator.class, "JWTBUILDER", "com.ibm.ws.security.jwt.internal.resources.JWTMessages");

    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    @TraceOptions
    /* loaded from: input_file:com/ibm/ws/security/jwt/utils/JwtCreator$JwtResult.class */
    public static class JwtResult {
        private final String compact;
        private Map<String, Object> header;
        private final Claims claims = new ClaimsImpl();
        static final long serialVersionUID = 6362412338749548818L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.jwt.utils.JwtCreator$JwtResult", JwtResult.class, "JWTBUILDER", "com.ibm.ws.security.jwt.internal.resources.JWTMessages");

        public JwtResult(String str, JwtClaims jwtClaims) throws Exception {
            this.compact = str;
            initializeHeader();
            initializeClaims(jwtClaims);
        }

        public String getCompact() {
            return this.compact;
        }

        public Map<String, Object> getHeader() {
            return this.header;
        }

        public Claims getClaims() {
            return this.claims;
        }

        private void initializeClaims(JwtClaims jwtClaims) throws Exception {
            Map claimsMap = jwtClaims.getClaimsMap();
            if (claimsMap == null || claimsMap.isEmpty()) {
                return;
            }
            this.claims.putAll(claimsMap);
        }

        private void initializeHeader() throws Exception {
            if (this.compact == null) {
                this.header = null;
            }
            this.header = JwtUtils.claimsFromJson(JwtUtils.fromBase64ToJsonString(JwtUtils.splitTokenString(this.compact)[0]));
        }
    }

    @FFDCIgnore({Exception.class})
    public static JwtResult createJwt(JwtData jwtData, Claims claims) throws JwtTokenException {
        boolean isJwt = jwtData.isJwt();
        try {
            JwtClaims jwtClaims = new JwtClaims();
            if (isJwt) {
                jwtClaims = populateClaims(jwtData, claims);
            }
            String signedJwt = JwsSigner.getSignedJwt(jwtClaims, jwtData);
            if (jwtData.isJwe()) {
                signedJwt = JweHelper.createJweString(signedJwt, jwtData);
            }
            return new JwtResult(signedJwt, jwtClaims);
        } catch (Exception e) {
            JwtTokenException newInstance = JwtTokenException.newInstance(false, "JWT_CREATE_FAIL", new Object[]{e.getLocalizedMessage()});
            newInstance.initCause(e);
            throw newInstance;
        }
    }

    public static JwtClaims populateClaims(JwtData jwtData, Claims claims) throws MalformedClaimException {
        JwtClaims jwtClaims = new JwtClaims();
        String str = (String) claims.get(Claims.TOKEN_TYPE);
        if (str != null) {
            jwtClaims.setClaim(Claims.TOKEN_TYPE, str);
        }
        List<String> audience = claims.getAudience();
        if (audience != null && audience.size() > 0) {
            jwtClaims.setAudience(audience);
        }
        String subject = claims.getSubject();
        if (subject != null) {
            jwtClaims.setSubject(subject);
            if (jwtData.getConfig().getClaims() != null) {
                addCustomClaims(jwtClaims, jwtData.getConfig(), subject);
            }
        }
        for (Map.Entry<String, Object> entry : claims.getAllClaims().entrySet()) {
            if (entry.getKey() != "aud" && entry.getKey() != "exp" && entry.getKey() != "jti" && entry.getKey() != "iss" && entry.getKey() != "iat" && entry.getKey() != "nbf") {
                jwtClaims.setClaim(entry.getKey(), entry.getValue());
            }
        }
        String jwtId = claims.getJwtId();
        if (jwtId != null) {
            jwtClaims.setClaim("jti", jwtId);
        }
        if (claims.getIssuer() != null) {
            jwtClaims.setIssuer(claims.getIssuer());
        }
        long validTime = jwtData.getConfig().getValidTime();
        long expiration = claims.getExpiration();
        long issuedAt = claims.getIssuedAt();
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (expiration > 0) {
            jwtClaims.setExpirationTime(NumericDate.fromSeconds(expiration));
        } else if (expiration == -2) {
            jwtClaims.setExpirationTime(NumericDate.fromSeconds(currentTimeMillis + validTime));
        }
        if (issuedAt > 0) {
            jwtClaims.setIssuedAt(NumericDate.fromSeconds(issuedAt));
        } else if (issuedAt == -2) {
            jwtClaims.setIssuedAt(NumericDate.fromSeconds(currentTimeMillis));
        }
        long notBefore = claims.getNotBefore();
        if (notBefore > 0) {
            jwtClaims.setNotBefore(NumericDate.fromSeconds(notBefore));
        }
        long nbfOffsetTime = jwtData.getConfig().getNbfOffsetTime();
        if (nbfOffsetTime >= 0) {
            jwtClaims.setNotBefore(NumericDate.fromSeconds(jwtClaims.getIssuedAt().getValue() + nbfOffsetTime));
        }
        return jwtClaims;
    }

    private static void addCustomClaims(JwtClaims jwtClaims, JwtConfig jwtConfig, String str) {
        for (Map.Entry<String, Object> entry : new RegistryClaims(str).fetchExtraClaims(jwtConfig).entrySet()) {
            jwtClaims.setClaim(entry.getKey(), entry.getValue());
        }
    }
}
