package io.cellery.security.sts.endpoint.core;

import com.nimbusds.jwt.SignedJWT;
import io.cellery.security.extensions.exception.CelleryAuthException;
import io.cellery.security.extensions.jwt.CellerySignedJWTBuilder;
import io.cellery.security.extensions.util.Utils;
import java.text.ParseException;
import java.util.HashMap;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;

/* loaded from: input_file:io/cellery/security/sts/endpoint/core/CellerySecureTokenService.class */
public class CellerySecureTokenService {
    public CellerySTSResponse issueJWT(CellerySTSRequest cellerySTSRequest) throws CellerySTSException {
        try {
            String source = cellerySTSRequest.getSource();
            HashMap hashMap = new HashMap();
            if (StringUtils.isNotBlank(cellerySTSRequest.getUserContextJwt())) {
                SignedJWT parse = SignedJWT.parse(cellerySTSRequest.getUserContextJwt());
                if (!isUserContextJwtValid(parse)) {
                    throw new CellerySTSException("Invalid user context JWT presented to obtain a STS token.");
                }
                source = parse.getJWTClaimsSet().getSubject();
                hashMap.putAll(Utils.getCustomClaims(parse));
            }
            String build = new CellerySignedJWTBuilder().subject(source).scopes(cellerySTSRequest.getScopes()).audience(cellerySTSRequest.getAudiences()).claims(hashMap).build();
            CellerySTSResponse cellerySTSResponse = new CellerySTSResponse();
            cellerySTSResponse.setStsToken(build);
            return cellerySTSResponse;
        } catch (CelleryAuthException e) {
            throw new CellerySTSException("Error issuing JWT.", e);
        } catch (ParseException e2) {
            throw new CellerySTSException("Error while parsing the user context JWT", e2);
        }
    }

    private boolean isUserContextJwtValid(SignedJWT signedJWT) throws CelleryAuthException {
        try {
            return Utils.validateSignature(signedJWT, Utils.getCelleryIDP());
        } catch (IdentityProviderManagementException | IdentityOAuth2Exception e) {
            throw new CelleryAuthException("Error while validating user context jwt", e);
        }
    }
}
