package com.atlassian.connect.spring.internal.request.oauth2;

import com.atlassian.connect.spring.AtlassianHostUser;
import com.atlassian.connect.spring.internal.jwt.InvalidKeyException;
import com.atlassian.connect.spring.internal.jwt.JwtJsonBuilder;
import com.atlassian.connect.spring.internal.jwt.JwtWriter;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.MACSigner;
import java.net.URI;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/connect/spring/internal/request/oauth2/OAuth2JwtAssertionGenerator.class */
public class OAuth2JwtAssertionGenerator {
    private static final Logger log = LoggerFactory.getLogger(OAuth2JwtAssertionGenerator.class);

    public String getAssertionString(AtlassianHostUser atlassianHostUser, URI uri) {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        Optional userKey = atlassianHostUser.getUserKey();
        Optional userAccountId = atlassianHostUser.getUserAccountId();
        if (!userAccountId.isPresent() && !userKey.isPresent()) {
            throw new IllegalArgumentException("Either the userKey (deprecated) or the userAccountId must be provided.");
        }
        JwtJsonBuilder claim = new JwtJsonBuilder().issuedAt(currentTimeMillis).expirationTime(currentTimeMillis + 60).issuer("urn:atlassian:connect:clientid:" + atlassianHostUser.getHost().getOauthClientId()).audience(uri.toASCIIString()).claim("tnt", atlassianHostUser.getHost().getBaseUrl());
        if (userAccountId.isPresent()) {
            claim.subject("urn:atlassian:connect:useraccountid:" + ((String) userAccountId.get()));
        } else {
            claim.subject("urn:atlassian:connect:userkey:" + ((String) userKey.get()));
        }
        String build = claim.build();
        log.debug("Created OAuth 2.0 JWT assertion: {}", build);
        return createJwtWriter(atlassianHostUser.getHost().getSharedSecret()).jsonToJwt(build);
    }

    private JwtWriter createJwtWriter(String str) {
        try {
            return new JwtWriter(JWSAlgorithm.HS256, new MACSigner(str));
        } catch (KeyLengthException e) {
            throw new InvalidKeyException(e);
        }
    }
}
