package com.stormpath.sdk.servlet.filter.account;

import com.stormpath.sdk.api.ApiKey;
import com.stormpath.sdk.authc.AuthenticationResult;
import com.stormpath.sdk.lang.Assert;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.Key;
import java.util.Date;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/stormpath/sdk/servlet/filter/account/DefaultAuthenticationJwtFactory.class */
public class DefaultAuthenticationJwtFactory implements AuthenticationJwtFactory {
    private final JwtSigningKeyResolver jwtSigningKeyResolver;
    private final SignatureAlgorithm jwtSignatureAlgorithm;
    private final long jwtTtl;

    public DefaultAuthenticationJwtFactory(JwtSigningKeyResolver jwtSigningKeyResolver, SignatureAlgorithm signatureAlgorithm, long j) {
        Assert.notNull(jwtSigningKeyResolver, "JwtSigningKeyResolver cannot be null.");
        Assert.notNull(signatureAlgorithm, "JWT SignatureAlgorithm cannot be null.");
        Assert.isTrue(signatureAlgorithm != SignatureAlgorithm.NONE, "SignatureAlgorithm 'none' is not allowed.");
        this.jwtSigningKeyResolver = jwtSigningKeyResolver;
        this.jwtSignatureAlgorithm = signatureAlgorithm;
        this.jwtTtl = j;
    }

    protected JwtSigningKeyResolver getJwtSigningKeyResolver() {
        return this.jwtSigningKeyResolver;
    }

    protected SignatureAlgorithm getJwtSignatureAlgorithm() {
        return this.jwtSignatureAlgorithm;
    }

    protected long getJwtTtl() {
        return this.jwtTtl;
    }

    @Override // com.stormpath.sdk.servlet.filter.account.AuthenticationJwtFactory
    public String createAccountJwt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult) {
        String createJwtId = createJwtId(httpServletRequest, httpServletResponse, authenticationResult);
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        String jwtSubject = getJwtSubject(httpServletRequest, httpServletResponse, authenticationResult);
        Assert.hasText(jwtSubject, "JWT subject value cannot be null or empty.");
        JwtBuilder signWith = Jwts.builder().setId(createJwtId).setIssuedAt(date).setSubject(jwtSubject).signWith(getJwtSignatureAlgorithm(), getJwtSigningKey(httpServletRequest, httpServletResponse, authenticationResult));
        long jwtTtlSeconds = getJwtTtlSeconds(httpServletRequest, httpServletResponse, authenticationResult);
        if (jwtTtlSeconds >= 0) {
            signWith.setExpiration(new Date(currentTimeMillis + (jwtTtlSeconds * 1000)));
        }
        return signWith.compact();
    }

    protected String createJwtId(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult) {
        return UUID.randomUUID().toString();
    }

    protected String getJwtSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult) {
        ApiKey apiKey = (ApiKey) httpServletRequest.getAttribute(ApiKey.class.getName());
        return apiKey != null ? apiKey.getHref() : authenticationResult.getAccount().getHref();
    }

    protected Key getJwtSigningKey(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult) {
        return getJwtSigningKeyResolver().getSigningKey(httpServletRequest, httpServletResponse, authenticationResult, getJwtSignatureAlgorithm());
    }

    protected long getJwtTtlSeconds(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult) {
        return getJwtTtl();
    }
}
