package org.keycloak.adapters.authentication;

import java.nio.charset.StandardCharsets;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.jboss.logging.Logger;
import org.keycloak.adapters.AdapterUtils;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.common.util.Time;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.representations.JsonWebToken;

/* loaded from: input_file:org/keycloak/adapters/authentication/JWTClientSecretCredentialsProvider.class */
public class JWTClientSecretCredentialsProvider implements ClientCredentialsProvider {
    private static final Logger logger = Logger.getLogger(JWTClientSecretCredentialsProvider.class);
    public static final String PROVIDER_ID = "secret-jwt";
    private SecretKey clientSecret;

    @Override // org.keycloak.adapters.authentication.ClientCredentialsProvider
    public String getId() {
        return PROVIDER_ID;
    }

    @Override // org.keycloak.adapters.authentication.ClientCredentialsProvider
    public void init(KeycloakDeployment keycloakDeployment, Object obj) {
        if (!(obj instanceof Map)) {
            throw new RuntimeException("Configuration of jwt credentials by client secret is missing or incorrect for client '" + keycloakDeployment.getResourceName() + "'. Check your adapter configuration");
        }
        String str = (String) ((Map) obj).get(ClientIdAndSecretCredentialsProvider.PROVIDER_ID);
        if (str == null) {
            throw new RuntimeException("Missing parameter secret-jwt in configuration of jwt for client " + keycloakDeployment.getResourceName());
        }
        setClientSecret(str);
    }

    @Override // org.keycloak.adapters.authentication.ClientCredentialsProvider
    public void setClientCredentials(KeycloakDeployment keycloakDeployment, Map<String, String> map, Map<String, String> map2) {
        String createSignedRequestToken = createSignedRequestToken(keycloakDeployment.getResourceName(), keycloakDeployment.getRealmInfoUrl());
        map2.put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
        map2.put("client_assertion", createSignedRequestToken);
    }

    public void setClientSecret(String str) {
        this.clientSecret = new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
    }

    public String createSignedRequestToken(String str, String str2) {
        return new JWSBuilder().jsonContent(createRequestToken(str, str2)).hmac256(this.clientSecret);
    }

    private JsonWebToken createRequestToken(String str, String str2) {
        JsonWebToken jsonWebToken = new JsonWebToken();
        jsonWebToken.id(AdapterUtils.generateId());
        jsonWebToken.issuer(str);
        jsonWebToken.subject(str);
        jsonWebToken.audience(new String[]{str2});
        int currentTime = Time.currentTime();
        jsonWebToken.issuedAt(currentTime);
        jsonWebToken.expiration(currentTime + 10);
        jsonWebToken.notBefore(currentTime);
        return jsonWebToken;
    }
}
