package org.wso2.carbon.identity.oauth2.responsemode.provider.jarm;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import java.util.Calendar;
import java.util.Date;
import org.apache.commons.lang.StringUtils;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.responsemode.provider.AbstractResponseModeProvider;
import org.wso2.carbon.identity.oauth2.responsemode.provider.AuthorizationResponseDTO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/responsemode/provider/jarm/JarmResponseModeProvider.class */
public abstract class JarmResponseModeProvider extends AbstractResponseModeProvider {
    private static final String ISSUER = "iss";
    private static final String AUDIENCE = "aud";
    private static final String EXPIRATION_TIME = "exp";
    private static final String ERROR = "error";
    private static final String ERROR_DESCRIPTION = "error_description";
    private static final String ACCESS_CODE = "code";
    private static final String ACCESS_TOKEN = "access_token";
    private static final String TOKEN_TYPE = "token_type";
    private static final String EXPIRES_IN = "expires_in";
    private static final String ID_TOKEN = "id_token";
    private static final String STATE = "state";
    private static final String SCOPE = "scope";
    private static final String SESSION_STATE = "session_state";
    private static final String AUTHENTICATED_IDPS = "AuthenticatedIdPs";
    private static final int TO_MILLISECONDS = 1000;

    /* JADX INFO: Access modifiers changed from: protected */
    public JWTClaimsSet getJWTClaimsSet(AuthorizationResponseDTO authorizationResponseDTO) throws OAuthSystemException {
        String authorizationCode = authorizationResponseDTO.getSuccessResponseDTO().getAuthorizationCode();
        String idToken = authorizationResponseDTO.getSuccessResponseDTO().getIdToken();
        String accessToken = authorizationResponseDTO.getSuccessResponseDTO().getAccessToken();
        String tokenType = authorizationResponseDTO.getSuccessResponseDTO().getTokenType();
        long validityPeriod = authorizationResponseDTO.getSuccessResponseDTO().getValidityPeriod();
        String authenticatedIDPs = authorizationResponseDTO.getAuthenticatedIDPs();
        String sessionState = authorizationResponseDTO.getSessionState();
        String state = authorizationResponseDTO.getState();
        String scope = authorizationResponseDTO.getSuccessResponseDTO().getScope();
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        builder.claim("iss", getIssuer(authorizationResponseDTO));
        builder.claim("aud", authorizationResponseDTO.getClientId());
        builder.claim("exp", new Date((OAuthServerConfiguration.getInstance().getJarmResponseJwtValidityPeriodInSeconds() * 1000) + Calendar.getInstance().getTimeInMillis()));
        if (authorizationCode != null) {
            builder.claim(ACCESS_CODE, authorizationCode);
        }
        if (accessToken != null) {
            builder.claim("access_token", accessToken);
            builder.claim("expires_in", Long.valueOf(validityPeriod));
        }
        if (tokenType != null) {
            builder.claim("token_type", tokenType);
        }
        if (idToken != null) {
            builder.claim("id_token", idToken);
        }
        if (sessionState != null) {
            builder.claim(SESSION_STATE, sessionState);
        }
        if (state != null) {
            builder.claim("state", authorizationResponseDTO.getState());
        }
        if (authenticatedIDPs != null && !authenticatedIDPs.isEmpty()) {
            builder.claim(AUTHENTICATED_IDPS, authenticatedIDPs);
        }
        if (scope != null) {
            builder.claim("scope", scope);
        }
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWTClaimsSet getErrorJWTClaimsSet(AuthorizationResponseDTO authorizationResponseDTO) throws OAuthSystemException {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        builder.claim("iss", getIssuer(authorizationResponseDTO));
        builder.claim("aud", authorizationResponseDTO.getClientId());
        builder.claim("error", authorizationResponseDTO.getErrorResponseDTO().getError());
        builder.claim("error_description", authorizationResponseDTO.getErrorResponseDTO().getErrorDescription());
        builder.claim("exp", new Date((OAuthServerConfiguration.getInstance().getJarmResponseJwtValidityPeriodInSeconds() * 1000) + Calendar.getInstance().getTimeInMillis()));
        if (StringUtils.isNotBlank(authorizationResponseDTO.getState())) {
            builder.claim("state", authorizationResponseDTO.getState());
        }
        if (StringUtils.isNotBlank(authorizationResponseDTO.getSessionState())) {
            builder.claim(SESSION_STATE, authorizationResponseDTO.getSessionState());
        }
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getJWTToken(AuthorizationResponseDTO authorizationResponseDTO, JWTClaimsSet jWTClaimsSet) throws OAuthSystemException {
        try {
            String signingTenantDomain = authorizationResponseDTO.getSigningTenantDomain();
            JWSAlgorithm jWTSignatureAlgorithm = getJWTSignatureAlgorithm();
            if (JWSAlgorithm.NONE.equals(jWTSignatureAlgorithm)) {
                jWTSignatureAlgorithm = JWSAlgorithm.parse(new PlainJWT(jWTClaimsSet).serialize());
            }
            return OAuth2Util.signJWT(jWTClaimsSet, jWTSignatureAlgorithm, signingTenantDomain).serialize();
        } catch (IdentityOAuth2Exception e) {
            authorizationResponseDTO.setError(500, "Error in signing JWT.", "server_error");
            throw new OAuthSystemException("Error in signing JWT");
        }
    }

    protected static JWSAlgorithm getJWTSignatureAlgorithm() throws OAuthSystemException {
        JWSAlgorithm jWSAlgorithm = new JWSAlgorithm(JWSAlgorithm.NONE.getName());
        String idTokenSignatureAlgorithm = OAuthServerConfiguration.getInstance().getIdTokenSignatureAlgorithm();
        if (StringUtils.isNotBlank(idTokenSignatureAlgorithm)) {
            try {
                jWSAlgorithm = OAuth2Util.mapSignatureAlgorithmForJWSAlgorithm(idTokenSignatureAlgorithm);
            } catch (IdentityOAuth2Exception e) {
                throw new OAuthSystemException("Configured signature algorithm : " + idTokenSignatureAlgorithm + " is not supported.", e);
            }
        }
        return jWSAlgorithm;
    }

    protected static String getIssuer(AuthorizationResponseDTO authorizationResponseDTO) throws OAuthSystemException {
        try {
            return OAuth2Util.getIdTokenIssuer(authorizationResponseDTO.getSigningTenantDomain());
        } catch (IdentityOAuth2Exception e) {
            authorizationResponseDTO.setError(500, "Error getting Id Token Issuer.", "server_error");
            throw new OAuthSystemException("Error getting Id Token Issuer.");
        }
    }
}
