package org.wso2.carbon.apimgt.impl.token;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.dto.JwtTokenInfoDTO;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;

/* loaded from: input_file:org/wso2/carbon/apimgt/impl/token/InternalAPIKeyGenerator.class */
public class InternalAPIKeyGenerator implements ApiKeyGenerator {
    private static final Log log = LogFactory.getLog(DefaultApiKeyGenerator.class);

    @Override // org.wso2.carbon.apimgt.impl.token.ApiKeyGenerator
    public String generateToken(JwtTokenInfoDTO jwtTokenInfoDTO) throws APIManagementException {
        SignedJWT signedJWT = new SignedJWT(buildHeader(), buildBody(jwtTokenInfoDTO));
        buildSignature(signedJWT);
        if (log.isDebugEnabled()) {
            log.debug("signed assertion value : " + signedJWT.getParsedString());
        }
        return signedJWT.serialize();
    }

    protected JWTClaimsSet buildBody(JwtTokenInfoDTO jwtTokenInfoDTO) {
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        long expirationTime = (jwtTokenInfoDTO.getExpirationTime() == -1 || jwtTokenInfoDTO.getExpirationTime() > 2147483647L - seconds) ? -1L : seconds + jwtTokenInfoDTO.getExpirationTime();
        String openIDConnectIDTokenIssuerIdentifier = OAuthServerConfiguration.getInstance().getOpenIDConnectIDTokenIssuerIdentifier();
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        builder.claim(APIConstants.JwtTokenConstants.END_USERNAME, APIUtil.getUserNameWithTenantSuffix(jwtTokenInfoDTO.getEndUserName()));
        builder.claim(APIConstants.JwtTokenConstants.JWT_ID, UUID.randomUUID().toString());
        builder.claim(APIConstants.JwtTokenConstants.ISSUER_IDENTIFIER, openIDConnectIDTokenIssuerIdentifier);
        builder.claim(APIConstants.JwtTokenConstants.ISSUED_TIME, Long.valueOf(seconds));
        if (expirationTime != -1) {
            builder.claim("exp", Long.valueOf(expirationTime));
        }
        builder.claim(APIConstants.JwtTokenConstants.SUBSCRIBED_APIS, jwtTokenInfoDTO.getSubscribedApiDTOList());
        builder.claim(APIConstants.JwtTokenConstants.KEY_TYPE, jwtTokenInfoDTO.getKeyType());
        builder.claim("token_type", APIConstants.JwtTokenConstants.INTERNAL_KEY_TOKEN_TYPE);
        builder.claim(APIConstants.JwtTokenConstants.AUDIENCE, jwtTokenInfoDTO.getAudience());
        return builder.build();
    }

    protected JWSHeader buildHeader() throws APIManagementException {
        return new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(APIUtil.getInternalApiKeyAlias()).build();
    }

    protected void buildSignature(SignedJWT signedJWT) throws APIManagementException {
        try {
            signedJWT.sign(new RSASSASigner(KeyStoreManager.getInstance(-1234).getDefaultPrivateKey()));
        } catch (Exception e) {
            throw new APIManagementException("Error while signing Api Key", e);
        }
    }
}
