package org.wso2.micro.integrator.management.apis.security.handler;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import org.wso2.micro.application.deployer.AppDeployerUtils;
import org.wso2.micro.core.util.KeyStoreManager;

/* loaded from: input_file:org/wso2/micro/integrator/management/apis/security/handler/JWTTokenGenerator.class */
public class JWTTokenGenerator {
    public String generateJWTToken(JWTTokenInfoDTO jWTTokenInfoDTO) throws JOSEException, NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(AuthConstants.TOKEN_STORE_KEY_ALGORITHM);
        keyPairGenerator.initialize(Integer.parseInt(JWTConfig.getInstance().getJwtConfigDto().getTokenSize()));
        RSAKey generateRSAKey = generateRSAKey(jWTTokenInfoDTO, keyPairGenerator);
        SignedJWT populateSignedJWTToken = populateSignedJWTToken(jWTTokenInfoDTO, generateRSAKey);
        populateSignedJWTToken.sign(new RSASSASigner(generateRSAKey));
        return populateSignedJWTToken.serialize();
    }

    private RSAKey generateRSAKey(JWTTokenInfoDTO jWTTokenInfoDTO, KeyPairGenerator keyPairGenerator) {
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        jWTTokenInfoDTO.setGeneratedKeyPair(generateKeyPair);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
        RSAKey build = new RSAKey.Builder(rSAPublicKey).privateKey((RSAPrivateKey) generateKeyPair.getPrivate()).keyID(jWTTokenInfoDTO.getToken()).build();
        jWTTokenInfoDTO.setRsaKey(build);
        return build;
    }

    private RSAKey generateRSAKeyWithKeyStore(JWTTokenInfoDTO jWTTokenInfoDTO, KeyPairGenerator keyPairGenerator) throws Exception {
        KeyStore primaryKeyStore = KeyStoreManager.getInstance(AppDeployerUtils.getTenantId()).getPrimaryKeyStore();
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
        return new RSAKey.Builder(rSAPublicKey).privateKey((RSAPrivateKey) generateKeyPair.getPrivate()).keyStore(primaryKeyStore).keyID(jWTTokenInfoDTO.getToken()).build();
    }

    private SignedJWT populateSignedJWTToken(JWTTokenInfoDTO jWTTokenInfoDTO, RSAKey rSAKey) {
        return new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(rSAKey.getKeyID()).build(), new JWTClaimsSet.Builder().subject(jWTTokenInfoDTO.getUsername()).issuer(jWTTokenInfoDTO.getIssuer()).expirationTime(new Date(jWTTokenInfoDTO.getExpiry())).claim("scope", jWTTokenInfoDTO.getScope()).build());
    }
}
