package org.mitre.uma.service.impl;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.net.URI;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.repository.AuthenticationHolderRepository;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.uma.model.Permission;
import org.mitre.uma.model.PermissionTicket;
import org.mitre.uma.model.Policy;
import org.mitre.uma.service.UmaTokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Service;

@Service("defaultUmaTokenService")
/* loaded from: input_file:org/mitre/uma/service/impl/DefaultUmaTokenService.class */
public class DefaultUmaTokenService implements UmaTokenService {

    @Autowired
    private AuthenticationHolderRepository authenticationHolderRepository;

    @Autowired
    private OAuth2TokenEntityService tokenService;

    @Autowired
    private ClientDetailsEntityService clientService;

    @Autowired
    private ConfigurationPropertiesBean config;

    @Autowired
    private JWTSigningAndValidationService jwtService;

    public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication oAuth2Authentication, PermissionTicket permissionTicket, Policy policy) {
        OAuth2AccessTokenEntity oAuth2AccessTokenEntity = new OAuth2AccessTokenEntity();
        AuthenticationHolderEntity authenticationHolderEntity = new AuthenticationHolderEntity();
        authenticationHolderEntity.setAuthentication(oAuth2Authentication);
        oAuth2AccessTokenEntity.setAuthenticationHolder(this.authenticationHolderRepository.save(authenticationHolderEntity));
        oAuth2AccessTokenEntity.setClient(this.clientService.loadClientByClientId(oAuth2Authentication.getOAuth2Request().getClientId()));
        Set scopes = permissionTicket.getPermission().getScopes();
        Set scopes2 = policy.getScopes();
        Permission permission = new Permission();
        permission.setResourceSet(permissionTicket.getPermission().getResourceSet());
        permission.setScopes(new HashSet((Collection) Sets.intersection(scopes, scopes2)));
        oAuth2AccessTokenEntity.setPermissions(Sets.newHashSet(new Permission[]{permission}));
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        builder.audience(Lists.newArrayList(new String[]{permissionTicket.getPermission().getResourceSet().getId().toString()}));
        builder.issuer(this.config.getIssuer());
        builder.jwtID(UUID.randomUUID().toString());
        if (this.config.getRqpTokenLifeTime() != null) {
            Date date = new Date(System.currentTimeMillis() + (this.config.getRqpTokenLifeTime().longValue() * 1000));
            builder.expirationTime(date);
            oAuth2AccessTokenEntity.setExpiration(date);
        }
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(this.jwtService.getDefaultSigningAlgorithm(), (JOSEObjectType) null, (String) null, (Set) null, (URI) null, (JWK) null, (URI) null, (Base64URL) null, (Base64URL) null, (List) null, this.jwtService.getDefaultSignerKeyId(), (Map) null, (Base64URL) null), builder.build());
        this.jwtService.signJwt(signedJWT);
        oAuth2AccessTokenEntity.setJwt(signedJWT);
        this.tokenService.saveAccessToken(oAuth2AccessTokenEntity);
        return oAuth2AccessTokenEntity;
    }
}
