package com.tngtech.keycloakmock.impl;

import com.tngtech.keycloakmock.api.TokenConfig;
import com.tngtech.keycloakmock.impl.session.UserData;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import java.security.Key;
import java.security.PublicKey;
import java.time.Duration;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:com/tngtech/keycloakmock/impl/TokenGenerator.class */
public class TokenGenerator {

    @Nonnull
    private final PublicKey publicKey;

    @Nonnull
    private final Key privateKey;

    @Nonnull
    private final String keyId;

    @Nonnull
    private final List<String> defaultScopes;

    @Nonnull
    private final Duration defaultTokenLifespan;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public TokenGenerator(@Nonnull PublicKey publicKey, @Nonnull Key key, @Nonnull @Named("keyId") String str, @Nonnull @Named("scopes") List<String> list, @Nonnull Duration duration) {
        this.publicKey = publicKey;
        this.privateKey = key;
        this.keyId = str;
        this.defaultScopes = list;
        this.defaultTokenLifespan = duration;
    }

    @Nonnull
    public String getToken(@Nonnull TokenConfig tokenConfig, @Nonnull UrlConfiguration urlConfiguration) {
        JwtBuilder claim = ((JwtBuilder) ((JwtBuilder) Jwts.builder().header().keyId(this.keyId).type("JWT").and()).audience().add(tokenConfig.getAudience()).and()).issuedAt(new Date(tokenConfig.getIssuedAt().toEpochMilli())).claim("auth_time", Long.valueOf(tokenConfig.getAuthenticationTime().getEpochSecond())).issuer(urlConfiguration.forRequestContext(tokenConfig.getHostname(), tokenConfig.getRealm()).getIssuer().toASCIIString()).subject(tokenConfig.getSubject()).claim("scope", encodeGivenOrDefaultScopes(tokenConfig.getScopes())).claim("typ", "Bearer").claim("azp", tokenConfig.getAuthorizedParty());
        if (tokenConfig.getNotBefore() != null) {
            claim.notBefore(new Date(tokenConfig.getNotBefore().toEpochMilli()));
        }
        if (tokenConfig.getExpiration() != null) {
            claim.expiration(new Date(tokenConfig.getExpiration().toEpochMilli()));
        } else {
            claim.expiration(new Date(tokenConfig.getIssuedAt().plus((TemporalAmount) this.defaultTokenLifespan).toEpochMilli()));
        }
        if (tokenConfig.isGenerateUserDataFromSubject()) {
            UserData fromUsernameAndHostname = UserData.fromUsernameAndHostname(tokenConfig.getSubject(), urlConfiguration.getHostname());
            claim.claim("name", Optional.ofNullable(tokenConfig.getName()).orElse(fromUsernameAndHostname.getName())).claim("given_name", Optional.ofNullable(tokenConfig.getGivenName()).orElse(fromUsernameAndHostname.getGivenName())).claim("family_name", Optional.ofNullable(tokenConfig.getFamilyName()).orElse(fromUsernameAndHostname.getFamilyName())).claim("email", Optional.ofNullable(tokenConfig.getEmail()).orElse(fromUsernameAndHostname.getEmail())).claim("preferred_username", Optional.ofNullable(tokenConfig.getPreferredUsername()).orElse(fromUsernameAndHostname.getPreferredUsername()));
        } else {
            claim.claim("name", tokenConfig.getName()).claim("given_name", tokenConfig.getGivenName()).claim("family_name", tokenConfig.getFamilyName()).claim("email", tokenConfig.getEmail()).claim("preferred_username", tokenConfig.getPreferredUsername());
        }
        return ((JwtBuilder) claim.claim("acr", tokenConfig.getAuthenticationContextClassReference()).claim("realm_access", tokenConfig.getRealmAccess()).claim("resource_access", tokenConfig.getResourceAccess()).claims().add(tokenConfig.getClaims()).and()).signWith(this.privateKey).compact();
    }

    private String encodeGivenOrDefaultScopes(List<String> list) {
        return list.isEmpty() ? (String) Stream.concat(Stream.of("openid"), this.defaultScopes.stream()).distinct().collect(Collectors.joining(" ")) : (String) Stream.concat(Stream.of("openid"), list.stream()).distinct().collect(Collectors.joining(" "));
    }

    public Map<String, Object> parseToken(@Nonnull String str) {
        return (Map) Jwts.parser().verifyWith(this.publicKey).build().parseSignedClaims(str).getPayload();
    }
}
