package com.adobe.granite.oauth.jwt.impl;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.oauth.jwt.JwsBuilder;
import com.adobe.granite.oauth.jwt.JwtConstants;
import java.security.Key;
import javax.crypto.spec.SecretKeySpec;
import org.apache.oltu.jose.jws.JWS;
import org.apache.oltu.jose.jws.io.JWSWriter;
import org.apache.oltu.jose.jws.signature.SignatureMethod;
import org.apache.oltu.jose.jws.signature.SigningKey;
import org.apache.oltu.oauth2.jwt.JWT;
import org.apache.oltu.oauth2.jwt.io.JWTClaimsSetWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/oauth/jwt/impl/JwsBuilderImpl.class */
public class JwsBuilderImpl implements JwsBuilder {
    private static final String TYPE = "JWT";
    private static final String SCOPE = "scope";
    private static final long DEFAULT_LEEWAY = 20;
    private CryptoSupport cryptoSupport;
    private long expiresIn;
    private SignatureMethod signatureMethod;
    private SigningKey signingKey;
    private final Logger logger = LoggerFactory.getLogger(JwsBuilderImpl.class);
    private final JWT.Builder jwtBuilder = new JWT.Builder();
    private long iat = -1;

    public JwsBuilderImpl(String str, Key key, CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
        this.signingKey = getSigningKey(str, key);
        this.signatureMethod = getSignatureMethod(str);
    }

    @Override // com.adobe.granite.oauth.jwt.JwsBuilder
    public String build() throws CryptoException {
        try {
            setTimes();
            return new JWSWriter().write(new JWS.Builder().setType(TYPE).setPayload(new JWTClaimsSetWriter().write(this.jwtBuilder.build().getClaimsSet())).sign(this.signatureMethod, this.signingKey).build());
        } catch (RuntimeException e) {
            throw new CryptoException(e.getMessage());
        }
    }

    @Override // com.adobe.granite.oauth.jwt.JwsBuilder
    public JwsBuilder setIssuer(String str) {
        this.jwtBuilder.setClaimsSetIssuer(str);
        return this;
    }

    @Override // com.adobe.granite.oauth.jwt.JwsBuilder
    public JwsBuilder setExpiresIn(long j) {
        this.expiresIn = j;
        return this;
    }

    @Override // com.adobe.granite.oauth.jwt.JwsBuilder
    public JwsBuilder setSubject(String str) {
        this.jwtBuilder.setClaimsSetSubject(str);
        return this;
    }

    @Override // com.adobe.granite.oauth.jwt.JwsBuilder
    public JwsBuilder setAudience(String str) {
        this.jwtBuilder.setClaimsSetAudience(str);
        return this;
    }

    @Override // com.adobe.granite.oauth.jwt.JwsBuilder
    public JwsBuilder setScope(String str) {
        this.jwtBuilder.setClaimsSetCustomField(SCOPE, str);
        return this;
    }

    @Override // com.adobe.granite.oauth.jwt.JwsBuilder
    public JwsBuilder setIssuedAt(long j) {
        this.iat = j;
        return this;
    }

    @Override // com.adobe.granite.oauth.jwt.JwsBuilder
    public JwsBuilder setCustomClaimsSetField(String str, Object obj) {
        this.jwtBuilder.setClaimsSetCustomField(str, obj);
        return this;
    }

    private void setTimes() {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (this.iat == -1) {
            this.logger.debug("iat not set, using current time");
            this.iat = currentTimeMillis;
        } else if (this.iat > currentTimeMillis + DEFAULT_LEEWAY) {
            this.logger.info("the set iat time is too far away in the future, using current time");
            this.iat = currentTimeMillis;
        }
        this.jwtBuilder.setClaimsSetIssuedAt(this.iat);
        this.jwtBuilder.setClaimsSetExpirationTime(this.iat + this.expiresIn);
    }

    private SignatureMethod getSignatureMethod(String str) {
        SignatureMethod rSASignatureMethodImpl;
        if (JwtConstants.HS256.equals(str)) {
            rSASignatureMethodImpl = new HMACSignatureMethodsImpl(this.cryptoSupport);
        } else {
            if (!JwtConstants.RS256.equals(str) && !JwtConstants.RS384.equals(str) && !JwtConstants.RS512.equals(str)) {
                throw new UnsupportedOperationException("algorithm " + str + " not supported");
            }
            rSASignatureMethodImpl = new RSASignatureMethodImpl(this.cryptoSupport, str);
        }
        return rSASignatureMethodImpl;
    }

    private SigningKey getSigningKey(String str, Key key) {
        org.apache.oltu.jose.jws.signature.SymmetricKey privateKey;
        if (JwtConstants.HS256.equals(str)) {
            if (key == null) {
                privateKey = new SymmetricKey(null);
            } else {
                if (!(key instanceof SecretKeySpec)) {
                    throw new IllegalArgumentException("The given algorithm " + str + " is not compatible with the given key " + key);
                }
                privateKey = new SymmetricKey(key.getEncoded());
            }
        } else {
            if (!JwtConstants.RS256.equals(str) && !JwtConstants.RS384.equals(str) && !JwtConstants.RS512.equals(str)) {
                throw new IllegalArgumentException("Invalid algorithm " + str + " and/or key  " + key);
            }
            if (!(key instanceof java.security.PrivateKey)) {
                throw new IllegalArgumentException("The given algorithm " + str + " is not compatible with the given key " + key);
            }
            privateKey = new PrivateKey((java.security.PrivateKey) key);
        }
        return privateKey;
    }
}
