package io.continual.iam.impl.common.jwt;

import io.continual.builder.Builder;
import io.continual.iam.identity.Identity;
import io.continual.iam.impl.common.jwt.JwtValidator;
import io.continual.util.data.Sha256HmacSigner;
import io.continual.util.data.TypeConvertor;
import io.continual.util.time.Clock;
import java.util.List;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: input_file:io/continual/iam/impl/common/jwt/JwtProducer.class */
public class JwtProducer extends JwtValidator {
    private final String fIssuer;
    private final String fSigningKey;
    private final int fDurationSecs;

    /* loaded from: input_file:io/continual/iam/impl/common/jwt/JwtProducer$Builder.class */
    public static class Builder extends JwtValidator.Builder {
        private String fIssuer;
        private String fSigningKey;
        private int fDurationSecs = 86400;

        @Override // io.continual.iam.impl.common.jwt.JwtValidator.Builder
        public JwtProducer build() throws Builder.BuildFailure {
            return new JwtProducer(this);
        }

        public Builder withIssuerName(String str) {
            this.fIssuer = str;
            super.forIssuer(str);
            super.forAudience(str);
            return this;
        }

        public Builder usingSigningKey(String str) {
            this.fSigningKey = str;
            return this;
        }

        public Builder lasting(int i) {
            this.fDurationSecs = i;
            return this;
        }
    }

    public String createJwtToken(Identity identity) {
        String str = TypeConvertor.base64UrlEncode(new JSONObject().put("alg", "HS256").put("typ", "JWT").toString()) + "." + TypeConvertor.base64UrlEncode(new JSONObject().put("iss", this.fIssuer).put("sub", identity.getId()).put("aud", new JSONArray().put(this.fIssuer)).put("exp", (Clock.now() + (this.fDurationSecs * 1000)) / 1000).toString());
        return str + "." + TypeConvertor.base64UrlEncode(Sha256HmacSigner.signToBytes(str, this.fSigningKey));
    }

    @Override // io.continual.iam.impl.common.jwt.JwtValidator
    public List<JwtValidator.SigValidator> getValidators() {
        List<JwtValidator.SigValidator> validators = super.getValidators();
        validators.add(new JwtValidator.Hs256SigValidator(this.fSigningKey));
        return validators;
    }

    protected JwtProducer(Builder builder) throws Builder.BuildFailure {
        super(builder);
        this.fIssuer = builder.fIssuer;
        this.fSigningKey = builder.fSigningKey;
        this.fDurationSecs = builder.fDurationSecs;
        if (this.fIssuer == null || this.fSigningKey == null) {
            throw new Builder.BuildFailure("An issuer and a key are required to produce JWT tokens.");
        }
    }
}
