package org.apereo.cas.token;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.ProtocolAttributeEncoder;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.validation.TicketValidationResult;
import org.apereo.cas.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-token-core-api-7.2.0-RC4.jar:org/apereo/cas/token/JwtTicketBuilder.class */
public class JwtTicketBuilder implements TokenTicketBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) JwtTicketBuilder.class);
    private final TicketValidator ticketValidator;
    private final TicketFactory ticketFactory;
    private final JwtBuilder jwtBuilder;
    private final ServicesManager servicesManager;
    private final CasConfigurationProperties casProperties;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v25, types: [org.apereo.cas.token.JwtBuilder$JwtRequest$JwtRequestBuilder] */
    @Override // org.apereo.cas.token.TokenTicketBuilder
    public String build(String str, WebApplicationService webApplicationService) throws Throwable {
        TicketValidationResult ticketValidationResult = (TicketValidationResult) FunctionUtils.doUnchecked(() -> {
            return this.ticketValidator.validate(str, webApplicationService.getId());
        });
        LinkedHashMap linkedHashMap = new LinkedHashMap(ticketValidationResult.getAttributes());
        linkedHashMap.putAll(ticketValidationResult.getPrincipal().getAttributes());
        LOGGER.trace("Assertion attributes received are [{}]", linkedHashMap);
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(webApplicationService);
        RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(findServiceBy);
        Map<String, Object> decodeAttributes = ProtocolAttributeEncoder.decodeAttributes(linkedHashMap, findServiceBy, webApplicationService);
        LOGGER.debug("Final attributes decoded are [{}]", decodeAttributes);
        JwtBuilder.JwtRequest build = JwtBuilder.JwtRequest.builder().registeredService(Optional.of(findServiceBy)).serviceAudience(Set.of(webApplicationService.getId())).issueDate(new Date()).jwtId(str).subject(ticketValidationResult.getPrincipal().getId()).validUntilDate(DateTimeUtils.dateOf(ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(getTimeToLive(this.ticketFactory.get(ServiceTicket.class).getExpirationPolicyBuilder(), findServiceBy).longValue()))).attributes(decodeAttributes).issuer(this.casProperties.getServer().getPrefix()).build();
        LOGGER.debug("Building JWT using [{}]", build);
        return this.jwtBuilder.build(build);
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [org.apereo.cas.token.JwtBuilder$JwtRequest$JwtRequestBuilder] */
    @Override // org.apereo.cas.token.TokenTicketBuilder
    public String build(Authentication authentication, RegisteredService registeredService, String str, Map<String, List<Object>> map) throws Throwable {
        HashMap hashMap = new HashMap(authentication.getAttributes());
        hashMap.putAll(authentication.getPrincipal().getAttributes());
        hashMap.putAll(map);
        return this.jwtBuilder.build(JwtBuilder.JwtRequest.builder().serviceAudience(Set.of(this.casProperties.getServer().getPrefix())).registeredService(Optional.ofNullable(registeredService)).issueDate(DateTimeUtils.dateOf(authentication.getAuthenticationDate())).jwtId(str).subject(authentication.getPrincipal().getId()).validUntilDate(DateTimeUtils.dateOf(ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(getTimeToLive(this.ticketFactory.get(TicketGrantingTicket.class).getExpirationPolicyBuilder(), registeredService).longValue()))).attributes(hashMap).issuer(this.casProperties.getServer().getPrefix()).build());
    }

    protected Long getTimeToLive(ExpirationPolicyBuilder expirationPolicyBuilder, RegisteredService registeredService) {
        Long timeToLive = expirationPolicyBuilder.buildTicketExpirationPolicyFor(registeredService).getTimeToLive();
        if (Long.MAX_VALUE == timeToLive.longValue()) {
            return 2147483647L;
        }
        return timeToLive;
    }

    @Generated
    public JwtTicketBuilder(TicketValidator ticketValidator, TicketFactory ticketFactory, JwtBuilder jwtBuilder, ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties) {
        this.ticketValidator = ticketValidator;
        this.ticketFactory = ticketFactory;
        this.jwtBuilder = jwtBuilder;
        this.servicesManager = servicesManager;
        this.casProperties = casConfigurationProperties;
    }
}
