package com.appiancorp.oauth.inbound.authserver.tokens;

import com.appiancorp.oauth.inbound.SuiteConfigurationAdapter;
import com.appiancorp.oauth.inbound.authserver.GrantedAuthorization;
import com.appiancorp.oauth.inbound.authserver.clients.pm.ProcessMiningFrontEndClientConfig;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthInvalidGrantException;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthInvalidRequestException;
import com.appiancorp.oauth.inbound.crypto.OAuthTokenRepository;
import com.appiancorp.oauth.inbound.exceptions.OAuthException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.text.ParseException;
import java.time.Instant;
import java.util.Date;
import java.util.Optional;
import java.util.UUID;
import java.util.function.Supplier;
import org.apache.commons.lang.time.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/oauth/inbound/authserver/tokens/RefreshTokenFactoryImpl.class */
public class RefreshTokenFactoryImpl implements TokenFactory<JWTClaimsSet> {
    private static final Logger LOG = LoggerFactory.getLogger(RefreshTokenFactoryImpl.class);
    private final OAuthTokenRepository tokenRepository;
    private final ProcessMiningFrontEndClientConfig frontEndClientConfig;
    private final SuiteConfigurationAdapter suiteConfiguration;
    private Supplier<Date> newDateSupplier = () -> {
        return Date.from(Instant.now());
    };
    private Supplier<String> newJwtIdSupplier = () -> {
        return UUID.randomUUID().toString();
    };

    public RefreshTokenFactoryImpl(ProcessMiningFrontEndClientConfig processMiningFrontEndClientConfig, OAuthTokenRepository oAuthTokenRepository, SuiteConfigurationAdapter suiteConfigurationAdapter) {
        this.frontEndClientConfig = processMiningFrontEndClientConfig;
        this.tokenRepository = oAuthTokenRepository;
        this.suiteConfiguration = suiteConfigurationAdapter;
    }

    public Optional<Token<JWTClaimsSet>> generateToken(String str, GrantedAuthorization grantedAuthorization) {
        String userUuid = grantedAuthorization.getUserUuid();
        try {
            RSASSASigner rSASSASigner = new RSASSASigner(this.tokenRepository.getKeyPair().getPrivate());
            int refreshTokenExpirationInSecs = this.frontEndClientConfig.getRefreshTokenExpirationInSecs();
            Date date = this.newDateSupplier.get();
            SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(), new JWTClaimsSet.Builder().jwtID(this.newJwtIdSupplier.get()).issuer(this.suiteConfiguration.getBaseUri()).audience(this.suiteConfiguration.getBaseUri()).claim("fid", str).subject(userUuid).issueTime(date).notBeforeTime(date).expirationTime(DateUtils.addSeconds(date, refreshTokenExpirationInSecs)).build());
            signedJWT.sign(rSASSASigner);
            return Optional.of(new AppianRefreshToken(signedJWT.serialize(), signedJWT.getJWTClaimsSet()));
        } catch (Exception e) {
            LOG.error("Failed to create refresh token for user uuid: {}", userUuid, e);
            return Optional.empty();
        }
    }

    public Token parse(String str) throws OAuthException {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            if (new RSASSAVerifier(this.tokenRepository.getPublicKey()).verify(parse.getHeader(), parse.getSigningInput(), parse.getSignature())) {
                return new AppianRefreshToken(parse.serialize(), parse.getJWTClaimsSet());
            }
            LOG.error("Signature verification of the refresh token failed.");
            throw new OAuthInvalidGrantException("Signature verification of the refresh token failed.");
        } catch (ParseException | JOSEException e) {
            throw new OAuthInvalidRequestException(e.getMessage(), e);
        } catch (Exception e2) {
            throw new OAuthException(e2);
        } catch (OAuthException e3) {
            throw e3;
        }
    }

    public void setNewDateSupplier(Supplier<Date> supplier) {
        this.newDateSupplier = supplier;
    }

    public void setNewJwtIdSupplier(Supplier<String> supplier) {
        this.newJwtIdSupplier = supplier;
    }
}
