package com.appiancorp.oauth.inbound.token;

import com.appiancorp.oauth.inbound.SuiteConfigurationAdapter;
import com.appiancorp.oauth.inbound.authserver.exceptions.AccessTokenGenerationException;
import com.appiancorp.oauth.inbound.crypto.OAuthTokenRepository;
import com.appiancorp.oauth.inbound.persistence.OAuthConfigDaoService;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.util.Date;
import java.util.function.Supplier;
import org.apache.commons.lang.time.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/oauth/inbound/token/AccessTokenProviderImpl.class */
public class AccessTokenProviderImpl implements AccessTokenProvider {
    private static final Logger LOG = LoggerFactory.getLogger(AccessTokenProviderImpl.class);
    public static final int TOKEN_DURATION_IN_SECONDS = 900;
    private final OAuthTokenRepository tokenRepositoryAdminContextDecorator;
    private final SuiteConfigurationAdapter suiteConfiguration;
    private final OAuthConfigDaoService oAuthConfigDaoService;
    private final Supplier<Date> newDateSupplier;

    public AccessTokenProviderImpl(OAuthTokenRepository oAuthTokenRepository, SuiteConfigurationAdapter suiteConfigurationAdapter, OAuthConfigDaoService oAuthConfigDaoService, Supplier<Date> supplier) {
        this.tokenRepositoryAdminContextDecorator = oAuthTokenRepository;
        this.suiteConfiguration = suiteConfigurationAdapter;
        this.oAuthConfigDaoService = oAuthConfigDaoService;
        this.newDateSupplier = supplier;
    }

    public String generateAccessToken(String str) throws AccessTokenGenerationException {
        try {
            Long serviceAccountId = this.oAuthConfigDaoService.getActiveConfigByClientId(str).getServiceAccountId();
            String l = null == serviceAccountId ? null : serviceAccountId.toString();
            RSASSASigner rSASSASigner = new RSASSASigner(this.tokenRepositoryAdminContextDecorator.getKeyPair().getPrivate());
            SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(), new JWTClaimsSet.Builder().audience(str).expirationTime(DateUtils.addSeconds(this.newDateSupplier.get(), TOKEN_DURATION_IN_SECONDS)).issuer(this.suiteConfiguration.getBaseUri()).subject(l).build());
            signedJWT.sign(rSASSASigner);
            return signedJWT.serialize();
        } catch (Exception e) {
            LOG.error("Failed to create access token for client id: {}", str);
            throw new AccessTokenGenerationException(e);
        }
    }
}
