package com.supwisdom.institute.cas.site.token;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import com.supwisdom.institute.cas.site.common.util.JJWTTokenUtil;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.token.JWTTokenTicketBuilder;
import org.apereo.cas.token.cipher.RegisteredServiceTokenTicketCipherExecutor;
import org.apereo.cas.util.DateTimeUtils;
import org.hjson.JsonValue;
import org.hjson.Stringify;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:com/supwisdom/institute/cas/site/token/CasServerJWTTokenTicketBuilder.class */
public class CasServerJWTTokenTicketBuilder extends JWTTokenTicketBuilder {
    private static final Logger log = LoggerFactory.getLogger(CasServerJWTTokenTicketBuilder.class);

    @Value("${cas-server.jwt.signJwtAsServiceTicket.force:false}")
    private boolean signJwtAsServiceTicketForce;

    public CasServerJWTTokenTicketBuilder(TicketValidator ticketValidator, String str, CipherExecutor<String, String> cipherExecutor, ExpirationPolicy expirationPolicy, ServicesManager servicesManager) {
        super(ticketValidator, str, cipherExecutor, expirationPolicy, servicesManager);
    }

    public String build(String str, Service service) {
        Assertion validate = getTicketValidator().validate(str, service.getId());
        LinkedHashMap linkedHashMap = new LinkedHashMap(validate.getAttributes());
        linkedHashMap.putAll(validate.getPrincipal().getAttributes());
        Date validUntilDate = validate.getValidUntilDate() != null ? validate.getValidUntilDate() : DateTimeUtils.dateOf(ZonedDateTime.now().plusSeconds(getExpirationPolicy().getTimeToLive().longValue()));
        String buildJwtUseJwtKey = buildJwtUseJwtKey(str, service.getId(), validate.getAuthenticationDate(), validate.getPrincipal().getName(), validUntilDate, linkedHashMap);
        return buildJwtUseJwtKey != null ? buildJwtUseJwtKey : buildJwt(str, service.getId(), validate.getAuthenticationDate(), validate.getPrincipal().getName(), validUntilDate, linkedHashMap);
    }

    public String build(TicketGrantingTicket ticketGrantingTicket) {
        Authentication authentication = ticketGrantingTicket.getAuthentication();
        LinkedHashMap linkedHashMap = new LinkedHashMap(authentication.getAttributes());
        linkedHashMap.putAll(authentication.getPrincipal().getAttributes());
        return buildJwt(ticketGrantingTicket.getId(), getCasSeverPrefix(), DateTimeUtils.dateOf(ticketGrantingTicket.getCreationTime()), authentication.getPrincipal().getId(), DateTimeUtils.dateOf(ZonedDateTime.now().plusSeconds(getExpirationPolicy().getTimeToLive().longValue())), linkedHashMap);
    }

    private String buildJwt(String str, String str2, Date date, String str3, Date date2, Map<String, Object> map) {
        JWTClaimsSet.Builder subject = new JWTClaimsSet.Builder().audience(str2).issuer(getCasSeverPrefix()).jwtID(str).issueTime(date).subject(str3);
        subject.getClass();
        map.forEach(subject::claim);
        subject.expirationTime(date2);
        JWTClaimsSet build = subject.build();
        String jSONString = build.toJSONObject().toJSONString();
        log.debug("Generated JWT [{}]", JsonValue.readJSON(jSONString).toString(Stringify.FORMATTED));
        log.debug("Locating service [{}] in service registry", str2);
        RegisteredService findServiceBy = getServicesManager().findServiceBy(str2);
        RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(findServiceBy);
        log.debug("Locating service specific signing and encryption keys for [{}] in service registry", str2);
        RegisteredServiceTokenTicketCipherExecutor registeredServiceTokenTicketCipherExecutor = new RegisteredServiceTokenTicketCipherExecutor();
        if (registeredServiceTokenTicketCipherExecutor.supports(findServiceBy)) {
            log.debug("Encoding JWT based on keys provided by service [{}]", findServiceBy.getServiceId());
            return registeredServiceTokenTicketCipherExecutor.encode(jSONString, Optional.of(findServiceBy));
        }
        if (getDefaultTokenCipherExecutor().isEnabled()) {
            log.debug("Encoding JWT based on default global keys for [{}]", str2);
            return (String) getDefaultTokenCipherExecutor().encode(jSONString);
        }
        String serialize = new PlainJWT(build).serialize();
        log.trace("Generating plain JWT as the ticket: [{}]", serialize);
        return serialize;
    }

    private String buildJwtUseJwtKey(String str, String str2, Date date, String str3, Date date2, Map<String, Object> map) {
        log.debug("Locating service [{}] in service registry", str2);
        RegisteredService findServiceBy = getServicesManager().findServiceBy(str2);
        boolean z = false;
        if (findServiceBy != null && findServiceBy.getProperties() != null && findServiceBy.getProperties().containsKey("jwtAsServiceTicketUseJwtKey")) {
            z = "true".equalsIgnoreCase(((RegisteredServiceProperty) findServiceBy.getProperties().get("jwtAsServiceTicketUseJwtKey")).getValue());
        }
        if (!z) {
            z = this.signJwtAsServiceTicketForce;
        }
        if (!z) {
            return null;
        }
        RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(findServiceBy);
        HashMap hashMap = new HashMap();
        hashMap.getClass();
        map.forEach((v1, v2) -> {
            r1.put(v1, v2);
        });
        return JJWTTokenUtil.instance().bulidToken(str, str3, str2, getCasSeverPrefix(), date, date2, hashMap);
    }
}
