package de.adorsys.sts.token.passwordgrant;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import de.adorsys.sts.keymanagement.service.KeyManagementService;
import de.adorsys.sts.resourceserver.model.ResourceServerAndSecret;
import de.adorsys.sts.resourceserver.processing.ResourceServerProcessorService;
import de.adorsys.sts.token.InvalidParameterException;
import de.adorsys.sts.token.JwtClaimSetHelper;
import de.adorsys.sts.token.MissingParameterException;
import de.adorsys.sts.token.api.TokenResponse;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import org.adorsys.jjwk.serverkey.KeyAndJwk;
import org.adorsys.jjwk.serverkey.KeyConverter;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateUtils;

/* loaded from: input_file:BOOT-INF/lib/sts-token-0.19.2.jar:de/adorsys/sts/token/passwordgrant/PasswordGrantService.class */
public class PasswordGrantService {
    private final KeyManagementService keyManager;
    private final ResourceServerProcessorService resourceServerProcessorService;

    public PasswordGrantService(KeyManagementService keyManagementService, ResourceServerProcessorService resourceServerProcessorService) {
        this.keyManager = keyManagementService;
        this.resourceServerProcessorService = resourceServerProcessorService;
    }

    public TokenResponse passwordGrant(String str, String[] strArr, String[] strArr2, String str2, String str3, String str4, String str5) throws InvalidParameterException, MissingParameterException {
        if (!StringUtils.equals("password", str)) {
            throw new InvalidParameterException("Request parameter grant_type is missing or does not carry the value password. See https://tools.ietf.org/html/rfc6749#section-4.3.1");
        }
        if (StringUtils.isBlank(str4)) {
            throw new MissingParameterException("username");
        }
        if (StringUtils.isBlank(str5)) {
            throw new MissingParameterException("password");
        }
        JWTClaimsSet.Builder claim = new JWTClaimsSet.Builder().subject(str4).expirationTime(DateUtils.addMinutes(new Date(), 5)).issuer(str2).issueTime(new Date()).jwtID(UUID.randomUUID().toString()).notBeforeTime(new Date()).claim("typ", TokenResponse.TOKEN_TYPE_BEARER).claim("role", "USER");
        List<ResourceServerAndSecret> processResources = this.resourceServerProcessorService.processResources(strArr2, strArr, str4, str5);
        JWTClaimsSet.Builder handleResources = JwtClaimSetHelper.handleResources(claim, processResources);
        for (ResourceServerAndSecret resourceServerAndSecret : processResources) {
            if (resourceServerAndSecret.hasEncryptedSecret()) {
                handleResources.claim(resourceServerAndSecret.getResourceServer().getUserSecretClaimName(), resourceServerAndSecret.getEncryptedSecret());
            }
        }
        JWTClaimsSet build = handleResources.build();
        KeyAndJwk randomSignKey = this.keyManager.randomSignKey();
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(KeyConverter.getJWSAlgo(randomSignKey)).type(JOSEObjectType.JWT).keyID(randomSignKey.jwk.getKeyID()).build(), build);
        try {
            signedJWT.sign(KeyConverter.findSigner(randomSignKey));
            TokenResponse tokenResponse = new TokenResponse();
            tokenResponse.setAccess_token(signedJWT.serialize());
            tokenResponse.setIssued_token_type(TokenResponse.ISSUED_TOKEN_TYPE_ACCESS_TOKEN);
            tokenResponse.setToken_type(TokenResponse.TOKEN_TYPE_BEARER);
            tokenResponse.setExpires_in((int) ((build.getExpirationTime().getTime() - new Date().getTime()) / 1000));
            return tokenResponse;
        } catch (JOSEException e) {
            throw new IllegalStateException(e);
        }
    }
}
