package org.mitre.openid.connect.token;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.util.Date;
import java.util.UUID;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.OIDCTokenService;
import org.mitre.openid.connect.service.UserInfoService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/openid-connect-server-1.3.4.jar:org/mitre/openid/connect/token/ConnectTokenEnhancer.class */
public class ConnectTokenEnhancer implements TokenEnhancer {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ConnectTokenEnhancer.class);

    @Autowired
    private ConfigurationPropertiesBean configBean;

    @Autowired
    private JWTSigningAndValidationService jwtService;

    @Autowired
    private ClientDetailsEntityService clientService;

    @Autowired
    private UserInfoService userInfoService;

    @Autowired
    private OIDCTokenService connectTokenService;

    @Override // org.springframework.security.oauth2.provider.token.TokenEnhancer
    public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
        OAuth2AccessTokenEntity oAuth2AccessTokenEntity = (OAuth2AccessTokenEntity) oAuth2AccessToken;
        OAuth2Request oAuth2Request = oAuth2Authentication.getOAuth2Request();
        String clientId = oAuth2Request.getClientId();
        ClientDetailsEntity loadClientByClientId = this.clientService.loadClientByClientId(clientId);
        JWTClaimsSet.Builder jwtID = new JWTClaimsSet.Builder().claim("azp", clientId).issuer(this.configBean.getIssuer()).issueTime(new Date()).expirationTime(oAuth2AccessTokenEntity.getExpiration()).subject(oAuth2Authentication.getName()).jwtID(UUID.randomUUID().toString());
        String str = (String) oAuth2Authentication.getOAuth2Request().getExtensions().get("aud");
        if (!Strings.isNullOrEmpty(str)) {
            jwtID.audience(Lists.newArrayList(str));
        }
        addCustomAccessTokenClaims(jwtID, oAuth2AccessTokenEntity, oAuth2Authentication);
        JWTClaimsSet build = jwtID.build();
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(this.jwtService.getDefaultSigningAlgorithm(), null, null, null, null, null, null, null, null, null, this.jwtService.getDefaultSignerKeyId(), null, null), build);
        this.jwtService.signJwt(signedJWT);
        oAuth2AccessTokenEntity.setJwt(signedJWT);
        if (oAuth2Request.getScope().contains(SystemScopeService.OPENID_SCOPE) && !oAuth2Authentication.isClientOnly()) {
            UserInfo byUsernameAndClientId = this.userInfoService.getByUsernameAndClientId(oAuth2Authentication.getName(), clientId);
            if (byUsernameAndClientId != null) {
                oAuth2AccessTokenEntity.setIdToken(this.connectTokenService.createIdToken(loadClientByClientId, oAuth2Request, build.getIssueTime(), byUsernameAndClientId.getSub(), oAuth2AccessTokenEntity));
            } else {
                logger.warn("Request for ID token when no user is present.");
            }
        }
        return oAuth2AccessTokenEntity;
    }

    public ConfigurationPropertiesBean getConfigBean() {
        return this.configBean;
    }

    public void setConfigBean(ConfigurationPropertiesBean configurationPropertiesBean) {
        this.configBean = configurationPropertiesBean;
    }

    public JWTSigningAndValidationService getJwtService() {
        return this.jwtService;
    }

    public void setJwtService(JWTSigningAndValidationService jWTSigningAndValidationService) {
        this.jwtService = jWTSigningAndValidationService;
    }

    public ClientDetailsEntityService getClientService() {
        return this.clientService;
    }

    public void setClientService(ClientDetailsEntityService clientDetailsEntityService) {
        this.clientService = clientDetailsEntityService;
    }

    protected void addCustomAccessTokenClaims(JWTClaimsSet.Builder builder, OAuth2AccessTokenEntity oAuth2AccessTokenEntity, OAuth2Authentication oAuth2Authentication) {
    }
}
