package com.atlassian.bitbucket.internal.scm.git.lfs.jwt;

import com.atlassian.bitbucket.internal.scm.git.lfs.GitLfsConstants;
import com.atlassian.bitbucket.internal.scm.git.lfs.settings.GitLfsSettingsService;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.jwt.CanonicalHttpRequest;
import com.atlassian.jwt.SigningAlgorithm;
import com.atlassian.jwt.core.writer.JwtClaimsBuilder;
import com.atlassian.jwt.writer.JwtJsonBuilder;
import com.atlassian.jwt.writer.JwtJsonBuilderFactory;
import com.atlassian.jwt.writer.JwtWriterFactory;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;

/* loaded from: input_file:com/atlassian/bitbucket/internal/scm/git/lfs/jwt/GitLfsJwtHelper.class */
public class GitLfsJwtHelper {
    private final JwtJsonBuilderFactory jwtJsonBuilderFactory;
    private final JwtWriterFactory jwtWriterFactory;
    private final GitLfsSettingsService settingsService;

    public GitLfsJwtHelper(JwtJsonBuilderFactory jwtJsonBuilderFactory, JwtWriterFactory jwtWriterFactory, GitLfsSettingsService gitLfsSettingsService) {
        this.jwtJsonBuilderFactory = jwtJsonBuilderFactory;
        this.jwtWriterFactory = jwtWriterFactory;
        this.settingsService = gitLfsSettingsService;
    }

    @Nonnull
    public String buildToken(@Nonnull CanonicalHttpRequest canonicalHttpRequest, @Nonnull Repository repository, long j) {
        Objects.requireNonNull(canonicalHttpRequest, "httpRequest");
        Objects.requireNonNull(repository, "repository");
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        JwtJsonBuilder issuer = this.jwtJsonBuilderFactory.jsonBuilder().claim("repo", Integer.valueOf(repository.getId())).expirationTime(seconds + j).issuedAt(seconds).issuer(GitLfsConstants.PLUGIN_KEY);
        try {
            JwtClaimsBuilder.appendHttpRequestClaims(issuer, canonicalHttpRequest);
            return "JWT " + this.jwtWriterFactory.macSigningWriter(SigningAlgorithm.HS256, this.settingsService.getSharedSecret()).jsonToJwt(issuer.build());
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            throw new JwtTokenGenerationException("Failed to append \"qsh\" JWT claim.", e);
        }
    }
}
