package io.gravitee.am.jwt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.jca.JCASupport;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import io.gravitee.am.common.exception.jwt.MalformedJWTException;
import io.gravitee.am.common.exception.jwt.SignatureException;
import io.gravitee.am.common.jwt.JWT;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.PrivateKey;
import java.text.ParseException;
import javax.crypto.SecretKey;
import net.minidev.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/am/jwt/DefaultJWTBuilder.class */
public class DefaultJWTBuilder implements JWTBuilder {
    private static final Logger logger = LoggerFactory.getLogger(DefaultJWTBuilder.class);
    private final JWSSigner signer;
    private final JWSHeader header;
    private String issuer;

    public DefaultJWTBuilder(Key key, String str, String str2) throws InvalidKeyException {
        if (key instanceof PrivateKey) {
            this.signer = new RSASSASigner((PrivateKey) key, true);
            if (!JCASupport.isSupported(JWSAlgorithm.PS256)) {
                this.signer.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
            }
        } else {
            if (!(key instanceof SecretKey)) {
                throw new InvalidKeyException("No matching JWT signer for key : " + key);
            }
            try {
                this.signer = new MACSigner((SecretKey) key);
            } catch (KeyLengthException e) {
                throw new InvalidKeyException((Throwable) e);
            }
        }
        this.header = new JWSHeader.Builder(new JWSAlgorithm(str)).keyID(str2).type(JOSEObjectType.JWT).build();
    }

    public DefaultJWTBuilder(Key key, String str, String str2, String str3) throws InvalidKeyException {
        this(key, str, str2);
        this.issuer = str3;
    }

    @Override // io.gravitee.am.jwt.JWTBuilder
    public String sign(JWT jwt) {
        try {
            JSONObject jSONObject = new JSONObject(jwt);
            if (this.issuer != null && !jSONObject.containsKey("iss")) {
                jSONObject.put("iss", this.issuer);
            }
            SignedJWT signedJWT = new SignedJWT(this.header, JWTClaimsSet.parse(jSONObject));
            signedJWT.sign(this.signer);
            return signedJWT.serialize();
        } catch (JOSEException e) {
            logger.debug("Signing JWT token: {} has failed", jwt);
            throw new SignatureException("Signing JWT token has failed", e);
        } catch (ParseException e2) {
            logger.debug("Signing JWT token: {} has failed", jwt);
            throw new MalformedJWTException("Signing JWT token has failed", e2);
        } catch (Exception e3) {
            logger.error("An error occurs while signing JWT token : {}", jwt, e3);
            throw e3;
        }
    }
}
