package org.pac4j.jwt.profile;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.util.Date;
import java.util.Map;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/jwt/profile/JwtGenerator.class */
public class JwtGenerator<U extends UserProfile> {
    protected final Logger logger;
    private String signingSecret;
    private String encryptionSecret;

    public JwtGenerator(String str) {
        this(str, true);
    }

    public JwtGenerator(String str, boolean z) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.signingSecret = str;
        if (z) {
            this.encryptionSecret = str;
        }
    }

    public JwtGenerator(String str, String str2) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.signingSecret = str;
        this.encryptionSecret = str2;
    }

    public String generate(U u) {
        try {
            MACSigner mACSigner = new MACSigner(this.signingSecret);
            JWTClaimsSet.Builder issuer = new JWTClaimsSet.Builder().subject(u.getTypedId()).issueTime(new Date()).issuer(getClass().getSimpleName());
            Map attributes = u.getAttributes();
            for (String str : attributes.keySet()) {
                issuer.claim(str, attributes.get(str));
            }
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), issuer.build());
            signedJWT.sign(mACSigner);
            if (!CommonHelper.isNotBlank(this.encryptionSecret)) {
                return signedJWT.serialize();
            }
            JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A256GCM).contentType("JWT").build(), new Payload(signedJWT));
            jWEObject.encrypt(new DirectEncrypter(this.encryptionSecret.getBytes("UTF-8")));
            return jWEObject.serialize();
        } catch (Exception e) {
            throw new TechnicalException("Cannot generate JWT", e);
        }
    }
}
