package org.wso2.carbon.identity.oauth2.jwt;

import java.util.Calendar;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.caching.core.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.JWTCache;
import org.wso2.carbon.identity.oauth.cache.JWTCacheEntry;
import org.wso2.carbon.identity.oauth.cache.JWTCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.user.api.Claim;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/jwt/DefaultJWTGenerator.class */
public class DefaultJWTGenerator implements JWTGenerator {
    private static final Log log = LogFactory.getLog(JWTGenerator.class);
    private boolean isDebug = log.isDebugEnabled();

    @Override // org.wso2.carbon.identity.oauth2.jwt.JWTGenerator
    public String generateToken(OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO, OAuth2TokenValidationResponseDTO oAuth2TokenValidationResponseDTO) throws IdentityOAuth2Exception {
        String authorizedUser = oAuth2TokenValidationResponseDTO.getAuthorizedUser();
        JWTCache jWTCache = null;
        JWTCacheKey jWTCacheKey = null;
        if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
            jWTCache = JWTCache.getInstance();
            jWTCacheKey = new JWTCacheKey(authorizedUser);
            CacheEntry valueFromCache = jWTCache.getValueFromCache(jWTCacheKey);
            if (valueFromCache instanceof JWTCacheEntry) {
                String jwt = ((JWTCacheEntry) valueFromCache).getJWT();
                if (this.isDebug) {
                    log.debug("Cache Hit for: " + authorizedUser);
                }
                return jwt;
            }
        }
        if (this.isDebug) {
            log.debug("Cache miss for: " + authorizedUser);
        }
        String generateJWT = generateJWT(getUserClaims(authorizedUser));
        if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
            jWTCache.addToCache(jWTCacheKey, new JWTCacheEntry(generateJWT));
            if (this.isDebug) {
                log.debug("Added the cache entry for " + authorizedUser);
            }
        }
        return generateJWT;
    }

    private Claim[] getUserClaims(String str) throws IdentityOAuth2Exception {
        try {
            return OAuthComponentServiceHolder.getRealmService().getTenantUserRealm(OAuthComponentServiceHolder.getRealmService().getTenantManager().getTenantId(MultitenantUtils.getTenantDomain(str))).getUserStoreManager().getUserClaimValues(str, (String) null);
        } catch (UserStoreException e) {
            log.debug("Error while readin user claims ", e);
            throw new IdentityOAuth2Exception(e.getMessage());
        }
    }

    private String generateJWT(Claim[] claimArr) {
        StringBuilder sb = new StringBuilder();
        long timeInMillis = Calendar.getInstance().getTimeInMillis();
        sb.append("{");
        sb.append("\"timestamp\":\"");
        sb.append(timeInMillis);
        sb.append("\",");
        for (Claim claim : claimArr) {
            sb.append(", \"");
            sb.append(claim.getClaimUri());
            sb.append("\":\"");
            sb.append(claim.getValue());
            sb.append("\"");
        }
        sb.append("}");
        String sb2 = sb.toString();
        if (log.isDebugEnabled()) {
            log.debug("Generated JWT Header : {\"typ\":\"JWT\"}");
            log.debug("Gemerated JWT Body : " + sb2);
        }
        return Base64Utils.encode("{\"typ\":\"JWT\"}".getBytes()) + "." + Base64Utils.encode(sb2.getBytes()) + ".";
    }
}
