package no.nav.helse.dusseldorf.oauth2.client;

import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
import com.nimbusds.oauth2.sdk.JWTBearerGrant;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT;
import java.net.URL;
import java.time.Clock;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Date;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;

/* compiled from: SignedJwtAccessTokenClient.kt */
@Metadata(mv = {1, 1, 15}, bv = {1, 0, 3}, k = 1, d1 = {"��\\\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\"\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\u0018��2\u00020\u00012\u00020\u0002B%\u0012\u0006\u0010\u0003\u001a\u00020\u0004\u0012\u0006\u0010\u0005\u001a\u00020\u0006\u0012\u0006\u0010\u0007\u001a\u00020\b\u0012\u0006\u0010\t\u001a\u00020\n¢\u0006\u0002\u0010\u000bJ\u0016\u0010\u0012\u001a\u00020\u00132\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00040\u0015H\u0016J\u001e\u0010\u0012\u001a\u00020\u00132\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00040\u00152\u0006\u0010\u0016\u001a\u00020\u0004H\u0016J\u0016\u0010\u0017\u001a\u00020\u00182\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00040\u0015H\u0002J\b\u0010\u0019\u001a\u00020\u001aH\u0002J\b\u0010\u001b\u001a\u00020\u001aH\u0002J\u001e\u0010\u001c\u001a\u00020\u00182\u0006\u0010\u0016\u001a\u00020\u00042\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00040\u0015H\u0002J\b\u0010\u001d\u001a\u00020\u001eH\u0002R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000e\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0010\u001a\u00020\u0011X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001f"}, d2 = {"Lno/nav/helse/dusseldorf/oauth2/client/SignedJwtAccessTokenClient;", "Lno/nav/helse/dusseldorf/oauth2/client/AccessTokenClient;", "Lno/nav/helse/dusseldorf/oauth2/client/NimbusAccessTokenClient;", "clientId", "", "privateKeyProvider", "Lno/nav/helse/dusseldorf/oauth2/client/PrivateKeyProvider;", "keyIdProvider", "Lno/nav/helse/dusseldorf/oauth2/client/KeyIdProvider;", "tokenEndpoint", "Ljava/net/URL;", "(Ljava/lang/String;Lno/nav/helse/dusseldorf/oauth2/client/PrivateKeyProvider;Lno/nav/helse/dusseldorf/oauth2/client/KeyIdProvider;Ljava/net/URL;)V", "algorithm", "Lcom/nimbusds/jose/JWSAlgorithm;", "jwsHeader", "Lcom/nimbusds/jose/JWSHeader;", "jwsSigner", "Lcom/nimbusds/jose/JWSSigner;", "getAccessToken", "Lno/nav/helse/dusseldorf/oauth2/client/AccessTokenResponse;", "scopes", "", "onBehalfOf", "getClientCredentialsTokenRequest", "Lcom/nimbusds/oauth2/sdk/TokenRequest;", "getExpirationTime", "Ljava/util/Date;", "getNotBeforeTime", "getOnBehalfOfTokenRequest", "getSignedJwt", "Lcom/nimbusds/jwt/SignedJWT;", "dusseldorf-oauth2-client"})
/* loaded from: input_file:no/nav/helse/dusseldorf/oauth2/client/SignedJwtAccessTokenClient.class */
public final class SignedJwtAccessTokenClient extends NimbusAccessTokenClient implements AccessTokenClient {
    private final JWSSigner jwsSigner;
    private final JWSAlgorithm algorithm;
    private final JWSHeader jwsHeader;
    private final String clientId;
    private final URL tokenEndpoint;

    @Override // no.nav.helse.dusseldorf.oauth2.client.AccessTokenClient
    @NotNull
    public AccessTokenResponse getAccessToken(@NotNull Set<String> set) {
        Intrinsics.checkParameterIsNotNull(set, "scopes");
        return getAccessToken$dusseldorf_oauth2_client(getClientCredentialsTokenRequest(set));
    }

    @Override // no.nav.helse.dusseldorf.oauth2.client.AccessTokenClient
    @NotNull
    public AccessTokenResponse getAccessToken(@NotNull Set<String> set, @NotNull String str) {
        Intrinsics.checkParameterIsNotNull(set, "scopes");
        Intrinsics.checkParameterIsNotNull(str, "onBehalfOf");
        return getAccessToken$dusseldorf_oauth2_client(getOnBehalfOfTokenRequest(str, set));
    }

    private final TokenRequest getClientCredentialsTokenRequest(Set<String> set) {
        return new TokenRequest(this.tokenEndpoint.toURI(), new PrivateKeyJWT(getSignedJwt()), new ClientCredentialsGrant(), getScope$dusseldorf_oauth2_client(set));
    }

    private final TokenRequest getOnBehalfOfTokenRequest(String str, Set<String> set) {
        return new TokenRequest(this.tokenEndpoint.toURI(), new PrivateKeyJWT(getSignedJwt()), new JWTBearerGrant(SignedJWT.parse(str)), getScope$dusseldorf_oauth2_client(set), (List) null, NimbusAccessTokenClientKt.getOnBehalfOfParameters());
    }

    private final SignedJWT getSignedJwt() {
        SignedJWT signedJWT = new SignedJWT(this.jwsHeader, new JWTClaimsSet.Builder().audience(this.tokenEndpoint.toString()).subject(this.clientId).issuer(this.clientId).jwtID(UUID.randomUUID().toString()).notBeforeTime(getNotBeforeTime()).expirationTime(getExpirationTime()).build());
        signedJWT.sign(this.jwsSigner);
        return signedJWT;
    }

    private final Date getNotBeforeTime() {
        Date from = Date.from(LocalDateTime.now(Clock.systemUTC()).toInstant(ZoneOffset.UTC));
        Intrinsics.checkExpressionValueIsNotNull(from, "Date.from(now.toInstant(ZoneOffset.UTC))");
        return from;
    }

    private final Date getExpirationTime() {
        Date from = Date.from(LocalDateTime.now(Clock.systemUTC()).plusSeconds(10L).toInstant(ZoneOffset.UTC));
        Intrinsics.checkExpressionValueIsNotNull(from, "Date.from(exp.toInstant(ZoneOffset.UTC))");
        return from;
    }

    public SignedJwtAccessTokenClient(@NotNull String str, @NotNull PrivateKeyProvider privateKeyProvider, @NotNull KeyIdProvider keyIdProvider, @NotNull URL url) {
        Intrinsics.checkParameterIsNotNull(str, "clientId");
        Intrinsics.checkParameterIsNotNull(privateKeyProvider, "privateKeyProvider");
        Intrinsics.checkParameterIsNotNull(keyIdProvider, "keyIdProvider");
        Intrinsics.checkParameterIsNotNull(url, "tokenEndpoint");
        this.clientId = str;
        this.tokenEndpoint = url;
        JWSAlgorithm jWSAlgorithm = JWSAlgorithm.RS256;
        Intrinsics.checkExpressionValueIsNotNull(jWSAlgorithm, "JWSAlgorithm.RS256");
        this.algorithm = jWSAlgorithm;
        this.jwsSigner = new RSASSASigner(privateKeyProvider.getPrivateKey());
        JWSHeader build = new JWSHeader.Builder(this.algorithm).keyID(keyIdProvider.getKeyId()).type(JOSEObjectType.JWT).build();
        Intrinsics.checkExpressionValueIsNotNull(build, "JWSHeader.Builder(algori…\n                .build()");
        this.jwsHeader = build;
    }
}
