package org.apache.cxf.rs.security.oidc.rp.idp;

import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter;
import org.apache.cxf.rs.security.oidc.common.UserToken;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oidc/rp/idp/UserInfoCodeResponseFilter.class */
public class UserInfoCodeResponseFilter implements AccessTokenResponseFilter {
    private JwsSignatureProvider sigProvider;
    private JweEncryptionProvider encryptionProvider;
    private UserInfoProvider userInfoProvider;
    private String issuer;

    public void process(ClientAccessToken clientAccessToken, ServerAccessToken serverAccessToken) {
        UserToken userToken = this.userInfoProvider.getUserToken(serverAccessToken.getClient().getClientId(), serverAccessToken.getSubject(), serverAccessToken.getScopes());
        userToken.setIssuer(this.issuer);
        userToken.setAudience(serverAccessToken.getClient().getClientId());
        String signWith = new JwsJwtCompactProducer(userToken).signWith(getInitializedSigProvider(new JoseHeaders()));
        JweEncryptionProvider initializedEncryptionProvider = getInitializedEncryptionProvider();
        if (initializedEncryptionProvider != null) {
            signWith = initializedEncryptionProvider.encrypt(StringUtils.toBytesUTF8(signWith), (JweHeaders) null);
        }
        clientAccessToken.getParameters().put(OidcUtils.ID_TOKEN, signWith);
    }

    public void setSignatureProvider(JwsSignatureProvider jwsSignatureProvider) {
        this.sigProvider = jwsSignatureProvider;
    }

    protected JwsSignatureProvider getInitializedSigProvider(JoseHeaders joseHeaders) {
        if (this.sigProvider != null) {
            return this.sigProvider;
        }
        JwsSignatureProvider loadSignatureProvider = JwsUtils.loadSignatureProvider(true);
        joseHeaders.setAlgorithm(loadSignatureProvider.getAlgorithm());
        return loadSignatureProvider;
    }

    protected JweEncryptionProvider getInitializedEncryptionProvider() {
        return this.encryptionProvider != null ? this.encryptionProvider : JweUtils.loadEncryptionProvider(false);
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
        this.userInfoProvider = userInfoProvider;
    }
}
