package org.apache.cxf.rs.security.oidc.idp;

import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oidc/idp/IdTokenCodeResponseFilter.class */
public class IdTokenCodeResponseFilter extends AbstractJwsJweProducer implements AccessTokenResponseFilter {
    private UserInfoProvider userInfoProvider;
    private String issuer;

    public void process(ClientAccessToken clientAccessToken, ServerAccessToken serverAccessToken) {
        IdToken idToken = this.userInfoProvider.getIdToken(serverAccessToken.getClient().getClientId(), serverAccessToken.getSubject(), serverAccessToken.getScopes());
        idToken.setIssuer(this.issuer);
        idToken.setAudience(serverAccessToken.getClient().getClientId());
        String signWith = new JwsJwtCompactProducer(idToken).signWith(getInitializedSigProvider(serverAccessToken.getClient(), true));
        JweEncryptionProvider initializedEncryptionProvider = getInitializedEncryptionProvider(serverAccessToken.getClient(), false);
        if (initializedEncryptionProvider != null) {
            signWith = initializedEncryptionProvider.encrypt(StringUtils.toBytesUTF8(signWith), (JweHeaders) null);
        }
        clientAccessToken.getParameters().put(OidcUtils.ID_TOKEN, signWith);
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
        this.userInfoProvider = userInfoProvider;
    }
}
