package org.forgerock.openam.sts.rest.token.provider.oidc;

import java.util.Map;
import java.util.Set;
import org.forgerock.json.JsonValue;
import org.forgerock.openam.sts.TokenCreationException;
import org.forgerock.openam.sts.rest.token.provider.RestTokenProviderBase;
import org.forgerock.openam.sts.rest.token.provider.RestTokenProviderParameters;
import org.forgerock.openam.sts.token.ThreadLocalAMTokenCache;
import org.forgerock.openam.sts.token.provider.AMSessionInvalidator;
import org.forgerock.openam.sts.token.provider.TokenServiceConsumer;
import org.forgerock.openam.sts.token.validator.ValidationInvocationContext;
import org.slf4j.Logger;

/* loaded from: input_file:org/forgerock/openam/sts/rest/token/provider/oidc/RestOpenIdConnectTokenProvider.class */
public class RestOpenIdConnectTokenProvider extends RestTokenProviderBase<OpenIdConnectTokenCreationState> {
    private final OpenIdConnectTokenAuthnContextMapper authnContextMapper;
    private final OpenIdConnectTokenAuthMethodReferencesMapper authModeReferencesMapper;

    public RestOpenIdConnectTokenProvider(TokenServiceConsumer tokenServiceConsumer, AMSessionInvalidator aMSessionInvalidator, ThreadLocalAMTokenCache threadLocalAMTokenCache, String str, String str2, OpenIdConnectTokenAuthnContextMapper openIdConnectTokenAuthnContextMapper, OpenIdConnectTokenAuthMethodReferencesMapper openIdConnectTokenAuthMethodReferencesMapper, ValidationInvocationContext validationInvocationContext, Logger logger) {
        super(tokenServiceConsumer, aMSessionInvalidator, threadLocalAMTokenCache, str, str2, validationInvocationContext, logger);
        this.authnContextMapper = openIdConnectTokenAuthnContextMapper;
        this.authModeReferencesMapper = openIdConnectTokenAuthMethodReferencesMapper;
    }

    @Override // org.forgerock.openam.sts.rest.token.provider.RestTokenProvider
    public JsonValue createToken(RestTokenProviderParameters<OpenIdConnectTokenCreationState> restTokenProviderParameters) throws TokenCreationException {
        try {
            OpenIdConnectTokenCreationState tokenCreationState = restTokenProviderParameters.getTokenCreationState();
            return JsonValue.json(JsonValue.object(new Map.Entry[]{JsonValue.field("issued_token", getAssertion(this.authnContextMapper.getAuthnContextClassReference(restTokenProviderParameters.getInputTokenType(), restTokenProviderParameters.getInputToken()), this.authModeReferencesMapper.getAuthnMethodsReferences(restTokenProviderParameters.getInputTokenType(), restTokenProviderParameters.getInputToken()), tokenCreationState.getAuthenticationTimeInSeconds(), tokenCreationState.getNonce()))}));
        } finally {
            try {
                this.amSessionInvalidator.invalidateAMSessions(this.threadLocalAMTokenCache.getToBeInvalidatedAMSessionIds());
            } catch (Exception e) {
                this.logger.warn("Exception caught invalidating interim AMSession following OpenIdConnect token creation: " + e, e);
            }
        }
    }

    private String getAssertion(String str, Set<String> set, long j, String str2) throws TokenCreationException {
        return this.tokenServiceConsumer.getOpenIdConnectToken(this.threadLocalAMTokenCache.getSessionIdForContext(this.validationInvocationContext), this.stsInstanceId, this.realm, str, set, j, str2, getAdminToken());
    }
}
