package org.springframework.security.oauth2.server.authorization.authentication;

import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.time.temporal.TemporalUnit;
import java.util.Collections;
import java.util.Set;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.JoseHeader;
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/authentication/JwtUtils.class */
final class JwtUtils {
    private JwtUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JoseHeader.Builder headers() {
        return JoseHeader.withAlgorithm(SignatureAlgorithm.RS256);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JwtClaimsSet.Builder accessTokenClaims(RegisteredClient registeredClient, String str, String str2, Set<String> set) {
        Instant now = Instant.now();
        Instant plus = now.plus((TemporalAmount) registeredClient.getTokenSettings().getAccessTokenTimeToLive());
        JwtClaimsSet.Builder builder = JwtClaimsSet.builder();
        if (StringUtils.hasText(str)) {
            builder.issuer(str);
        }
        builder.subject(str2).audience(Collections.singletonList(registeredClient.getClientId())).issuedAt(now).expiresAt(plus).notBefore(now);
        if (!CollectionUtils.isEmpty(set)) {
            builder.claim("scope", set);
        }
        return builder;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JwtClaimsSet.Builder idTokenClaims(RegisteredClient registeredClient, String str, String str2, String str3) {
        Instant now = Instant.now();
        Instant plus = now.plus(30L, (TemporalUnit) ChronoUnit.MINUTES);
        JwtClaimsSet.Builder builder = JwtClaimsSet.builder();
        if (StringUtils.hasText(str)) {
            builder.issuer(str);
        }
        builder.subject(str2).audience(Collections.singletonList(registeredClient.getClientId())).issuedAt(now).expiresAt(plus).claim("azp", registeredClient.getClientId());
        if (StringUtils.hasText(str3)) {
            builder.claim("nonce", str3);
        }
        return builder;
    }
}
