package org.forgerock.openidconnect;

import java.util.AbstractMap;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.forgerock.oauth2.core.AccessToken;
import org.forgerock.oauth2.core.OAuth2Request;
import org.forgerock.oauth2.core.ResourceOwnerSessionValidator;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.OAuth2Exception;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidconnect/OpenIDTokenIssuer.class */
public class OpenIDTokenIssuer {
    private final Logger logger = LoggerFactory.getLogger("OAuth2Provider");
    private final OpenIdConnectTokenStore tokenStore;
    private final ResourceOwnerSessionValidator resourceOwnerSessionValidator;

    @Inject
    public OpenIDTokenIssuer(OpenIdConnectTokenStore openIdConnectTokenStore, ResourceOwnerSessionValidator resourceOwnerSessionValidator) {
        this.tokenStore = openIdConnectTokenStore;
        this.resourceOwnerSessionValidator = resourceOwnerSessionValidator;
    }

    public Map.Entry<String, String> issueToken(AccessToken accessToken, OAuth2Request oAuth2Request) throws ServerException, InvalidClientException, NotFoundException {
        Set<String> scope = accessToken.getScope();
        if (scope == null || !scope.contains("openid")) {
            return null;
        }
        try {
            oAuth2Request.setSession(accessToken.getSessionId());
            return new AbstractMap.SimpleEntry("id_token", this.tokenStore.createOpenIDToken(this.resourceOwnerSessionValidator.validate(oAuth2Request), accessToken.getClientId(), accessToken.getClientId(), accessToken.getNonce(), getOps(accessToken, oAuth2Request), oAuth2Request).getTokenId());
        } catch (OAuth2Exception e) {
            this.logger.error("User must be authenticated to issue ID tokens.", e);
            throw new ServerException("User must be authenticated to issue ID tokens.");
        }
    }

    protected String getOps(AccessToken accessToken, OAuth2Request oAuth2Request) {
        return accessToken.getSessionId();
    }
}
