1 files changed, 51 insertions, 0 deletions

diff --git a/app/services/jira_connect/create_asymmetric_jwt_service.rb b/app/services/jira_connect/create_asymmetric_jwt_service.rb
new file mode 100644
index 00000000000..71aba6feddd
--- /dev/null
+++ b/app/services/jira_connect/create_asymmetric_jwt_service.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module JiraConnect
+  class CreateAsymmetricJwtService
+    ARGUMENT_ERROR_MESSAGE = 'jira_connect_installation is not a proxy installation'
+
+    def initialize(jira_connect_installation)
+      raise ArgumentError, ARGUMENT_ERROR_MESSAGE unless jira_connect_installation.proxy?
+
+      @jira_connect_installation = jira_connect_installation
+    end
+
+    def execute
+      JWT.encode(jwt_claims, private_key, 'RS256', jwt_headers)
+    end
+
+    private
+
+    def jwt_claims
+      { aud: aud_claim, iss: iss_claim, qsh: qsh_claim }
+    end
+
+    def aud_claim
+      @jira_connect_installation.audience_url
+    end
+
+    def iss_claim
+      @jira_connect_installation.client_key
+    end
+
+    def qsh_claim
+      Atlassian::Jwt.create_query_string_hash(
+        @jira_connect_installation.audience_installed_event_url,
+        'POST',
+        @jira_connect_installation.audience_url
+      )
+    end
+
+    def private_key
+      @private_key ||= OpenSSL::PKey::RSA.generate(3072)
+    end
+
+    def public_key_storage
+      @public_key_storage ||= JiraConnect::PublicKey.create!(key: private_key.public_key)
+    end
+
+    def jwt_headers
+      { kid: public_key_storage.uuid }
+    end
+  end
+end