package com.okta.android.auth.networking.client;

import android.text.TextUtils;
import com.okta.android.auth.constants.AndroidId;
import com.okta.android.auth.security.KeyPairManager;
import com.okta.android.auth.util.AuthenticatorKeyType;
import com.okta.android.auth.util.AuthenticatorSdkUtil;
import com.okta.devices.model.MethodType;
import com.okta.lib.android.common.utilities.CalendarUtils;
import com.okta.lib.android.common.utilities.Log;
import com.okta.lib.android.networking.framework.token.JWTToken;
import dagger.Lazy;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Map;
import javax.inject.Inject;

/* loaded from: classes2.dex */
public class SignedJwtGenerator {
    private static final int JWT_EXPIRY_MILLIS = 60000;
    private static final String TAG = "SignedJwtGenerator";
    private final String androidId;
    private final Lazy<AuthenticatorSdkUtil> authenticatorSdkUtilLazy;
    private final KeyPairManager keyPairManager;

    @Inject
    public SignedJwtGenerator(KeyPairManager keyPairManager, @AndroidId String str, Lazy<AuthenticatorSdkUtil> lazy) {
        this.keyPairManager = keyPairManager;
        this.androidId = str;
        this.authenticatorSdkUtilLazy = lazy;
    }

    private PrivateKey getUserPrivateKey(String str, String str2) throws GeneralSecurityException {
        PrivateKey userPrivateKey = this.keyPairManager.getUserPrivateKey(str2);
        if (userPrivateKey != null) {
            return userPrivateKey;
        }
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        return this.authenticatorSdkUtilLazy.get().getPrivateKeyByUserId(str, MethodType.PUSH, AuthenticatorKeyType.PROOF_OF_POSSESSION);
    }

    private void setExtraClaims(JwtBuilder jwtBuilder, String str, Map<String, Object> map) {
        jwtBuilder.claim("tx", str);
        if (map == null) {
            return;
        }
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            jwtBuilder.claim(entry.getKey(), entry.getValue());
        }
    }

    private void setJWTHeaders(JwtBuilder jwtBuilder, String str, String str2, String str3) {
        jwtBuilder.setIssuer(str);
        jwtBuilder.setAudience(str3);
        jwtBuilder.setId(this.androidId);
        jwtBuilder.setSubject(str2);
    }

    private void setTimeClaims(JwtBuilder jwtBuilder) {
        long currentTimeMillis = System.currentTimeMillis();
        long j = currentTimeMillis + CalendarUtils.ONE_MIN_IN_MILLIS;
        long j2 = currentTimeMillis - CalendarUtils.ONE_MIN_IN_MILLIS;
        jwtBuilder.setExpiration(new Date(j));
        jwtBuilder.setIssuedAt(new Date(currentTimeMillis));
        jwtBuilder.setNotBefore(new Date(j2));
    }

    public JWTToken generateSignedJwt(String str, String str2, String str3, String str4, String str5, Map<String, Object> map) {
        JwtBuilder builder = Jwts.builder();
        try {
            if (TextUtils.isEmpty(str)) {
                Log.e(TAG, "Domain is empty");
                return null;
            }
            PrivateKey userPrivateKey = getUserPrivateKey(str5, str2);
            if (userPrivateKey == null) {
                Log.e(TAG, "unable to find private key when signing JWT");
                return null;
            }
            setJWTHeaders(builder, str3, str5, str);
            setTimeClaims(builder);
            setExtraClaims(builder, str4, map);
            builder.signWith(userPrivateKey);
            String replace = builder.compact().replace("\n", "").replace("\r", "");
            Log.i(TAG, "Successfully made jwt token");
            return new JWTToken(replace);
        } catch (GeneralSecurityException e) {
            Log.e(TAG, "Error making JWT", e);
            return null;
        }
    }
}
