package com.okta.android.security.networking;

import android.text.TextUtils;
import android.util.Log;
import com.okta.android.security.annotation.LocalKeystore;
import com.okta.android.security.annotation.SystemKeystore;
import com.okta.android.security.keys.KeyManager;
import com.okta.android.security.keys.exception.KeyNotFoundException;
import com.okta.android.security.keys.exception.KeystoreLockedException;
import com.okta.android.security.keys.exception.OktaKeystoreException;
import com.okta.android.security.keys.keystore.KeyManagerType;
import com.okta.lib.android.common.utilities.CalendarUtils;
import com.okta.lib.android.common.utilities.Clock;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.inject.Inject;

/* loaded from: classes2.dex */
public class JwtManager {
    public static final int DEFAULT_JWT_EXPIRY_MILLIS = 60000;
    private static final String TAG = "JwtManager";
    private final Clock clock;
    private final KeyManager localKeyManager;
    private final KeyManager systemKeyManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.okta.android.security.networking.JwtManager$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$okta$android$security$keys$keystore$KeyManagerType;

        static {
            int[] iArr = new int[KeyManagerType.values().length];
            $SwitchMap$com$okta$android$security$keys$keystore$KeyManagerType = iArr;
            try {
                iArr[KeyManagerType.SYSTEM.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$okta$android$security$keys$keystore$KeyManagerType[KeyManagerType.LOCAL.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    @Inject
    public JwtManager(@LocalKeystore KeyManager keyManager, @SystemKeystore KeyManager keyManager2, Clock clock) {
        this.localKeyManager = keyManager;
        this.systemKeyManager = keyManager2;
        this.clock = clock;
    }

    private PrivateKey getPrivateKey(String str, KeyManagerType keyManagerType) throws KeyNotFoundException, KeyStoreException, KeystoreLockedException {
        return AnonymousClass1.$SwitchMap$com$okta$android$security$keys$keystore$KeyManagerType[keyManagerType.ordinal()] != 1 ? this.localKeyManager.getKeypair(str).getPrivate() : this.systemKeyManager.getKeypair(str).getPrivate();
    }

    private void setExtraClaims(JwtBuilder jwtBuilder, Map<String, Object> map) {
        if (map == null) {
            Log.d(TAG, "null extra claims given");
            return;
        }
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String str = TAG;
            Log.v(str, "Adding claim with key: " + entry.getKey());
            Log.v(str, "Adding claim with value: " + entry.getValue());
            jwtBuilder.claim(entry.getKey(), entry.getValue());
        }
    }

    private void setJWTHeaders(JwtBuilder jwtBuilder, String str, String str2, String str3) {
        jwtBuilder.setIssuer(str).setAudience(str3).setSubject(str2).setId(UUID.randomUUID().toString());
    }

    @Deprecated
    private void setJWTHeaders(JwtBuilder jwtBuilder, String str, String str2, String str3, String str4) {
        jwtBuilder.setIssuer(str).setAudience(str3).setId(str4).setSubject(str2);
    }

    private void setTimeClaims(JwtBuilder jwtBuilder) {
        long currentTimeMillis = this.clock.currentTimeMillis();
        jwtBuilder.setExpiration(new Date(currentTimeMillis + CalendarUtils.ONE_MIN_IN_MILLIS)).setIssuedAt(new Date(currentTimeMillis)).setNotBefore(new Date(currentTimeMillis - CalendarUtils.ONE_MIN_IN_MILLIS));
    }

    @Deprecated
    public String getSignedJWT(String str, String str2, String str3, String str4, String str5, String str6, Map<String, Object> map) {
        JwtBuilder builder = Jwts.builder();
        try {
            PrivateKey privateKey = this.localKeyManager.getKeypair(str2).getPrivate();
            if (privateKey != null && !TextUtils.isEmpty(str)) {
                setJWTHeaders(builder, str3, str5, str, str6);
                setTimeClaims(builder);
                if (map == null) {
                    map = new HashMap<>();
                }
                map.put("tx", str4);
                setExtraClaims(builder, map);
                builder.signWith(SignatureAlgorithm.RS256, privateKey);
                String replace = builder.compact().replace("\n", "").replace("\r", "");
                Log.i(TAG, "Successfully made jwt token");
                return replace;
            }
            Log.e(TAG, "unable to find private key when signing JWT");
            return null;
        } catch (OktaKeystoreException | GeneralSecurityException e) {
            Log.e(TAG, "Error making JWT", e);
            return null;
        }
    }

    public String getSignedJwt(String str, String str2, KeyManagerType keyManagerType, String str3, String str4, Map<String, Object> map) throws KeystoreLockedException, KeyNotFoundException, KeyStoreException {
        JwtBuilder builder = Jwts.builder();
        PrivateKey privateKey = getPrivateKey(str2, keyManagerType);
        setJWTHeaders(builder, str3, str4, str);
        setTimeClaims(builder);
        setExtraClaims(builder, map);
        builder.signWith(SignatureAlgorithm.RS256, privateKey);
        String replace = builder.compact().replace("\n", "").replace("\r", "");
        Log.d(TAG, "Successfully made jwt: " + replace);
        return replace;
    }
}
