package com.yoti.mobile.android.remote.authentication;

import android.util.Base64;
import com.google.android.gms.measurement.api.AppMeasurementSdk;
import com.yoti.mobile.android.remote.model.IbvAuthenticationData;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.UUID;
import jw.c;
import kotlin.collections.o;
import kotlin.jvm.internal.t;
import mt.d;
import ps.k0;

/* loaded from: classes4.dex */
public final class TokenProvider {
    private final IbvAuthenticationData authenticationData;
    private final KeyChainManager keyChainManager;

    public TokenProvider(IbvAuthenticationData authenticationData, KeyChainManager keyChainManager) {
        t.g(authenticationData, "authenticationData");
        t.g(keyChainManager, "keyChainManager");
        this.authenticationData = authenticationData;
        this.keyChainManager = keyChainManager;
    }

    private final String generatePayload(String str, NetworkRequest networkRequest) {
        String uuid = UUID.randomUUID().toString();
        t.f(uuid, "randomUUID().toString()");
        int currentTimeMillis = (int) (System.currentTimeMillis() / 1000);
        c cVar = new c();
        cVar.put("aud", "api.yoti.com");
        cVar.put("jti", uuid);
        cVar.put("iat", Integer.valueOf(currentTimeMillis));
        cVar.put("exp", Integer.valueOf(currentTimeMillis + 300));
        c cVar2 = new c();
        cVar2.put("po_fad_code", str);
        c cVar3 = new c();
        cVar3.put("alg", "SHA-256");
        cVar3.put(AppMeasurementSdk.ConditionalUserProperty.VALUE, hashRequest("SHA-256", networkRequest.getMethod(), networkRequest.getPath(), networkRequest.getQuery(), networkRequest.getBody()));
        k0 k0Var = k0.f52011a;
        cVar2.put("digest", cVar3);
        cVar.put("yoti", cVar2);
        String a10 = cVar.a();
        t.f(a10, "JSONObject().apply {\n   …\n        }.toJSONString()");
        return a10;
    }

    private final String hashRequest(String str, String str2, String str3, String str4, byte[] bArr) {
        byte[] z10;
        byte[] z11;
        byte[] z12;
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        t.f(messageDigest, "getInstance(alg)");
        if (bArr == null) {
            bArr = new byte[0];
        }
        Charset charset = d.f47928b;
        byte[] bytes = str2.getBytes(charset);
        t.f(bytes, "this as java.lang.String).getBytes(charset)");
        byte[] bytes2 = str3.getBytes(charset);
        t.f(bytes2, "this as java.lang.String).getBytes(charset)");
        z10 = o.z(bytes, bytes2);
        byte[] bytes3 = str4.getBytes(charset);
        t.f(bytes3, "this as java.lang.String).getBytes(charset)");
        z11 = o.z(z10, bytes3);
        z12 = o.z(z11, bArr);
        String encodeToString = Base64.encodeToString(messageDigest.digest(z12), 2);
        t.f(encodeToString, "encodeToString(hash, Base64.NO_WRAP)");
        return encodeToString;
    }

    public final String generateToken(NetworkRequest networkRequest) {
        t.g(networkRequest, "networkRequest");
        X509Certificate[] certificateChain = this.keyChainManager.getCertificateChain(this.authenticationData.getKeyAlias());
        PrivateKey privateKey = this.keyChainManager.getPrivateKey(this.authenticationData.getKeyAlias());
        if (certificateChain == null) {
            throw new IllegalArgumentException("Required value was null.".toString());
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("Required value was null.".toString());
        }
        if (!(certificateChain.length >= 2)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        pw.d dVar = new pw.d();
        dVar.o(privateKey);
        String encodeToString = Base64.encodeToString(certificateChain[1].getEncoded(), 2);
        String encodeToString2 = Base64.encodeToString(certificateChain[0].getEncoded(), 2);
        dVar.m("alg", "RS256");
        dVar.l("x5c", new String[]{encodeToString2, encodeToString});
        dVar.m("kid", this.authenticationData.getScheme());
        dVar.z(generatePayload(this.authenticationData.getFadCode(), networkRequest));
        String s10 = dVar.s();
        t.f(s10, "jws.compactSerialization");
        return s10;
    }
}
