package com.idsmanager.oidc.p12;

import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import org.jose4j.base64url.internal.apache.commons.codec.binary.Base64;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.jose4j.lang.JoseException;

/* loaded from: classes.dex */
public class P12IdTokenGenerator {
    public static final String DEFAULT_AUDIENCE = "IDS_AUDIENCE";
    public static final String DEFAULT_SUBJECT = "IDS_Subject";
    public static final long DEFAULT_TOKEN_SECONDS = 600;
    private Map<String, Object> map;
    private PrivateKey privateKey;
    private String privateKeyAsString;

    public P12IdTokenGenerator(String str, Map<String, Object> map) {
        this.map = new HashMap();
        this.privateKeyAsString = str;
        this.map = map;
    }

    public P12IdTokenGenerator(PrivateKey privateKey, Map<String, Object> map) {
        this.map = new HashMap();
        this.privateKey = privateKey;
        this.map = map;
    }

    protected JsonWebSignature createJsonWebSignature() {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setAlgorithmHeaderValue("RS256");
        return jsonWebSignature;
    }

    public String generate() {
        return getIdToken(getJsonWebSignature(getJwtClaims()));
    }

    protected String getAudience() {
        return DEFAULT_AUDIENCE;
    }

    protected String getIdToken(JsonWebSignature jsonWebSignature) {
        return jsonWebSignature.getCompactSerialization();
    }

    protected long getIdTokenSeconds() {
        return 600L;
    }

    protected JsonWebSignature getJsonWebSignature(JwtClaims jwtClaims) {
        JsonWebSignature createJsonWebSignature = createJsonWebSignature();
        setJsonWebSignaturePayload(jwtClaims, createJsonWebSignature);
        setJsonWebSignaturePrivateKey(createJsonWebSignature);
        return createJsonWebSignature;
    }

    protected JwtClaims getJwtClaims() {
        JwtClaims jwtClaims = new JwtClaims();
        setIdTokenExpirationTime(jwtClaims);
        setAudience(jwtClaims);
        setSubject(jwtClaims);
        jwtClaims.setGeneratedJwtId();
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setNotBeforeMinutesInThePast(1.0f);
        setMoreClaims(jwtClaims);
        setClaimsMap(jwtClaims);
        return jwtClaims;
    }

    protected String getSubject() {
        return "IDS_Subject";
    }

    protected void setAudience(JwtClaims jwtClaims) {
        jwtClaims.setAudience(getAudience());
    }

    protected void setClaimsMap(JwtClaims jwtClaims) {
        if (this.map != null) {
            for (String str : this.map.keySet()) {
                jwtClaims.setClaim(str, this.map.get(str));
            }
        }
    }

    protected void setIdTokenExpirationTime(JwtClaims jwtClaims) {
        NumericDate now = NumericDate.now();
        now.addSeconds(getIdTokenSeconds());
        jwtClaims.setExpirationTime(now);
    }

    protected void setJsonWebSignaturePayload(JwtClaims jwtClaims, JsonWebSignature jsonWebSignature) {
        jsonWebSignature.setPayload(jwtClaims.toJson());
    }

    protected void setJsonWebSignaturePrivateKey(JsonWebSignature jsonWebSignature) {
        if (this.privateKey != null) {
            jsonWebSignature.setKey(this.privateKey);
            return;
        }
        try {
            jsonWebSignature.setKey(KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(this.privateKeyAsString))));
        } catch (Exception e) {
            throw new JoseException("P12 get privateKey failed", e);
        }
    }

    protected void setMoreClaims(JwtClaims jwtClaims) {
    }

    protected void setSubject(JwtClaims jwtClaims) {
        jwtClaims.setSubject(getSubject());
    }
}
