package lv.euso.mobileeid.util;

import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultJwtBuilder;
import io.jsonwebtoken.impl.crypto.JwtSigner;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECParameterSpec;
import java.util.Collections;
import java.util.Date;

/* loaded from: classes3.dex */
public class InjectedSignatureTokenBuilder extends DefaultJwtBuilder implements JwtSigner {
    private static final Charset US_ASCII = Charset.forName("US-ASCII");
    private SignatureAlgorithm alg;
    private byte[] digest;
    private String jwtWithoutSignature;

    /* loaded from: classes3.dex */
    public static abstract class TokenKey implements PrivateKey {
        private static final long serialVersionUID = -4660340937401539355L;
        protected Certificate certificate;

        /* loaded from: classes3.dex */
        static class TokenECKey extends TokenKey implements ECKey {
            private static final long serialVersionUID = -1355135121091524029L;

            TokenECKey(Certificate certificate) {
                super(certificate);
            }

            @Override // java.security.interfaces.ECKey
            public ECParameterSpec getParams() {
                return ((ECPublicKey) getPublicKey()).getParams();
            }
        }

        /* loaded from: classes3.dex */
        static class TokenRSAKey extends TokenKey implements RSAKey {
            private static final long serialVersionUID = -3610398136096980297L;

            TokenRSAKey(Certificate certificate) {
                super(certificate);
            }

            @Override // java.security.interfaces.RSAKey
            public BigInteger getModulus() {
                return ((RSAPublicKey) getPublicKey()).getModulus();
            }
        }

        protected TokenKey(Certificate certificate) {
            this.certificate = certificate;
        }

        public static TokenKey getInstace(Certificate certificate) {
            PublicKey publicKey = certificate.getPublicKey();
            if (publicKey instanceof RSAPublicKey) {
                return new TokenRSAKey(certificate);
            }
            if (publicKey instanceof ECPublicKey) {
                return new TokenECKey(certificate);
            }
            return null;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return getPublicKey().getAlgorithm();
        }

        Certificate getCertificate() {
            return this.certificate;
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return null;
        }

        @Override // java.security.Key
        public String getFormat() {
            return null;
        }

        PublicKey getPublicKey() {
            return this.certificate.getPublicKey();
        }
    }

    @Override // io.jsonwebtoken.impl.DefaultJwtBuilder, io.jsonwebtoken.JwtBuilder
    public InjectedSignatureTokenBuilder claim(String str, Object obj) {
        return (InjectedSignatureTokenBuilder) super.claim(str, obj);
    }

    @Override // io.jsonwebtoken.impl.DefaultJwtBuilder
    protected JwtSigner createSigner(SignatureAlgorithm signatureAlgorithm, Key key) {
        this.alg = signatureAlgorithm;
        return this;
    }

    public String finalizeSign(byte[] bArr) {
        return this.jwtWithoutSignature + JwtParser.SEPARATOR_CHAR + ByteUtil.toBase64URLString(bArr);
    }

    public byte[] initSign(TokenKey tokenKey) throws CertificateEncodingException {
        return initSign(tokenKey, true);
    }

    public byte[] initSign(TokenKey tokenKey, boolean z) throws CertificateEncodingException {
        Certificate certificate = tokenKey.getCertificate();
        if (z) {
            super.setHeaderParam(JwsHeader.X509_CERT_CHAIN, (Object) Collections.singletonList(ByteUtil.toBase64URLString(certificate.getEncoded())));
        }
        super.signWith(tokenKey).compact();
        return this.digest;
    }

    @Override // io.jsonwebtoken.impl.DefaultJwtBuilder, io.jsonwebtoken.JwtBuilder, io.jsonwebtoken.ClaimsMutator
    public JwtBuilder setExpiration(Date date) {
        return (InjectedSignatureTokenBuilder) super.setExpiration(date);
    }

    @Override // io.jsonwebtoken.impl.DefaultJwtBuilder, io.jsonwebtoken.JwtBuilder
    public InjectedSignatureTokenBuilder setHeaderParam(String str, Object obj) {
        return (InjectedSignatureTokenBuilder) super.setHeaderParam(str, obj);
    }

    @Override // io.jsonwebtoken.impl.DefaultJwtBuilder, io.jsonwebtoken.JwtBuilder, io.jsonwebtoken.ClaimsMutator
    public JwtBuilder setId(String str) {
        return (InjectedSignatureTokenBuilder) super.setId(str);
    }

    @Override // io.jsonwebtoken.impl.DefaultJwtBuilder, io.jsonwebtoken.JwtBuilder, io.jsonwebtoken.ClaimsMutator
    public JwtBuilder setIssuedAt(Date date) {
        return (InjectedSignatureTokenBuilder) super.setIssuedAt(date);
    }

    @Override // io.jsonwebtoken.impl.DefaultJwtBuilder, io.jsonwebtoken.JwtBuilder, io.jsonwebtoken.ClaimsMutator
    public JwtBuilder setIssuer(String str) {
        return (InjectedSignatureTokenBuilder) super.setIssuer(str);
    }

    @Override // io.jsonwebtoken.impl.crypto.JwtSigner
    public String sign(String str) {
        try {
            byte[] digest = MessageDigest.getInstance(this.alg.getJcaName().substring(0, this.alg.getJcaName().indexOf(JsonPOJOBuilder.DEFAULT_WITH_PREFIX))).digest(str.getBytes(US_ASCII));
            this.jwtWithoutSignature = str;
            this.digest = digest;
            return "";
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
