package jn;

import android.content.Context;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import c.a;
import com.google.gson.Gson;
import com.locuslabs.sdk.llprivate.ConstantsKt;
import com.pingidentity.pingidsdkv2.communication.beans.PairingResponse;
import com.pingidentity.pingidsdkv2.communication.beans.Request;
import com.pingidentity.pingidsdkv2.communication.beans.UpdatePublicKeyRequest;
import cq.d;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Objects;
import mq.c;
import mq.e;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.h;
import org.jose4j.lang.JoseException;

/* compiled from: JwtHelper.java */
/* loaded from: classes6.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    private static final c f30826a = e.k(a.class);

    public static String a(Context context, @NonNull UpdatePublicKeyRequest updatePublicKeyRequest, PrivateKey privateKey) throws JoseException {
        c cVar = f30826a;
        cVar.info("flow=[KEY_ROTATION] message=\"creating and signing JWT verification for UpdatePublicKey request\"");
        UpdatePublicKeyRequest updatePublicKeyRequest2 = new UpdatePublicKeyRequest(context);
        updatePublicKeyRequest2.encPublicKey = updatePublicKeyRequest.encPublicKey;
        updatePublicKeyRequest2.encPublicKeyChallenge = updatePublicKeyRequest.encPublicKeyChallenge;
        updatePublicKeyRequest2.publicKeyAlg = updatePublicKeyRequest.publicKeyAlg;
        updatePublicKeyRequest2.publicKey = updatePublicKeyRequest.publicKey;
        updatePublicKeyRequest2.publicKeyId = updatePublicKeyRequest.publicKeyId;
        updatePublicKeyRequest2.setKid(updatePublicKeyRequest.publicKeyId);
        d dVar = new d();
        dVar.u("typ", "JWT");
        a.C0074a c0074a = c.a.I;
        dVar.q(c0074a.getInstance(context).j() == null ? "RS256" : "ES256");
        dVar.u("dvc", c0074a.getInstance(context).v());
        dVar.u("kid", updatePublicKeyRequest.publicKeyId);
        dVar.L(updatePublicKeyRequest2.toJsonString());
        if (e()) {
            cVar.warn("flow=[KEY_ROTATION] message=\"replacing the SC provider with workaround\"");
            wp.a aVar = new wp.a();
            aVar.c().i("AndroidKeyStoreBCWorkaround");
            dVar.y(aVar);
        }
        dVar.w(privateKey);
        return dVar.C();
    }

    public static String b(Context context, String str) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidJwtException {
        c cVar = f30826a;
        cVar.debug("flow=[JWT_VERIFICATION] message=\"verifying signed JWT\"");
        String C = c.a.I.getInstance(context).C();
        if (C == null) {
            C = ((PairingResponse) new Gson().fromJson(new String(Base64.decode(str.substring(str.indexOf(ConstantsKt.PROPERTY_ACCESSOR) + 1, str.lastIndexOf(ConstantsKt.PROPERTY_ACCESSOR)), 8), StandardCharsets.UTF_8), PairingResponse.class)).getServerPublicKey();
            if (C == null) {
                cVar.error("flow=[JWT_VERIFICATION] message=\"unable to verify JWT\"");
                return new String(Base64.decode(str.substring(str.indexOf(ConstantsKt.PROPERTY_ACCESSOR) + 1, str.lastIndexOf(ConstantsKt.PROPERTY_ACCESSOR)), 8), StandardCharsets.UTF_8);
            }
        }
        new h().c(KeyFactory.getInstance(RsaJsonWebKey.KEY_TYPE).generatePublic(new X509EncodedKeySpec(Base64.decode(C, 2)))).b(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.PERMIT, "RS256")).a().d(str);
        cVar.debug("flow=[JWT_VERIFICATION] message=\"signed JWT verified\"");
        return new String(Base64.decode(str.substring(str.indexOf(ConstantsKt.PROPERTY_ACCESSOR) + 1, str.lastIndexOf(ConstantsKt.PROPERTY_ACCESSOR)), 8), StandardCharsets.UTF_8);
    }

    public static String c(Context context, @Nullable String str, @Nullable Request request) throws JoseException {
        a.C0074a c0074a = c.a.I;
        if (c0074a.getInstance(context).C() == null) {
            c0074a.getInstance(context).F();
            if (request == null) {
                d dVar = new d();
                dVar.u("typ", "JWT");
                dVar.q("none");
                dVar.p(AlgorithmConstraints.f37845c);
                dVar.L(str);
                return dVar.C();
            }
            String jsonString = request.toJsonString();
            d dVar2 = new d();
            dVar2.u("typ", "JWT");
            dVar2.q("none");
            dVar2.p(AlgorithmConstraints.f37845c);
            dVar2.L(jsonString);
            return dVar2.C();
        }
        String str2 = c0074a.getInstance(context).j() == null ? "RS256" : "ES256";
        String v10 = c0074a.getInstance(context).v();
        d dVar3 = new d();
        dVar3.u("typ", "JWT");
        dVar3.q(str2);
        if (e()) {
            f30826a.warn("flow=[JWT_VERIFICATION] message=\"replacing the SC provider with workaround\"");
            wp.a aVar = new wp.a();
            aVar.c().i("AndroidKeyStoreBCWorkaround");
            dVar3.y(aVar);
        }
        String l10 = c0074a.getInstance(context).l();
        if (str2.equalsIgnoreCase("RS256")) {
            dVar3.w(mn.a.l(context));
        } else {
            dVar3.w(mn.a.b(context));
        }
        if (Objects.equals(l10, v10)) {
            dVar3.x(v10);
        } else {
            dVar3.u("dvc", v10);
            dVar3.x(l10);
            if (request != null) {
                request.setKid(l10);
            }
        }
        if (request != null) {
            str = request.toJsonString();
        }
        dVar3.L(str);
        return dVar3.C();
    }

    public static String d(String str) throws JoseException {
        c cVar = f30826a;
        cVar.info("flow=[CONVERGENCE] message=\"creating and signing JWT from SDKMigration request\"");
        d dVar = new d();
        dVar.u("typ", "JWT");
        dVar.q("RS256");
        dVar.L(str);
        if (e()) {
            cVar.warn("flow=[CONVERGENCE] message=\"replacing the SC provider with workaround\"");
            wp.a aVar = new wp.a();
            aVar.c().i("AndroidKeyStoreBCWorkaround");
            dVar.y(aVar);
        }
        dVar.w(mn.a.k());
        return dVar.C();
    }

    private static boolean e() {
        if (Security.getProvider("SC") == null) {
            f30826a.debug("flow=[JWT_VERIFICATION] message=\"no SC provider found\"");
            return false;
        }
        f30826a.warn("flow=[JWT_VERIFICATION] message=\"SC provider found\"");
        for (Provider provider : Security.getProviders()) {
            if (Objects.equals(provider.getName(), "SC")) {
                f30826a.warn("flow=[JWT_VERIFICATION] message=\"SC provider overrides native provider\"");
                return true;
            }
            if (Objects.equals(provider.getName(), "AndroidKeyStoreBCWorkaround")) {
                f30826a.debug("flow=[JWT_VERIFICATION] message=\"SC provider is on low priority\"");
                return false;
            }
        }
        f30826a.warn("flow=[JWT_VERIFICATION] message=\"no AndroidKeyStoreBCWorkaround provider found\"");
        return false;
    }

    public static String f(String str) {
        return new String(Base64.decode(str.substring(str.indexOf(ConstantsKt.PROPERTY_ACCESSOR) + 1, str.lastIndexOf(ConstantsKt.PROPERTY_ACCESSOR)), 8), StandardCharsets.UTF_8);
    }
}
