package com.microsoft.walletlibrary.did.sdk.credential.service.protectors;

import com.microsoft.walletlibrary.did.sdk.crypto.keyStore.EncryptedKeyStore;
import com.microsoft.walletlibrary.did.sdk.identifier.models.Identifier;
import com.nimbusds.jose.ActionRequiredForJWSCompletionException;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.Ed25519Signer;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory;
import com.nimbusds.jose.crypto.impl.ECDSAProvider;
import com.nimbusds.jose.crypto.impl.EdDSAProvider;
import com.nimbusds.jose.crypto.impl.MACProvider;
import com.nimbusds.jose.crypto.impl.RSASSAProvider;
import com.nimbusds.jose.jca.JCAContext;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKException;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.OctetKeyPair;
import com.nimbusds.jose.jwk.OctetSequenceKey;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.StandardCharset;
import java.nio.charset.Charset;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.concurrent.atomic.AtomicReference;
import javax.inject.Inject;
import javax.inject.Singleton;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: TokenSigner.kt */
@Singleton
/* loaded from: classes7.dex */
public final class TokenSigner {
    public final EncryptedKeyStore keyStore;

    @Inject
    public TokenSigner(EncryptedKeyStore keyStore) {
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        this.keyStore = keyStore;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v1, types: [java.lang.Object, com.microsoft.walletlibrary.did.sdk.crypto.protocols.jose.jws.JwsToken] */
    /* JADX WARN: Type inference failed for: r4v14, types: [com.nimbusds.jose.crypto.ECDSASigner] */
    /* JADX WARN: Type inference failed for: r4v16, types: [com.nimbusds.jose.crypto.RSASSASigner] */
    /* JADX WARN: Type inference failed for: r4v22, types: [com.nimbusds.jose.crypto.impl.MACProvider] */
    /* JADX WARN: Type inference failed for: r5v16, types: [com.nimbusds.jose.CompletableJWSObjectSigning, java.lang.Object] */
    public final String signWithIdentifier(String str, Identifier identifier) {
        Ed25519Signer ed25519Signer;
        JWSObject.State state;
        Intrinsics.checkNotNullParameter(identifier, "identifier");
        JWSAlgorithm ES256K = JWSAlgorithm.ES256K;
        Intrinsics.checkNotNullExpressionValue(ES256K, "ES256K");
        JWSHeader jWSHeader = new JWSHeader(ES256K, null, null, null, null, null, null, null, null, null, null, true, null, null);
        Charset charset = StandardCharset.UTF_8;
        JWSObject jWSObject = new JWSObject(jWSHeader, new Payload(Base64URL.encode(str.getBytes(charset))));
        ?? obj = new Object();
        obj.jwsObject = jWSObject;
        if (ES256K.name.equals(Algorithm.NONE.name)) {
            throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
        }
        JWSHeader jWSHeader2 = new JWSHeader(ES256K, JOSEObjectType.JWT, null, null, null, null, null, null, null, null, identifier.id + '#' + identifier.signatureKeyReference, true, null, null);
        JWK key = this.keyStore.getKey(identifier.signatureKeyReference);
        obj.jwsObject = new JWSObject(jWSHeader2, obj.jwsObject.payload);
        DefaultJWSSignerFactory defaultJWSSignerFactory = new DefaultJWSSignerFactory();
        JWSAlgorithm jWSAlgorithm = (JWSAlgorithm) obj.jwsObject.header.alg;
        if (!key.isPrivate()) {
            throw new Exception("Expected private JWK but none available");
        }
        KeyUse keyUse = key.use;
        if (keyUse != null && !KeyUse.SIGNATURE.equals(keyUse)) {
            throw new Exception("The JWK use must be sig (signature) or unspecified");
        }
        if (MACProvider.SUPPORTED_ALGORITHMS.contains(jWSAlgorithm)) {
            if (!(key instanceof OctetSequenceKey)) {
                throw JWKException.expectedClass(OctetSequenceKey.class);
            }
            byte[] decode = ((OctetSequenceKey) key).k.decode();
            int length = decode.length * 8;
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            if (length >= 256) {
                linkedHashSet.add(JWSAlgorithm.HS256);
            }
            if (length >= 384) {
                linkedHashSet.add(JWSAlgorithm.HS384);
            }
            if (length >= 512) {
                linkedHashSet.add(JWSAlgorithm.HS512);
            }
            ed25519Signer = new MACProvider(Collections.unmodifiableSet(linkedHashSet), decode);
        } else if (RSASSAProvider.SUPPORTED_ALGORITHMS.contains(jWSAlgorithm)) {
            if (!(key instanceof RSAKey)) {
                throw JWKException.expectedClass(RSAKey.class);
            }
            ed25519Signer = new RSASSASigner((RSAKey) key);
        } else if (ECDSAProvider.SUPPORTED_ALGORITHMS.contains(jWSAlgorithm)) {
            if (!(key instanceof ECKey)) {
                throw JWKException.expectedClass(ECKey.class);
            }
            ed25519Signer = new ECDSASigner((ECKey) key);
        } else {
            if (!EdDSAProvider.SUPPORTED_ALGORITHMS.contains(jWSAlgorithm)) {
                throw new Exception("Unsupported JWS algorithm: " + jWSAlgorithm);
            }
            if (!(key instanceof OctetKeyPair)) {
                throw JWKException.expectedClass(OctetKeyPair.class);
            }
            ed25519Signer = new Ed25519Signer((OctetKeyPair) key);
        }
        JCAContext jCAContext = (JCAContext) ed25519Signer.jcaContext;
        JCAContext jCAContext2 = defaultJWSSignerFactory.jcaContext;
        SecureRandom secureRandom = jCAContext2.randomGen;
        if (secureRandom == null) {
            secureRandom = new SecureRandom();
        }
        jCAContext.randomGen = secureRandom;
        jCAContext.provider = jCAContext2.provider;
        JWSObject jWSObject2 = obj.jwsObject;
        synchronized (jWSObject2) {
            if (jWSObject2.state.get() != JWSObject.State.UNSIGNED) {
                throw new IllegalStateException("The JWS object must be in an unsigned state");
            }
            jWSObject2.ensureJWSSignerSupport(ed25519Signer);
            try {
                try {
                    try {
                        jWSObject2.signature = ed25519Signer.sign(jWSObject2.header, jWSObject2.signingInputString.getBytes(charset));
                        AtomicReference<JWSObject.State> atomicReference = jWSObject2.state;
                        state = JWSObject.State.SIGNED;
                        atomicReference.set(state);
                    } catch (ActionRequiredForJWSCompletionException e) {
                        throw new ActionRequiredForJWSCompletionException(e.getMessage(), e.option, new Object());
                    }
                } catch (Exception e2) {
                    throw new Exception(e2.getMessage(), e2);
                }
            } catch (JOSEException e3) {
                throw e3;
            }
        }
        JWSObject jWSObject3 = obj.jwsObject;
        AtomicReference<JWSObject.State> atomicReference2 = jWSObject3.state;
        if (atomicReference2.get() != state && atomicReference2.get() != JWSObject.State.VERIFIED) {
            throw new IllegalStateException("The JWS object must be in a signed or verified state");
        }
        String str2 = jWSObject3.signingInputString + '.' + jWSObject3.signature.value;
        Intrinsics.checkNotNullExpressionValue(str2, "jwsObject.serialize()");
        return str2;
    }
}
