package no.buypass.api.code.authentication.client;

import com.google.common.base.Preconditions;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import net.oauth.jsontoken.JsonToken;
import net.oauth.jsontoken.SystemClock;
import net.oauth.jsontoken.crypto.RsaSHA256Signer;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/buypass/api/code/authentication/client/TokenFactory.class */
final class TokenFactory {
    private static final Logger LOG = LoggerFactory.getLogger(TokenFactory.class);
    private static final String AUDIENCE = "https://api.buypass.no";
    private final X509Certificate certificate;
    private final RSAPrivateKey privateKey;
    private final String issuer;

    public TokenFactory(X509Certificate x509Certificate, RSAPrivateKey rSAPrivateKey, String str) {
        this.certificate = (X509Certificate) Preconditions.checkNotNull(x509Certificate, "X509Certificate is cannot be null");
        this.privateKey = (RSAPrivateKey) Preconditions.checkNotNull(rSAPrivateKey, "RSAPrivateKey cannot be null");
        this.issuer = (String) Preconditions.checkNotNull(str, "Issuer cannot be null");
    }

    public String createSignedToken() {
        try {
            return createJsonWebToken(this.certificate, this.privateKey, AUDIENCE, this.issuer).serializeAndSign();
        } catch (SignatureException e) {
            throw new IllegalStateException("Failed to sign token", e);
        }
    }

    private JsonToken createJsonWebToken(X509Certificate x509Certificate, RSAPrivateKey rSAPrivateKey, String str, String str2) {
        try {
            RsaSHA256Signer rsaSHA256Signer = new RsaSHA256Signer(str2, null, rSAPrivateKey);
            SystemClock systemClock = new SystemClock();
            JsonToken jsonToken = new JsonToken(rsaSHA256Signer, systemClock);
            jsonToken.getHeader().addProperty("x5t", getThumbPrintSha1(x509Certificate));
            jsonToken.setIssuedAt(systemClock.now());
            jsonToken.setExpiration(systemClock.now().plus(Duration.standardHours(1L)));
            jsonToken.setAudience(str);
            return jsonToken;
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("Illegal Key", e);
        }
    }

    private String getThumbPrintSha1(X509Certificate x509Certificate) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(x509Certificate.getEncoded());
            return Base64.encodeBase64URLSafeString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            LOG.error("SHA-1 algorithm not available.  Fatal (should be in the JDK).", (Throwable) e);
            throw new IllegalStateException("SHA-1 algorithm not available.  Fatal (should be in the JDK).");
        } catch (CertificateEncodingException e2) {
            LOG.error("Certificate encoding error", (Throwable) e2);
            throw new IllegalStateException(e2.getMessage());
        }
    }
}
