package com.amazon.identity.kcpsdk.auth;

import android.text.TextUtils;
import android.util.Base64;
import com.amazon.adapt.mpp.jsbridge.model.alipayplugin.v1.AlipayPaymentRequest;
import com.amazon.identity.auth.device.framework.SSODeviceInfo;
import com.amazon.identity.auth.device.framework.Tracer;
import com.amazon.identity.auth.device.utils.KeyFactoryUtils;
import com.amazon.identity.auth.device.utils.MAPLog;
import com.amazon.identity.platform.setting.PlatformSettings;
import com.amazon.whispersync.org.apache.commons.codec.digest.MessageDigestAlgorithms;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class AmazonJwtSigner extends JwtSigner {
    private static final String TAG = AmazonJwtSigner.class.getName();
    private final Object mAmazonKeyStore;
    private final String mExponent;
    private final String mHMAC;
    private final String mModulus;

    public AmazonJwtSigner(Object obj) {
        this.mAmazonKeyStore = obj;
        try {
            byte[] bArr = (byte[]) this.mAmazonKeyStore.getClass().getMethod("getPubkey", new Class[0]).invoke(this.mAmazonKeyStore, new Object[0]);
            if (bArr == null) {
                AmazonJWTHelper.recordErrorMetric("NoKeyAvailable");
                throw new UnsupportedOperationException("AmazonKeyStore returned null public key");
            }
            try {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactoryUtils.getKeyFactoryForAlgorithm(AlipayPaymentRequest.AlipayPaymentInput.SIGN_RSA).generatePublic(new X509EncodedKeySpec(bArr));
                byte[] byteArray = rSAPublicKey.getModulus().toByteArray();
                int length = byteArray.length;
                if (length != 256) {
                    byte[] bArr2 = new byte[256];
                    if (byteArray[0] == 0) {
                        System.arraycopy(byteArray, 1, bArr2, (256 - length) + 1, length - 1);
                    } else {
                        System.arraycopy(byteArray, 0, bArr2, 256 - length, length);
                    }
                    byteArray = bArr2;
                }
                byte[] bArr3 = new byte[32];
                System.arraycopy(bArr, bArr.length - 32, bArr3, 0, 32);
                this.mHMAC = Base64.encodeToString(bArr3, 10);
                this.mModulus = Base64.encodeToString(byteArray, 10);
                this.mExponent = rSAPublicKey.getPublicExponent().toString();
            } catch (Exception e) {
                AmazonJWTHelper.recordErrorMetric(e.getClass().getSimpleName());
                throw new UnsupportedOperationException(e);
            }
        } catch (Exception e2) {
            AmazonJWTHelper.recordErrorMetric(e2.getClass().getSimpleName());
            throw new UnsupportedOperationException(e2);
        }
    }

    public static AmazonJwtSigner getInstanceIfAvailable() {
        try {
            try {
                Object invoke = Class.forName("amazon.security.AmazonKeyStore").getMethod("getAmznInstance", new Class[0]).invoke(null, new Object[0]);
                if (invoke == null) {
                    String str = TAG;
                    AmazonJWTHelper.recordErrorMetric("NoKeyStore");
                    return null;
                }
                try {
                    return new AmazonJwtSigner(invoke);
                } catch (Exception e) {
                    MAPLog.w(TAG, "Failed to construct AmazonJwtSigner", e);
                    return null;
                }
            } catch (Exception e2) {
                AmazonJWTHelper.recordErrorMetric(e2.getClass().getSimpleName());
                MAPLog.w(TAG, "Error getting AmazonKeyStore", e2);
                return null;
            }
        } catch (ClassNotFoundException e3) {
            String str2 = TAG;
            return null;
        }
    }

    public static JwtSigner getSigner(PlatformSettings platformSettings, SSODeviceInfo sSODeviceInfo, Tracer tracer) {
        String settingString = platformSettings.getSettingString("jwt_impl", "tz");
        String str = TAG;
        String str2 = "Found jwt_impl=" + settingString;
        JwtSigner jwtSigner = null;
        if ("tz".equals(settingString) && (jwtSigner = getInstanceIfAvailable()) != null && tracer != null) {
            tracer.incrementCounter("JWT:TrustZone");
        }
        if (jwtSigner == null && !"off".equals(settingString)) {
            String deviceSecret = sSODeviceInfo.getDeviceSecret();
            if (!TextUtils.isEmpty(deviceSecret)) {
                jwtSigner = new HmacJwtSigner(deviceSecret);
                if (tracer != null) {
                    tracer.incrementCounter("JWT:HMAC");
                }
            }
        }
        return jwtSigner;
    }

    @Override // com.amazon.identity.kcpsdk.auth.JwtSigner
    void addHeaderFields(JSONObject jSONObject) throws JSONException {
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("kty", AlipayPaymentRequest.AlipayPaymentInput.SIGN_RSA);
        jSONObject2.put("n", this.mModulus);
        jSONObject2.put("e", this.mExponent);
        jSONObject2.put("mac", this.mHMAC);
        jSONObject.put("alg", "PS256");
        jSONObject.put("jwk", jSONObject2);
    }

    @Override // com.amazon.identity.kcpsdk.auth.JwtSigner
    byte[] sign(byte[] bArr) {
        try {
            try {
                byte[] bArr2 = (byte[]) this.mAmazonKeyStore.getClass().getMethod("sign", byte[].class).invoke(this.mAmazonKeyStore, MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256).digest(bArr));
                if (bArr2 != null) {
                    return bArr2;
                }
                AmazonJWTHelper.recordErrorMetric("NullSignature");
                throw new UnsupportedOperationException("AmazonKeyStore returned null signature");
            } catch (Exception e) {
                AmazonJWTHelper.recordErrorMetric(e.getClass().getSimpleName());
                throw new UnsupportedOperationException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new UnsupportedOperationException(e2);
        }
    }
}
