package com.google.crypto.tink.apps.paymentmethodtoken;

import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.apps.paymentmethodtoken.PaymentMethodTokenConstants;
import com.google.crypto.tink.subtle.Base64;
import com.google.crypto.tink.subtle.EcdsaSignJce;
import com.google.crypto.tink.subtle.EllipticCurves;
import java.security.GeneralSecurityException;
import java.security.interfaces.ECPrivateKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:com/google/crypto/tink/apps/paymentmethodtoken/SenderIntermediateCertFactory.class */
public class SenderIntermediateCertFactory {
    private final List<PublicKeySign> signers;
    private final String intermediateSigningKey;
    private final String protocolVersion;
    private final String senderId;
    private final long expiration;

    /* loaded from: input_file:com/google/crypto/tink/apps/paymentmethodtoken/SenderIntermediateCertFactory$Builder.class */
    public static class Builder {
        private String intermediateSigningKey;
        private long expiration;
        private List<ECPrivateKey> senderSigningKeys = new ArrayList();
        private String protocolVersion = PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V2;
        private String senderId = PaymentMethodTokenConstants.GOOGLE_SENDER_ID;

        public Builder protocolVersion(String str) {
            this.protocolVersion = str;
            return this;
        }

        public Builder senderId(String str) {
            this.senderId = str;
            return this;
        }

        public Builder expiration(long j) {
            this.expiration = j;
            return this;
        }

        public Builder addSenderSigningKey(String str) throws GeneralSecurityException {
            return addSenderSigningKey(PaymentMethodTokenUtil.pkcs8EcPrivateKey(str));
        }

        public Builder addSenderSigningKey(ECPrivateKey eCPrivateKey) throws GeneralSecurityException {
            this.senderSigningKeys.add(eCPrivateKey);
            return this;
        }

        public Builder senderIntermediateSigningKey(String str) throws GeneralSecurityException {
            PaymentMethodTokenUtil.x509EcPublicKey(str);
            this.intermediateSigningKey = str;
            return this;
        }

        public SenderIntermediateCertFactory build() throws GeneralSecurityException {
            return new SenderIntermediateCertFactory(this.protocolVersion, this.senderId, this.senderSigningKeys, this.intermediateSigningKey, this.expiration);
        }
    }

    private SenderIntermediateCertFactory(String str, String str2, List<ECPrivateKey> list, String str3, long j) throws GeneralSecurityException {
        if (!PaymentMethodTokenConstants.ProtocolVersionConfig.forProtocolVersion(str).supportsIntermediateSigningKeys) {
            throw new IllegalArgumentException("invalid version: " + str);
        }
        if (list.isEmpty()) {
            throw new IllegalArgumentException("must add at least one sender's signing key using Builder.addSenderSigningKey");
        }
        if (j == 0) {
            throw new IllegalArgumentException("must set expiration using Builder.expiration");
        }
        if (j < 0) {
            throw new IllegalArgumentException("invalid negative expiration");
        }
        this.protocolVersion = str;
        this.senderId = str2;
        this.signers = new ArrayList();
        Iterator<ECPrivateKey> it = list.iterator();
        while (it.hasNext()) {
            this.signers.add(new EcdsaSignJce(it.next(), PaymentMethodTokenConstants.ECDSA_HASH_SHA256, EllipticCurves.EcdsaEncoding.DER));
        }
        this.intermediateSigningKey = str3;
        this.expiration = j;
    }

    public String create() throws GeneralSecurityException {
        try {
            String jSONObject = new JSONObject().put(PaymentMethodTokenConstants.JSON_KEY_VALUE_KEY, this.intermediateSigningKey).put(PaymentMethodTokenConstants.JSON_KEY_EXPIRATION_KEY, Long.toString(this.expiration)).toString();
            byte[] lengthValue = PaymentMethodTokenUtil.toLengthValue(this.senderId, this.protocolVersion, jSONObject);
            JSONArray jSONArray = new JSONArray();
            Iterator<PublicKeySign> it = this.signers.iterator();
            while (it.hasNext()) {
                jSONArray.put(Base64.encode(it.next().sign(lengthValue)));
            }
            return new JSONObject().put(PaymentMethodTokenConstants.JSON_SIGNED_KEY_KEY, jSONObject).put(PaymentMethodTokenConstants.JSON_SIGNATURES_KEY, jSONArray).toString();
        } catch (JSONException e) {
            throw new RuntimeException("Failed to perform JSON encoding", e);
        }
    }
}
