package com.oracle.iot.client.impl.http;

import com.oracle.iot.client.impl.TimeManager;
import com.oracle.iot.client.impl.util.Base64;
import com.oracle.iot.client.trust.TrustedAssetsManager;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;

/* loaded from: classes.dex */
final class HttpCredentials {
    private static final String DEFAULT_MESSAGE_DIGEST_ALGORITHM = "HmacSHA256";
    private static final long EXP_CLAIM_DELTA = 900000;
    private static final Charset UTF_8 = Charset.forName("UTF-8");

    private HttpCredentials() {
    }

    private static String buildClientAssertion(TrustedAssetsManager trustedAssetsManager, boolean z) throws GeneralSecurityException {
        long currentTimeMillis = (TimeManager.currentTimeMillis() + EXP_CLAIM_DELTA) / 1000;
        String endpointId = (z || trustedAssetsManager.isActivated()) ? trustedAssetsManager.getEndpointId() : trustedAssetsManager.getClientId();
        boolean z2 = z || !trustedAssetsManager.isActivated();
        String str = "{\"typ\":\"JWT\",\"alg\":\"" + (z2 ? "HS256" : "RS256") + "\"}";
        StringBuilder sb = new StringBuilder();
        sb.append(Base64.getUrlEncoder().encodeToString(str.getBytes(UTF_8)));
        sb.append(".");
        sb.append(Base64.getUrlEncoder().encodeToString(("{\"iss\":\"" + endpointId + "\", \"sub\":\"" + endpointId + "\", \"aud\":\"oracle/iot/oauth2/token\", \"exp\":" + currentTimeMillis + "}").getBytes(UTF_8)));
        byte[] bytes = sb.toString().getBytes(UTF_8);
        String encodeToString = Base64.getUrlEncoder().encodeToString(z2 ? trustedAssetsManager.signWithSharedSecret(bytes, DEFAULT_MESSAGE_DIGEST_ALGORITHM, null) : trustedAssetsManager.signWithPrivateKey(bytes, "SHA256withRSA"));
        sb.append(".");
        sb.append(encodeToString);
        return sb.toString();
    }

    private static byte[] getAssertionCredentialsPostData(TrustedAssetsManager trustedAssetsManager, boolean z) throws GeneralSecurityException {
        String str = trustedAssetsManager.isActivated() ? "" : "oracle/iot/activation";
        StringBuilder sb = new StringBuilder();
        sb.append("grant_type=client_credentials");
        sb.append("&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer");
        sb.append("&client_assertion=" + buildClientAssertion(trustedAssetsManager, z));
        sb.append("&scope=" + str);
        return sb.toString().getBytes(UTF_8);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] getClientAssertionCredentials(TrustedAssetsManager trustedAssetsManager, boolean z) throws GeneralSecurityException {
        return getAssertionCredentialsPostData(trustedAssetsManager, z);
    }
}
