package de.adorsys.xs2a.adapter.service.ing.internal.api;

import de.adorsys.xs2a.adapter.service.ing.internal.api.model.ApplicationTokenResponse;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;

/* loaded from: input_file:de/adorsys/xs2a/adapter/service/ing/internal/api/ClientAuthenticationFactory.class */
public class ClientAuthenticationFactory {
    private final Signature signature = Signature.getInstance("SHA256withRSA");
    private final MessageDigest digest;
    private final String tppSignatureCertificate;
    private final String keyId;

    public ClientAuthenticationFactory(X509Certificate x509Certificate, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, CertificateEncodingException {
        this.signature.initSign(privateKey);
        this.digest = MessageDigest.getInstance("SHA-256");
        this.tppSignatureCertificate = base64(x509Certificate.getEncoded());
        this.keyId = keyId(x509Certificate);
    }

    private String keyId(X509Certificate x509Certificate) {
        return "SN=" + x509Certificate.getSerialNumber().toString(16) + ",CA=" + issuerNameRfc2253(x509Certificate);
    }

    private String issuerNameRfc2253(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().getName("RFC2253");
    }

    private String base64(byte[] bArr) {
        return Base64.getEncoder().encodeToString(bArr);
    }

    public ClientAuthentication newClientAuthenticationForApplicationToken() {
        return new ClientAuthentication(this.signature, this.digest, this.tppSignatureCertificate, this.keyId, null);
    }

    public ClientAuthentication newClientAuthentication(ApplicationTokenResponse applicationTokenResponse) {
        return new ClientAuthentication(this.signature, this.digest, this.tppSignatureCertificate, applicationTokenResponse.getClientId(), applicationTokenResponse.getAccessToken());
    }

    public ClientAuthentication newClientAuthentication(ApplicationTokenResponse applicationTokenResponse, String str) {
        return new ClientAuthentication(this.signature, this.digest, this.tppSignatureCertificate, applicationTokenResponse.getClientId(), str);
    }
}
