package com.microsoft.identity.common.java.util;

import ak.c;
import com.google.gson.k;
import com.microsoft.identity.common.java.challengehandlers.IDeviceCertificate;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.exception.ErrorStrings;
import com.microsoft.identity.common.java.logging.Logger;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.security.cert.CertificateEncodingException;
import lombok.NonNull;
import q2.z;

/* loaded from: classes2.dex */
public class JWSBuilder {
    protected static final String JWS_HEADER_ALG = "RS256";
    protected static final long SECONDS_MS = 1000;
    private static final String SIGNING_ALGORITHM = "SHA256withRSA";
    private static final String TAG = "JWSBuilder";

    @SuppressFBWarnings({"URF_UNREAD_FIELD"})
    /* loaded from: classes2.dex */
    public static final class Claims {

        @c("aud")
        private String mAudience;

        @c("iat")
        private long mIssueAt;

        @c("nonce")
        private String mNonce;

        private Claims() {
        }
    }

    @SuppressFBWarnings({"URF_UNREAD_FIELD"})
    /* loaded from: classes2.dex */
    public static final class JwsHeader {

        @c("alg")
        private String mAlgorithm;

        @c("x5c")
        private String[] mCert;

        @c("typ")
        private String mType;

        private JwsHeader() {
        }
    }

    public String encodeUrlSafeString(byte[] bArr) {
        return StringUtil.encodeUrlSafeString(bArr);
    }

    public String generateSignedJWT(@NonNull String str, @NonNull String str2, @NonNull IDeviceCertificate iDeviceCertificate) throws ClientException {
        if (str == null) {
            throw new NullPointerException("nonce is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("audience is marked non-null but is null");
        }
        if (iDeviceCertificate == null) {
            throw new NullPointerException("deviceCert is marked non-null but is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("nonce is an empty string.");
        }
        if (str2.isEmpty()) {
            throw new IllegalArgumentException("audience is an empty string.");
        }
        k kVar = new k();
        Claims claims = new Claims();
        claims.mNonce = str;
        claims.mAudience = str2;
        claims.mIssueAt = getCurrentTimeInSeconds();
        JwsHeader jwsHeader = new JwsHeader();
        jwsHeader.mAlgorithm = "RS256";
        jwsHeader.mType = "JWT";
        try {
            jwsHeader.mCert = new String[1];
            jwsHeader.mCert[0] = StringUtil.base64Encode(iDeviceCertificate.getX509().getEncoded());
            String j3 = kVar.j(jwsHeader);
            String j9 = kVar.j(claims);
            Logger.verbose("JWSBuilder:generateSignedJWT", "Generate client certificate challenge response JWS Header. ");
            String str3 = encodeUrlSafeString(StringUtil.toByteArray(j3)) + "." + encodeUrlSafeString(StringUtil.toByteArray(j9));
            return z.j(str3, ".", encodeUrlSafeString(iDeviceCertificate.sign(SIGNING_ALGORITHM, StringUtil.toByteArray(str3))));
        } catch (CertificateEncodingException e11) {
            throw new ClientException(ErrorStrings.CERTIFICATE_ENCODING_ERROR, "Certificate encoding error", e11);
        }
    }

    public long getCurrentTimeInSeconds() {
        return System.currentTimeMillis() / SECONDS_MS;
    }
}
