package com.microsoft.aad.adal;

import android.util.Base64;
import d.d.f.e;
import d.d.f.z.c;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class JWSBuilder implements IJWSBuilder {
    private static final String JWS_ALGORITHM = "SHA256withRSA";
    private static final String JWS_HEADER_ALG = "RS256";
    private static final long SECONDS_MS = 1000;
    private static final String TAG = "JWSBuilder";

    /* loaded from: classes5.dex */
    class Claims {

        @c("aud")
        protected String mAudience;

        @c("iat")
        protected long mIssueAt;

        @c("nonce")
        protected String mNonce;

        Claims() {
        }
    }

    /* loaded from: classes5.dex */
    class JwsHeader {

        @c("alg")
        protected String mAlgorithm;

        @c("x5c")
        protected String[] mCert;

        @c("typ")
        protected String mType;

        JwsHeader() {
        }
    }

    private static String sign(RSAPrivateKey rSAPrivateKey, byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(JWS_ALGORITHM);
            signature.initSign(rSAPrivateKey);
            signature.update(bArr);
            return StringExtensions.encodeBase64URLSafeString(signature.sign());
        } catch (UnsupportedEncodingException unused) {
            throw new AuthenticationException(ADALError.ENCODING_IS_NOT_SUPPORTED);
        } catch (InvalidKeyException e2) {
            throw new AuthenticationException(ADALError.KEY_CHAIN_PRIVATE_KEY_EXCEPTION, "Invalid private RSA key: " + e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new AuthenticationException(ADALError.DEVICE_NO_SUCH_ALGORITHM, "Unsupported RSA algorithm: " + e3.getMessage(), e3);
        } catch (SignatureException e4) {
            throw new AuthenticationException(ADALError.SIGNATURE_EXCEPTION, "RSA signature exception: " + e4.getMessage(), e4);
        }
    }

    @Override // com.microsoft.aad.adal.IJWSBuilder
    public String generateSignedJWT(String str, String str2, RSAPrivateKey rSAPrivateKey, RSAPublicKey rSAPublicKey, X509Certificate x509Certificate) {
        if (StringExtensions.IsNullOrBlank(str)) {
            throw new IllegalArgumentException("nonce");
        }
        if (StringExtensions.IsNullOrBlank(str2)) {
            throw new IllegalArgumentException("audience");
        }
        if (rSAPrivateKey == null) {
            throw new IllegalArgumentException("privateKey");
        }
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("pubKey");
        }
        e eVar = new e();
        Claims claims = new Claims();
        claims.mNonce = str;
        claims.mAudience = str2;
        claims.mIssueAt = System.currentTimeMillis() / 1000;
        JwsHeader jwsHeader = new JwsHeader();
        jwsHeader.mAlgorithm = JWS_HEADER_ALG;
        jwsHeader.mType = "JWT";
        try {
            jwsHeader.mCert = r8;
            String[] strArr = {new String(Base64.encode(x509Certificate.getEncoded(), 2), "UTF_8")};
            String t = eVar.t(jwsHeader);
            String t2 = eVar.t(claims);
            Logger.v(TAG, "Client certificate challange response JWS Header:" + t);
            String str3 = StringExtensions.encodeBase64URLSafeString(t.getBytes("UTF_8")) + "." + StringExtensions.encodeBase64URLSafeString(t2.getBytes("UTF_8"));
            return str3 + "." + sign(rSAPrivateKey, str3.getBytes("UTF_8"));
        } catch (UnsupportedEncodingException unused) {
            throw new AuthenticationException(ADALError.ENCODING_IS_NOT_SUPPORTED);
        } catch (CertificateEncodingException unused2) {
            throw new AuthenticationException(ADALError.CERTIFICATE_ENCODING_ERROR);
        }
    }
}
