package com.microsoft.identity.common.adal.internal;

import android.util.Base64;
import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftIdToken;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* loaded from: classes2.dex */
public class JWSBuilder {
    private static final String JWS_ALGORITHM = "SHA256withRSA";
    private static final String JWS_HEADER_ALG = "RS256";
    private static final long SECONDS_MS = 1000;
    private static final String TAG = "JWSBuilder";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public final class Claims {

        @SerializedName(MicrosoftIdToken.AUDIENCE)
        private String mAudience;

        @SerializedName(MicrosoftIdToken.ISSUED_AT)
        private long mIssueAt;

        @SerializedName(AuthenticationConstants.Broker.PRT_NONCE)
        private String mNonce;

        private Claims() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes6.dex */
    public final class JwsHeader {

        @SerializedName("alg")
        private String mAlgorithm;

        @SerializedName("x5c")
        private String[] mCert;

        @SerializedName("typ")
        private String mType;

        private JwsHeader() {
        }
    }

    private static String sign(RSAPrivateKey rSAPrivateKey, byte[] bArr) throws ClientException {
        try {
            Signature signature = Signature.getInstance(JWS_ALGORITHM);
            signature.initSign(rSAPrivateKey);
            signature.update(bArr);
            return StringExtensions.encodeBase64URLSafeString(signature.sign());
        } catch (UnsupportedEncodingException e) {
            throw new ClientException("unsupported_encoding", "Unsupported encoding", e);
        } catch (InvalidKeyException e2) {
            throw new ClientException(ErrorStrings.KEY_CHAIN_PRIVATE_KEY_EXCEPTION, "Invalid private RSA key: " + e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new ClientException("no_such_algorithm", "Unsupported RSA algorithm: " + e3.getMessage(), e3);
        } catch (SignatureException e4) {
            throw new ClientException(ErrorStrings.SIGNATURE_EXCEPTION, "RSA signature exception: " + e4.getMessage(), e4);
        }
    }

    public String generateSignedJWT(String str, String str2, RSAPrivateKey rSAPrivateKey, RSAPublicKey rSAPublicKey, X509Certificate x509Certificate) throws ClientException {
        if (StringExtensions.isNullOrBlank(str)) {
            throw new IllegalArgumentException(AuthenticationConstants.Broker.PRT_NONCE);
        }
        if (StringExtensions.isNullOrBlank(str2)) {
            throw new IllegalArgumentException("audience");
        }
        if (rSAPrivateKey == null) {
            throw new IllegalArgumentException("privateKey");
        }
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("pubKey");
        }
        Gson gson = new Gson();
        Claims claims = new Claims();
        claims.mNonce = str;
        claims.mAudience = str2;
        claims.mIssueAt = System.currentTimeMillis() / SECONDS_MS;
        JwsHeader jwsHeader = new JwsHeader();
        jwsHeader.mAlgorithm = JWS_HEADER_ALG;
        jwsHeader.mType = "JWT";
        try {
            jwsHeader.mCert = new String[1];
            jwsHeader.mCert[0] = new String(Base64.encode(x509Certificate.getEncoded(), 2), "UTF_8");
            String json = gson.toJson(jwsHeader);
            String json2 = gson.toJson(claims);
            Logger.verbosePII("JWSBuilder:generateSignedJWT", "Generate client certificate challenge response JWS Header. ", "Header: " + json);
            String str3 = StringExtensions.encodeBase64URLSafeString(json.getBytes("UTF_8")) + "." + StringExtensions.encodeBase64URLSafeString(json2.getBytes("UTF_8"));
            return str3 + "." + sign(rSAPrivateKey, str3.getBytes("UTF_8"));
        } catch (UnsupportedEncodingException e) {
            throw new ClientException("unsupported_encoding", "Unsupported encoding", e);
        } catch (CertificateEncodingException e2) {
            throw new ClientException(ErrorStrings.CERTIFICATE_ENCODING_ERROR, "Certificate encoding error", e2);
        }
    }
}
