package com.microsoft.identity.common.adal.internal;

import android.util.Base64;
import com.google.gson.Gson;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftIdToken;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import l3.d.b.a.a;
import l3.w.f.d0.c;
import obfuse.NPStringFog;

/* loaded from: classes4.dex */
public class JWSBuilder {
    private static final String JWS_ALGORITHM = "SHA256withRSA";
    private static final String JWS_HEADER_ALG = "RS256";
    private static final long SECONDS_MS = 1000;
    private static final String TAG = "JWSBuilder";

    /* loaded from: classes4.dex */
    public final class Claims {

        @c(MicrosoftIdToken.AUDIENCE)
        private String mAudience;

        @c(MicrosoftIdToken.ISSUED_AT)
        private long mIssueAt;

        @c("nonce")
        private String mNonce;

        private Claims() {
        }
    }

    /* loaded from: classes4.dex */
    public final class JwsHeader {

        @c("alg")
        private String mAlgorithm;

        @c("x5c")
        private String[] mCert;

        @c("typ")
        private String mType;

        private JwsHeader() {
        }
    }

    private static String sign(RSAPrivateKey rSAPrivateKey, byte[] bArr) throws ClientException {
        try {
            Signature signature = Signature.getInstance(NPStringFog.decode("3D382C535B57100C0606223E20"));
            signature.initSign(rSAPrivateKey);
            signature.update(bArr);
            return StringExtensions.encodeBase64URLSafeString(signature.sign());
        } catch (UnsupportedEncodingException e) {
            throw new ClientException("unsupported_encoding", NPStringFog.decode("3B1E1E141E110817060B144D04000208011B0017"), e);
        } catch (InvalidKeyException e2) {
            StringBuilder g0 = a.g0(NPStringFog.decode("271E1B0002080345021C191B001A044737212F500604175B47"));
            g0.append(e2.getMessage());
            throw new ClientException(NPStringFog.decode("251514412D09060C1C4E001F081800130052051514410B190400021A19020F"), g0.toString(), e2);
        } catch (NoSuchAlgorithmException e3) {
            StringBuilder g02 = a.g0(NPStringFog.decode("3B1E1E141E110817060B144D333D2047041E091F1F081A090A5F52"));
            g02.append(e3.getMessage());
            throw new ClientException("no_such_algorithm", g02.toString(), e3);
        } catch (SignatureException e4) {
            StringBuilder g03 = a.g0(NPStringFog.decode("3C232C411D08000B131A051F044E041F06171E04040E005B47"));
            g03.append(e4.getMessage());
            throw new ClientException(NPStringFog.decode("3D190A0F0F151217174E1515020B11130C1D00"), g03.toString(), e4);
        }
    }

    public String generateSignedJWT(String str, String str2, RSAPrivateKey rSAPrivateKey, RSAPublicKey rSAPublicKey, X509Certificate x509Certificate) throws ClientException {
        String decode = NPStringFog.decode("40");
        if (StringExtensions.isNullOrBlank(str)) {
            throw new IllegalArgumentException("nonce");
        }
        if (StringExtensions.isNullOrBlank(str2)) {
            throw new IllegalArgumentException(NPStringFog.decode("0F0509080B0F0400"));
        }
        if (rSAPrivateKey == null) {
            throw new IllegalArgumentException("privateKey");
        }
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("pubKey");
        }
        Gson gson = new Gson();
        Claims claims = new Claims();
        claims.mNonce = str;
        claims.mAudience = str2;
        claims.mIssueAt = System.currentTimeMillis() / SECONDS_MS;
        JwsHeader jwsHeader = new JwsHeader();
        jwsHeader.mAlgorithm = NPStringFog.decode("3C235F5458");
        jwsHeader.mType = NPStringFog.decode("242739");
        try {
            jwsHeader.mCert = new String[1];
            jwsHeader.mCert[0] = new String(Base64.encode(x509Certificate.getEncoded(), 2), "UTF-8");
            String k = gson.k(jwsHeader);
            String k2 = gson.k(claims);
            Logger.verbose(NPStringFog.decode("24273E231B080B01171C4A0A0400041504060B2304060004032F253A"), "Generate client certificate challenge response JWS Header. ");
            String str3 = StringExtensions.encodeBase64URLSafeString(k.getBytes("UTF-8")) + decode + StringExtensions.encodeBase64URLSafeString(k2.getBytes("UTF-8"));
            return a.N(str3, decode, sign(rSAPrivateKey, str3.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new ClientException("unsupported_encoding", NPStringFog.decode("3B1E1E141E110817060B144D04000208011B0017"), e);
        } catch (CertificateEncodingException e2) {
            throw new ClientException(NPStringFog.decode("2D151F1507070E06131A154D04000208011B00174D081D41090A064E17080F0B130611170A"), "Certificate encoding error", e2);
        }
    }
}
