package com.microsoft.aad.adal;

import android.util.Base64;
import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;
import e.a.a.a.a;
import io.jsonwebtoken.Header;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* loaded from: classes2.dex */
public class JWSBuilder implements IJWSBuilder {
    public static final String JWS_ALGORITHM = "SHA256withRSA";
    public static final String JWS_HEADER_ALG = "RS256";
    public static final long SECONDS_MS = 1000;
    public static final String TAG = "JWSBuilder";

    /* loaded from: classes2.dex */
    public class Claims {

        @SerializedName("aud")
        public String mAudience;

        @SerializedName("iat")
        public long mIssueAt;

        @SerializedName("nonce")
        public String mNonce;

        public Claims(JWSBuilder jWSBuilder) {
        }
    }

    /* loaded from: classes2.dex */
    public class JwsHeader {

        @SerializedName(io.jsonwebtoken.JwsHeader.ALGORITHM)
        public String mAlgorithm;

        @SerializedName(io.jsonwebtoken.JwsHeader.X509_CERT_CHAIN)
        public String[] mCert;

        @SerializedName(Header.TYPE)
        public String mType;

        public JwsHeader(JWSBuilder jWSBuilder) {
        }
    }

    public static String sign(RSAPrivateKey rSAPrivateKey, byte[] bArr) throws AuthenticationException {
        try {
            Signature signature = Signature.getInstance(JWS_ALGORITHM);
            signature.initSign(rSAPrivateKey);
            signature.update(bArr);
            return StringExtensions.a(signature.sign());
        } catch (UnsupportedEncodingException unused) {
            throw new AuthenticationException(ADALError.ENCODING_IS_NOT_SUPPORTED);
        } catch (InvalidKeyException e2) {
            ADALError aDALError = ADALError.KEY_CHAIN_PRIVATE_KEY_EXCEPTION;
            StringBuilder Z = a.Z("Invalid private RSA key: ");
            Z.append(e2.getMessage());
            throw new AuthenticationException(aDALError, Z.toString(), e2);
        } catch (NoSuchAlgorithmException e3) {
            ADALError aDALError2 = ADALError.DEVICE_NO_SUCH_ALGORITHM;
            StringBuilder Z2 = a.Z("Unsupported RSA algorithm: ");
            Z2.append(e3.getMessage());
            throw new AuthenticationException(aDALError2, Z2.toString(), e3);
        } catch (SignatureException e4) {
            ADALError aDALError3 = ADALError.SIGNATURE_EXCEPTION;
            StringBuilder Z3 = a.Z("RSA signature exception: ");
            Z3.append(e4.getMessage());
            throw new AuthenticationException(aDALError3, Z3.toString(), e4);
        }
    }

    @Override // com.microsoft.aad.adal.IJWSBuilder
    public String generateSignedJWT(String str, String str2, RSAPrivateKey rSAPrivateKey, RSAPublicKey rSAPublicKey, X509Certificate x509Certificate) throws AuthenticationException {
        if (StringExtensions.f(str)) {
            throw new IllegalArgumentException("nonce");
        }
        if (StringExtensions.f(str2)) {
            throw new IllegalArgumentException("audience");
        }
        if (rSAPrivateKey == null) {
            throw new IllegalArgumentException("privateKey");
        }
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("pubKey");
        }
        Gson gson = new Gson();
        Claims claims = new Claims(this);
        claims.mNonce = str;
        claims.mAudience = str2;
        claims.mIssueAt = System.currentTimeMillis() / 1000;
        JwsHeader jwsHeader = new JwsHeader(this);
        jwsHeader.mAlgorithm = JWS_HEADER_ALG;
        jwsHeader.mType = Header.JWT_TYPE;
        try {
            jwsHeader.mCert = r8;
            String[] strArr = {new String(Base64.encode(x509Certificate.getEncoded(), 2), "UTF_8")};
            String json = gson.toJson(jwsHeader);
            String json2 = gson.toJson(claims);
            Logger.v(TAG, "Client certificate challenge response JWS Header:" + json);
            String str3 = StringExtensions.a(json.getBytes("UTF_8")) + "." + StringExtensions.a(json2.getBytes("UTF_8"));
            return a.U(str3, ".", sign(rSAPrivateKey, str3.getBytes("UTF_8")));
        } catch (UnsupportedEncodingException e2) {
            throw new AuthenticationException(ADALError.ENCODING_IS_NOT_SUPPORTED, "Unsupported encoding", e2);
        } catch (CertificateEncodingException e3) {
            throw new AuthenticationException(ADALError.CERTIFICATE_ENCODING_ERROR, "Certificate encoding error", e3);
        }
    }
}
