package com.microsoft.aad.adal;

import android.util.Base64;
import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: JWSBuilder.java */
/* loaded from: classes2.dex */
public class be implements ax {

    /* compiled from: JWSBuilder.java */
    /* loaded from: classes2.dex */
    final class a {

        /* renamed from: b, reason: collision with root package name */
        @SerializedName("aud")
        private String f3108b;

        /* renamed from: c, reason: collision with root package name */
        @SerializedName("iat")
        private long f3109c;

        @SerializedName("nonce")
        private String d;

        private a() {
        }
    }

    /* compiled from: JWSBuilder.java */
    /* loaded from: classes2.dex */
    final class b {

        /* renamed from: b, reason: collision with root package name */
        @SerializedName("alg")
        private String f3111b;

        /* renamed from: c, reason: collision with root package name */
        @SerializedName("typ")
        private String f3112c;

        @SerializedName("x5c")
        private String[] d;

        private b() {
        }
    }

    private static String a(RSAPrivateKey rSAPrivateKey, byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(rSAPrivateKey);
            signature.update(bArr);
            return bp.a(signature.sign());
        } catch (UnsupportedEncodingException unused) {
            throw new m(com.microsoft.aad.adal.a.ENCODING_IS_NOT_SUPPORTED);
        } catch (InvalidKeyException e) {
            throw new m(com.microsoft.aad.adal.a.KEY_CHAIN_PRIVATE_KEY_EXCEPTION, "Invalid private RSA key: " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new m(com.microsoft.aad.adal.a.DEVICE_NO_SUCH_ALGORITHM, "Unsupported RSA algorithm: " + e2.getMessage(), e2);
        } catch (SignatureException e3) {
            throw new m(com.microsoft.aad.adal.a.SIGNATURE_EXCEPTION, "RSA signature exception: " + e3.getMessage(), e3);
        }
    }

    @Override // com.microsoft.aad.adal.ax
    public String a(String str, String str2, RSAPrivateKey rSAPrivateKey, RSAPublicKey rSAPublicKey, X509Certificate x509Certificate) {
        if (bp.a(str)) {
            throw new IllegalArgumentException("nonce");
        }
        if (bp.a(str2)) {
            throw new IllegalArgumentException("audience");
        }
        if (rSAPrivateKey == null) {
            throw new IllegalArgumentException("privateKey");
        }
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("pubKey");
        }
        Gson gson = new Gson();
        a aVar = new a();
        aVar.d = str;
        aVar.f3108b = str2;
        aVar.f3109c = System.currentTimeMillis() / 1000;
        b bVar = new b();
        bVar.f3111b = "RS256";
        bVar.f3112c = "JWT";
        try {
            bVar.d = new String[1];
            bVar.d[0] = new String(Base64.encode(x509Certificate.getEncoded(), 2), "UTF_8");
            String json = gson.toJson(bVar);
            String json2 = gson.toJson(aVar);
            bg.b("JWSBuilder:generateSignedJWT", "Generate client certificate challenge response JWS Header. ", "Header: " + json, null);
            String str3 = bp.a(json.getBytes("UTF_8")) + "." + bp.a(json2.getBytes("UTF_8"));
            return str3 + "." + a(rSAPrivateKey, str3.getBytes("UTF_8"));
        } catch (UnsupportedEncodingException e) {
            throw new m(com.microsoft.aad.adal.a.ENCODING_IS_NOT_SUPPORTED, "Unsupported encoding", e);
        } catch (CertificateEncodingException e2) {
            throw new m(com.microsoft.aad.adal.a.CERTIFICATE_ENCODING_ERROR, "Certificate encoding error", e2);
        }
    }
}
