package com.microsoft.identity.common.java.util;

import com.amazonaws.services.s3.model.InstructionFileId;
import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.crypto.BasicSigner;
import com.microsoft.identity.common.java.crypto.ISigner;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.exception.ErrorStrings;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.providers.microsoft.MicrosoftIdToken;
import cz.msebera.android.httpclient.extras.Base64;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;

/* loaded from: classes2.dex */
public class JWSBuilder {
    private static final String JWS_HEADER_ALG = "RS256";
    private static final long SECONDS_MS = 1000;
    private static final String SIGNING_ALGORITHM = "SHA256withRSA";
    private static final String TAG = "JWSBuilder";
    private static final ISigner sSigner = new BasicSigner();

    /* loaded from: classes2.dex */
    static final class Claims {

        @SerializedName(MicrosoftIdToken.AUDIENCE)
        private String mAudience;

        @SerializedName(MicrosoftIdToken.ISSUED_AT)
        private long mIssueAt;

        @SerializedName("nonce")
        private String mNonce;

        private Claims() {
        }
    }

    /* loaded from: classes2.dex */
    static final class JwsHeader {

        @SerializedName("alg")
        private String mAlgorithm;

        @SerializedName("x5c")
        private String[] mCert;

        @SerializedName("typ")
        private String mType;

        private JwsHeader() {
        }
    }

    public String generateSignedJWT(String str, String str2, PrivateKey privateKey, PublicKey publicKey, X509Certificate x509Certificate) throws ClientException {
        if (StringUtil.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("nonce");
        }
        if (StringUtil.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("audience");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("privateKey");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("pubKey");
        }
        Gson gson = new Gson();
        Claims claims = new Claims();
        claims.mNonce = str;
        claims.mAudience = str2;
        claims.mIssueAt = System.currentTimeMillis() / SECONDS_MS;
        JwsHeader jwsHeader = new JwsHeader();
        jwsHeader.mAlgorithm = JWS_HEADER_ALG;
        jwsHeader.mType = "JWT";
        try {
            jwsHeader.mCert = new String[1];
            jwsHeader.mCert[0] = Base64.encodeToString(x509Certificate.getEncoded(), 2);
            String json = gson.toJson(jwsHeader);
            String json2 = gson.toJson(claims);
            Logger.verbose("JWSBuilder:generateSignedJWT", "Generate client certificate challenge response JWS Header. ");
            String str3 = StringUtil.encodeUrlSafeString(json) + InstructionFileId.DOT + StringUtil.encodeUrlSafeString(json2);
            return str3 + InstructionFileId.DOT + StringUtil.encodeUrlSafeString(sSigner.sign(privateKey, SIGNING_ALGORITHM, str3.getBytes(AuthenticationConstants.ENCODING_UTF8)));
        } catch (CertificateEncodingException e) {
            throw new ClientException(ErrorStrings.CERTIFICATE_ENCODING_ERROR, "Certificate encoding error", e);
        }
    }
}
