package com.microsoft.aad.adal;

import android.util.Base64;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class ma implements ga {

    /* loaded from: classes.dex */
    class a {

        /* renamed from: a, reason: collision with root package name */
        @c.e.c.a.c("aud")
        protected String f4103a;

        /* renamed from: b, reason: collision with root package name */
        @c.e.c.a.c("iat")
        protected long f4104b;

        /* renamed from: c, reason: collision with root package name */
        @c.e.c.a.c("nonce")
        protected String f4105c;

        a() {
        }
    }

    /* loaded from: classes.dex */
    class b {

        /* renamed from: a, reason: collision with root package name */
        @c.e.c.a.c("alg")
        protected String f4107a;

        /* renamed from: b, reason: collision with root package name */
        @c.e.c.a.c("typ")
        protected String f4108b;

        /* renamed from: c, reason: collision with root package name */
        @c.e.c.a.c("x5c")
        protected String[] f4109c;

        b() {
        }
    }

    private static String a(RSAPrivateKey rSAPrivateKey, byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(rSAPrivateKey);
            signature.update(bArr);
            return wa.a(signature.sign());
        } catch (UnsupportedEncodingException unused) {
            throw new C0450z(EnumC0424a.ENCODING_IS_NOT_SUPPORTED);
        } catch (InvalidKeyException e2) {
            throw new C0450z(EnumC0424a.KEY_CHAIN_PRIVATE_KEY_EXCEPTION, "Invalid private RSA key: " + e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new C0450z(EnumC0424a.DEVICE_NO_SUCH_ALGORITHM, "Unsupported RSA algorithm: " + e3.getMessage(), e3);
        } catch (SignatureException e4) {
            throw new C0450z(EnumC0424a.SIGNATURE_EXCEPTION, "RSA signature exception: " + e4.getMessage(), e4);
        }
    }

    @Override // com.microsoft.aad.adal.ga
    public String a(String str, String str2, RSAPrivateKey rSAPrivateKey, RSAPublicKey rSAPublicKey, X509Certificate x509Certificate) {
        if (wa.a(str)) {
            throw new IllegalArgumentException("nonce");
        }
        if (wa.a(str2)) {
            throw new IllegalArgumentException("audience");
        }
        if (rSAPrivateKey == null) {
            throw new IllegalArgumentException("privateKey");
        }
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("pubKey");
        }
        c.e.c.q qVar = new c.e.c.q();
        a aVar = new a();
        aVar.f4105c = str;
        aVar.f4103a = str2;
        aVar.f4104b = System.currentTimeMillis() / 1000;
        b bVar = new b();
        bVar.f4107a = "RS256";
        bVar.f4108b = "JWT";
        try {
            bVar.f4109c = new String[1];
            bVar.f4109c[0] = new String(Base64.encode(x509Certificate.getEncoded(), 2), "UTF_8");
            String a2 = qVar.a(bVar);
            String a3 = qVar.a(aVar);
            na.c("JWSBuilder", "Client certificate challenge response JWS Header:" + a2);
            String str3 = wa.a(a2.getBytes("UTF_8")) + "." + wa.a(a3.getBytes("UTF_8"));
            return str3 + "." + a(rSAPrivateKey, str3.getBytes("UTF_8"));
        } catch (UnsupportedEncodingException unused) {
            throw new C0450z(EnumC0424a.ENCODING_IS_NOT_SUPPORTED);
        } catch (CertificateEncodingException unused2) {
            throw new C0450z(EnumC0424a.CERTIFICATE_ENCODING_ERROR);
        }
    }
}
