package com.microsoft.identity.common.internal.providers.microsoft;

import com.microsoft.identity.common.internal.providers.keys.CertificateCredential;
import com.microsoft.identity.common.internal.providers.oauth2.ClientAssertion;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import j.i.a.j.a;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedHashMap;

/* loaded from: classes2.dex */
public class MicrosoftClientAssertion extends ClientAssertion {
    public static final String CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
    public static final int ONE_MINUTE_MILLIS = 60000;
    public static final String THUMBPRINT_ALGORITHM = "SHA-1";

    public MicrosoftClientAssertion(String str, CertificateCredential certificateCredential) throws NoSuchAlgorithmException, CertificateEncodingException {
        if (certificateCredential == null) {
            throw new IllegalArgumentException("certificate credential is null");
        }
        setClientAssertion(createSignedJwt(certificateCredential.getClientId(), str, certificateCredential).serialize());
        setClientAssertionType("urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
    }

    private Base64URL createSHA1ThumbPrint(X509Certificate x509Certificate) throws CertificateEncodingException, NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(THUMBPRINT_ALGORITHM);
        messageDigest.reset();
        messageDigest.update(x509Certificate.getEncoded());
        return new Base64URL(Base64.encode(messageDigest.digest()).toString());
    }

    private SignedJWT createSignedJwt(String str, String str2, CertificateCredential certificateCredential) throws NoSuchAlgorithmException, CertificateEncodingException {
        JWSAlgorithm jWSAlgorithm;
        long currentTimeMillis = System.currentTimeMillis();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (str2 == null) {
            linkedHashMap.put("aud", null);
        } else {
            linkedHashMap.put("aud", Collections.singletonList(str2));
        }
        linkedHashMap.put("iss", str);
        linkedHashMap.put("nbf", new Date(currentTimeMillis));
        linkedHashMap.put("exp", new Date(currentTimeMillis + 60000));
        linkedHashMap.put("sub", str);
        JWTClaimsSet jWTClaimsSet = new JWTClaimsSet(linkedHashMap);
        try {
            jWSAlgorithm = JWSAlgorithm.RS256;
        } catch (Exception e2) {
            e = e2;
        }
        try {
            if (jWSAlgorithm.getName().equals(Algorithm.NONE.getName())) {
                throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(Base64.encode(certificateCredential.getPublicCertificate().getEncoded()));
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(jWSAlgorithm, null, null, null, null, null, null, createSHA1ThumbPrint(certificateCredential.getPublicCertificate()), null, arrayList, null, null, null), jWTClaimsSet);
            signedJWT.sign(new a(certificateCredential.getPrivateKey()));
            return signedJWT;
        } catch (Exception e3) {
            e = e3;
            throw new RuntimeException("exception in createSignedJwt", e);
        }
    }
}
