package j.i.a.j;

import com.microsoft.aad.adal.AuthenticationParameters;
import com.microsoft.identity.common.adal.internal.JWSBuilder;
import com.microsoft.identity.common.internal.platform.DevicePopManager;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.util.Base64URL;
import j.g.k.e4.n;
import j.i.a.g;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;

/* loaded from: classes3.dex */
public class a extends j.i.a.j.b.a implements g {
    public static final Set<JWSAlgorithm> d;
    public final PrivateKey c;

    static {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(JWSAlgorithm.RS256);
        linkedHashSet.add(JWSAlgorithm.RS384);
        linkedHashSet.add(JWSAlgorithm.RS512);
        linkedHashSet.add(JWSAlgorithm.PS256);
        linkedHashSet.add(JWSAlgorithm.PS384);
        linkedHashSet.add(JWSAlgorithm.PS512);
        d = Collections.unmodifiableSet(linkedHashSet);
    }

    public a(PrivateKey privateKey) {
        super(d);
        if (!DevicePopManager.KeyPairGeneratorAlgorithms.RSA.equalsIgnoreCase(privateKey.getAlgorithm())) {
            throw new IllegalArgumentException("The private key algorithm must be RSA");
        }
        int a = n.a(privateKey);
        if (a > 0 && a < 2048) {
            throw new IllegalArgumentException("The RSA key size must be at least 2048 bits");
        }
        this.c = privateKey;
    }

    public Base64URL a(JWSHeader jWSHeader, byte[] bArr) throws JOSEException {
        String str;
        String str2;
        JWSAlgorithm algorithm = jWSHeader.getAlgorithm();
        Provider provider = this.b.a;
        PSSParameterSpec pSSParameterSpec = null;
        if (algorithm.equals(JWSAlgorithm.RS256)) {
            str2 = JWSBuilder.JWS_ALGORITHM;
        } else if (algorithm.equals(JWSAlgorithm.RS384)) {
            str2 = "SHA384withRSA";
        } else if (algorithm.equals(JWSAlgorithm.RS512)) {
            str2 = "SHA512withRSA";
        } else {
            if (algorithm.equals(JWSAlgorithm.PS256)) {
                pSSParameterSpec = new PSSParameterSpec("SHA256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1);
                str = "SHA256withRSAandMGF1";
            } else if (algorithm.equals(JWSAlgorithm.PS384)) {
                pSSParameterSpec = new PSSParameterSpec("SHA384", "MGF1", MGF1ParameterSpec.SHA384, 48, 1);
                str = "SHA384withRSAandMGF1";
            } else {
                if (!algorithm.equals(JWSAlgorithm.PS512)) {
                    Set<JWSAlgorithm> set = d;
                    StringBuilder sb = new StringBuilder();
                    sb.append("Unsupported JWS algorithm ");
                    sb.append(algorithm);
                    sb.append(", must be ");
                    StringBuilder sb2 = new StringBuilder();
                    Object[] array = set.toArray();
                    for (int i2 = 0; i2 < array.length; i2++) {
                        if (i2 != 0) {
                            if (i2 < array.length - 1) {
                                sb2.append(AuthenticationParameters.Challenge.SUFFIX_COMMA);
                            } else if (i2 == array.length - 1) {
                                sb2.append(" or ");
                            }
                        }
                        sb2.append(array[i2].toString());
                    }
                    sb.append(sb2.toString());
                    throw new JOSEException(sb.toString());
                }
                pSSParameterSpec = new PSSParameterSpec("SHA512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1);
                str = "SHA512withRSAandMGF1";
            }
            str2 = str;
        }
        try {
            Signature signature = provider != null ? Signature.getInstance(str2, provider) : Signature.getInstance(str2);
            if (pSSParameterSpec != null) {
                try {
                    signature.setParameter(pSSParameterSpec);
                } catch (InvalidAlgorithmParameterException e2) {
                    StringBuilder a = j.b.e.c.a.a("Invalid RSASSA-PSS salt length parameter: ");
                    a.append(e2.getMessage());
                    throw new JOSEException(a.toString(), e2);
                }
            }
            try {
                signature.initSign(this.c);
                signature.update(bArr);
                return Base64URL.encode(signature.sign());
            } catch (InvalidKeyException e3) {
                StringBuilder a2 = j.b.e.c.a.a("Invalid private RSA key: ");
                a2.append(e3.getMessage());
                throw new JOSEException(a2.toString(), e3);
            } catch (SignatureException e4) {
                StringBuilder a3 = j.b.e.c.a.a("RSA signature exception: ");
                a3.append(e4.getMessage());
                throw new JOSEException(a3.toString(), e4);
            }
        } catch (NoSuchAlgorithmException e5) {
            StringBuilder a4 = j.b.e.c.a.a("Unsupported RSASSA algorithm: ");
            a4.append(e5.getMessage());
            throw new JOSEException(a4.toString(), e5);
        }
    }
}
