package c.h.a.a.b.a;

import android.util.Base64;
import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* loaded from: classes.dex */
public class c {
    private static final String JWS_ALGORITHM = "SHA256withRSA";
    private static final String JWS_HEADER_ALG = "RS256";
    private static final long SECONDS_MS = 1000;
    private static final String TAG = "JWSBuilder";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public final class b {

        @SerializedName("aud")
        private String mAudience;

        @SerializedName("iat")
        private long mIssueAt;

        @SerializedName("nonce")
        private String mNonce;

        b(c cVar, a aVar) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: c.h.a.a.b.a.c$c, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public final class C0076c {

        @SerializedName("alg")
        private String mAlgorithm;

        @SerializedName("x5c")
        private String[] mCert;

        @SerializedName("typ")
        private String mType;

        C0076c(c cVar, a aVar) {
        }
    }

    private static String b(RSAPrivateKey rSAPrivateKey, byte[] bArr) throws c.h.a.a.c.d {
        try {
            Signature signature = Signature.getInstance(JWS_ALGORITHM);
            signature.initSign(rSAPrivateKey);
            signature.update(bArr);
            return c.h.a.a.b.a.i.c.b(signature.sign());
        } catch (UnsupportedEncodingException e2) {
            throw new c.h.a.a.c.d("unsupported_encoding", "Unsupported encoding", e2);
        } catch (InvalidKeyException e3) {
            StringBuilder q = c.a.b.a.a.q("Invalid private RSA key: ");
            q.append(e3.getMessage());
            throw new c.h.a.a.c.d("Key Chain private key exception", q.toString(), e3);
        } catch (NoSuchAlgorithmException e4) {
            StringBuilder q2 = c.a.b.a.a.q("Unsupported RSA algorithm: ");
            q2.append(e4.getMessage());
            throw new c.h.a.a.c.d("no_such_algorithm", q2.toString(), e4);
        } catch (SignatureException e5) {
            StringBuilder q3 = c.a.b.a.a.q("RSA signature exception: ");
            q3.append(e5.getMessage());
            throw new c.h.a.a.c.d("Signature exception", q3.toString(), e5);
        }
    }

    public String a(String str, String str2, RSAPrivateKey rSAPrivateKey, RSAPublicKey rSAPublicKey, X509Certificate x509Certificate) throws c.h.a.a.c.d {
        if (c.h.a.a.b.a.i.c.g(str)) {
            throw new IllegalArgumentException("nonce");
        }
        if (c.h.a.a.b.a.i.c.g(str2)) {
            throw new IllegalArgumentException("audience");
        }
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("pubKey");
        }
        Gson gson = new Gson();
        b bVar = new b(this, null);
        bVar.mNonce = str;
        bVar.mAudience = str2;
        bVar.mIssueAt = System.currentTimeMillis() / SECONDS_MS;
        C0076c c0076c = new C0076c(this, null);
        c0076c.mAlgorithm = JWS_HEADER_ALG;
        c0076c.mType = "JWT";
        try {
            c0076c.mCert = new String[1];
            c0076c.mCert[0] = new String(Base64.encode(x509Certificate.getEncoded(), 2), "UTF-8");
            String json = gson.toJson(c0076c);
            String json2 = gson.toJson(bVar);
            c.h.a.a.d.g.d.q("JWSBuilder:generateSignedJWT", "Generate client certificate challenge response JWS Header. ");
            String str3 = c.h.a.a.b.a.i.c.b(json.getBytes("UTF-8")) + "." + c.h.a.a.b.a.i.c.b(json2.getBytes("UTF-8"));
            return c.a.b.a.a.i(str3, ".", b(rSAPrivateKey, str3.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e2) {
            throw new c.h.a.a.c.d("unsupported_encoding", "Unsupported encoding", e2);
        } catch (CertificateEncodingException e3) {
            throw new c.h.a.a.c.d("Certificate encoding is not generated", "Certificate encoding error", e3);
        }
    }
}
