package com.microsoft.identity.common.internal.providers.microsoft;

import com.microsoft.identity.common.internal.providers.keys.CertificateCredential;
import com.microsoft.identity.common.internal.providers.oauth2.ClientAssertion;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;

/* loaded from: classes.dex */
public class MicrosoftClientAssertion extends ClientAssertion {
    private static final String CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
    private static final int ONE_MINUTE_MILLIS = 60000;
    private static final String THUMBPRINT_ALGORITHM = "SHA-1";

    public MicrosoftClientAssertion(String str, CertificateCredential certificateCredential) {
        if (certificateCredential == null) {
            throw new IllegalArgumentException("certificate credential is null");
        }
        setClientAssertion(createSignedJwt(certificateCredential.getClientId(), str, certificateCredential).serialize());
        setClientAssertionType(CLIENT_ASSERTION_TYPE);
    }

    private Base64URL createSHA1ThumbPrint(X509Certificate x509Certificate) {
        MessageDigest messageDigest = MessageDigest.getInstance(THUMBPRINT_ALGORITHM);
        messageDigest.reset();
        messageDigest.update(x509Certificate.getEncoded());
        return new Base64URL(Base64.encode(messageDigest.digest()).toString());
    }

    private SignedJWT createSignedJwt(String str, String str2, CertificateCredential certificateCredential) {
        long currentTimeMillis = System.currentTimeMillis();
        JWTClaimsSet build = new JWTClaimsSet.Builder().audience(str2).issuer(str).notBeforeTime(new Date(currentTimeMillis)).expirationTime(new Date(currentTimeMillis + 60000)).subject(str).build();
        try {
            JWSHeader.Builder builder = new JWSHeader.Builder(JWSAlgorithm.RS256);
            ArrayList arrayList = new ArrayList();
            arrayList.add(Base64.encode(certificateCredential.getPublicCertificate().getEncoded()));
            builder.x509CertChain(arrayList);
            builder.x509CertThumbprint(createSHA1ThumbPrint(certificateCredential.getPublicCertificate()));
            SignedJWT signedJWT = new SignedJWT(builder.build(), build);
            signedJWT.sign(new RSASSASigner(certificateCredential.getPrivateKey()));
            return signedJWT;
        } catch (Exception e) {
            throw new RuntimeException("exception in createSignedJwt", e);
        }
    }
}
