package com.microsoft.identity.common.internal.providers.microsoft;

import com.microsoft.identity.common.internal.providers.keys.CertificateCredential;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsIdToken;
import com.microsoft.identity.common.internal.providers.oauth2.ClientAssertion;
import j8.k;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedHashMap;
import m8.a;
import m8.b;
import m8.c;
import n8.e;

/* loaded from: classes.dex */
public class MicrosoftClientAssertion extends ClientAssertion {
    private static final String CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
    private static final int ONE_MINUTE_MILLIS = 60000;
    private static final String THUMBPRINT_ALGORITHM = "SHA-1";

    public MicrosoftClientAssertion(String str, CertificateCredential certificateCredential) {
        if (certificateCredential == null) {
            throw new IllegalArgumentException("certificate credential is null");
        }
        e createSignedJwt = createSignedJwt(certificateCredential.getClientId(), str, certificateCredential);
        int i10 = createSignedJwt.f8995k;
        if (i10 != 2 && i10 != 3) {
            throw new IllegalStateException("The JWS object must be in a signed or verified state");
        }
        setClientAssertion(String.valueOf(createSignedJwt.f8993i) + '.' + createSignedJwt.f8994j.f8518g);
        setClientAssertionType(CLIENT_ASSERTION_TYPE);
    }

    /* JADX WARN: Type inference failed for: r3v2, types: [m8.c, m8.a] */
    private c createSHA1ThumbPrint(X509Certificate x509Certificate) {
        MessageDigest messageDigest = MessageDigest.getInstance(THUMBPRINT_ALGORITHM);
        messageDigest.reset();
        messageDigest.update(x509Certificate.getEncoded());
        return new a(b.b(messageDigest.digest(), false));
    }

    /* JADX WARN: Type inference failed for: r11v0, types: [j8.b, j8.l] */
    private e createSignedJwt(String str, String str2, CertificateCredential certificateCredential) {
        long currentTimeMillis = System.currentTimeMillis();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (str2 == null) {
            linkedHashMap.put(MicrosoftIdToken.AUDIENCE, null);
        } else {
            linkedHashMap.put(MicrosoftIdToken.AUDIENCE, Collections.singletonList(str2));
        }
        linkedHashMap.put(MicrosoftIdToken.ISSUER, str);
        linkedHashMap.put(MicrosoftIdToken.NOT_BEFORE, new Date(currentTimeMillis));
        linkedHashMap.put(MicrosoftStsIdToken.EXPIRATION_TIME, new Date(currentTimeMillis + 60000));
        linkedHashMap.put("sub", str);
        n8.c cVar = new n8.c(linkedHashMap);
        try {
            k kVar = k.f7361l;
            String str3 = kVar.f7309g;
            j8.a aVar = j8.a.f7308h;
            if (str3.equals(aVar.f7309g)) {
                throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(new a(b.b(certificateCredential.getPublicCertificate().getEncoded(), false)));
            ?? bVar = new j8.b(kVar, null, null, null, null, null, null, createSHA1ThumbPrint(certificateCredential.getPublicCertificate()), null, arrayList, null, null, null);
            if (kVar.f7309g.equals(aVar.f7309g)) {
                throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
            }
            e eVar = new e(bVar, cVar);
            eVar.d(new k8.a(certificateCredential.getPrivateKey()));
            return eVar;
        } catch (Exception e10) {
            throw new RuntimeException("exception in createSignedJwt", e10);
        }
    }
}
