package com.microsoft.aad.msal4j;

import java.nio.charset.StandardCharsets;
import java.security.Signature;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.UUID;

/* loaded from: input_file:com/microsoft/aad/msal4j/JwtHelper.class */
final class JwtHelper {
    JwtHelper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ClientAssertion buildJwt(String str, ClientCertificate clientCertificate, String str2, boolean z, boolean z2) throws MsalClientException {
        ParameterValidationUtils.validateNotBlank("clientId", str);
        ParameterValidationUtils.validateNotNull("credential", str);
        try {
            long currentTimeMillis = System.currentTimeMillis();
            HashMap hashMap = new HashMap();
            hashMap.put("alg", "RS256");
            hashMap.put("typ", "JWT");
            if (z) {
                hashMap.put("x5c", new ArrayList(clientCertificate.getEncodedPublicKeyCertificateChain()));
            }
            String publicCertificateHash256 = clientCertificate.publicCertificateHash256();
            if (z2 || publicCertificateHash256 == null) {
                hashMap.put("x5t", clientCertificate.publicCertificateHash());
            } else {
                hashMap.put("x5t#S256", publicCertificateHash256);
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put("aud", str2);
            hashMap2.put("iss", str);
            hashMap2.put("jti", UUID.randomUUID().toString());
            hashMap2.put("nbf", Long.valueOf(currentTimeMillis / 1000));
            hashMap2.put("exp", Long.valueOf((currentTimeMillis / 1000) + 600));
            hashMap2.put("sub", str);
            String writeJsonMap = JsonHelper.writeJsonMap(hashMap);
            String writeJsonMap2 = JsonHelper.writeJsonMap(hashMap2);
            String str3 = base64UrlEncode(writeJsonMap.getBytes(StandardCharsets.UTF_8)) + "." + base64UrlEncode(writeJsonMap2.getBytes(StandardCharsets.UTF_8));
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(clientCertificate.privateKey());
            signature.update(str3.getBytes(StandardCharsets.UTF_8));
            return new ClientAssertion(str3 + "." + base64UrlEncode(signature.sign()));
        } catch (Exception e) {
            throw new MsalClientException(e);
        }
    }

    private static String base64UrlEncode(byte[] bArr) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }
}
