package com.microsoft.aad.msal4j;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.UUID;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/bundles/net.tirasa.connid.bundles.azure-2.0.0-bundle.jar:lib/msal4j-1.11.0.jar:com/microsoft/aad/msal4j/JwtHelper.class */
public final class JwtHelper {
    JwtHelper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ClientAssertion buildJwt(String str, ClientCertificate clientCertificate, String str2, boolean z) throws MsalClientException {
        if (StringHelper.isBlank(str)) {
            throw new IllegalArgumentException("clientId is null or empty");
        }
        if (clientCertificate == null) {
            throw new IllegalArgumentException("credential is null");
        }
        long currentTimeMillis = System.currentTimeMillis();
        JWTClaimsSet build = new JWTClaimsSet.Builder().audience(Collections.singletonList(str2)).issuer(str).jwtID(UUID.randomUUID().toString()).notBeforeTime(new Date(currentTimeMillis)).expirationTime(new Date(currentTimeMillis + 600000)).subject(str).build();
        try {
            JWSHeader.Builder builder = new JWSHeader.Builder(JWSAlgorithm.RS256);
            if (z) {
                ArrayList arrayList = new ArrayList();
                Iterator<String> it = clientCertificate.getEncodedPublicKeyCertificateChain().iterator();
                while (it.hasNext()) {
                    arrayList.add(new Base64(it.next()));
                }
                builder.x509CertChain(arrayList);
            }
            builder.x509CertThumbprint(new Base64URL(clientCertificate.publicCertificateHash()));
            SignedJWT signedJWT = new SignedJWT(builder.build(), build);
            signedJWT.sign(new RSASSASigner(clientCertificate.privateKey()));
            return new ClientAssertion(signedJWT.serialize());
        } catch (Exception e) {
            throw new MsalClientException(e);
        }
    }
}
