package com.microsoft.authenticator.mfasdk.authentication.msa.businessLogic;

import android.util.Base64;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.authenticator.mfasdk.account.entities.MsaSdkAccount;
import com.microsoft.authenticator.mfasdk.common.ServerConfig;
import com.microsoft.authenticator.securekeystore.KeystoreCredentialManager;
import com.microsoft.authenticator.securekeystore.entities.KeystoreCredentialException;
import com.microsoft.identity.common.java.jwt.AbstractJwtRequest;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Locale;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.text.Regex;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: MsaNgcHelper.kt */
/* loaded from: classes2.dex */
public final class MsaNgcHelper {
    private final int JwtBase64Flags;
    private final KeystoreCredentialManager keystoreCredentialManager;

    public MsaNgcHelper(KeystoreCredentialManager keystoreCredentialManager) {
        Intrinsics.checkNotNullParameter(keystoreCredentialManager, "keystoreCredentialManager");
        this.keystoreCredentialManager = keystoreCredentialManager;
        this.JwtBase64Flags = 11;
    }

    public final String buildNgcToken(String nonce, MsaSdkAccount account, boolean z) throws KeystoreCredentialException, InvalidKeyException {
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        Intrinsics.checkNotNullParameter(account, "account");
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(AbstractJwtRequest.ClaimNames.TYPE, "JWT");
            jSONObject.put("alg", JwtRequestHeader.ALG_VALUE_RS256);
            jSONObject.put("kid", account.getNgcServerKeyIdentifier());
            JSONObject jSONObject2 = new JSONObject();
            if (z) {
                PublicKey publicKey = this.keystoreCredentialManager.getPublicKey(account.getPuid());
                Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                JSONObject jSONObject3 = new JSONObject();
                jSONObject3.put("kty", "RSA");
                jSONObject3.put("n", Base64.encodeToString(rSAPublicKey.getModulus().toByteArray(), this.JwtBase64Flags));
                jSONObject3.put("e", Base64.encodeToString(rSAPublicKey.getPublicExponent().toByteArray(), this.JwtBase64Flags));
                jSONObject3.put("alg", "RSA-OAEP");
                jSONObject3.put(AbstractJwtRequest.ClaimNames.USE, "enc");
                jSONObject2.put(AbstractDevicePopManager.SignedHttpRequestJwtClaims.JWK, jSONObject3);
                jSONObject2.put("attk", "");
                jSONObject2.put("attb", "");
            }
            JSONObject jSONObject4 = new JSONObject();
            jSONObject4.put("aud", ServerConfig.Companion.getMSA_BASE_URL());
            if (z) {
                jSONObject4.put("cnf", jSONObject2);
            }
            jSONObject4.put(AbstractJwtRequest.ClaimNames.NONCE, nonce);
            String jSONObject5 = jSONObject4.toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject5, "ngcToken.toString()");
            String replace = new Regex("\\\\/\\\\/").replace(jSONObject5, "//");
            StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
            Locale locale = Locale.US;
            StringBuilder sb = new StringBuilder();
            String jSONObject6 = jSONObject.toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject6, "jwtHeader.toString()");
            Charset charset = Strings.Utf8Charset;
            byte[] bytes = jSONObject6.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            sb.append(Base64.encodeToString(bytes, this.JwtBase64Flags));
            sb.append('.');
            byte[] bytes2 = replace.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
            sb.append(Base64.encodeToString(bytes2, this.JwtBase64Flags));
            String format = String.format(locale, sb.toString(), Arrays.copyOf(new Object[0], 0));
            Intrinsics.checkNotNullExpressionValue(format, "format(locale, format, *args)");
            KeystoreCredentialManager keystoreCredentialManager = this.keystoreCredentialManager;
            byte[] bytes3 = format.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes3, "this as java.lang.String).getBytes(charset)");
            String format2 = String.format(locale, format + '.' + Base64.encodeToString(keystoreCredentialManager.signRsa(bytes3, account.getPuid()), this.JwtBase64Flags), Arrays.copyOf(new Object[0], 0));
            Intrinsics.checkNotNullExpressionValue(format2, "format(locale, format, *args)");
            return format2;
        } catch (JSONException e) {
            throw new KeystoreCredentialException(e);
        }
    }
}
