package com.nimbusds.jose.crypto;

import com.microsoft.identity.common.java.crypto.IDevicePopManager;
import com.microsoft.identity.common.java.crypto.key.KeyUtil;
import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import com.nimbusds.jose.ActionRequiredForJWSCompletionException;
import com.nimbusds.jose.CompletableJWSObjectSigning;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.crypto.impl.RSASSA;
import com.nimbusds.jose.crypto.impl.RSASSAProvider;
import com.nimbusds.jose.crypto.opts.AllowWeakRSAKey;
import com.nimbusds.jose.crypto.opts.OptionUtils;
import com.nimbusds.jose.crypto.opts.UserAuthenticationRequired;
import com.nimbusds.jose.util.Base64URL;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.Collections;
import java.util.Set;
import net.jcip.annotations.ThreadSafe;

@ThreadSafe
/* loaded from: classes3.dex */
public class RSASSASigner extends RSASSAProvider implements JWSSigner {
    public final PrivateKey c;
    public final Set d;

    /* renamed from: com.nimbusds.jose.crypto.RSASSASigner$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    class AnonymousClass1 implements CompletableJWSObjectSigning {
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public RSASSASigner(PrivateKey privateKey) {
        super(RSASSAProvider.b);
        Set emptySet = Collections.emptySet();
        boolean z = privateKey instanceof RSAPrivateKey;
        if (!z && !AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA.equalsIgnoreCase(privateKey.getAlgorithm())) {
            throw new IllegalArgumentException("The private key algorithm must be RSA");
        }
        this.c = privateKey;
        emptySet = emptySet == null ? Collections.emptySet() : emptySet;
        this.d = emptySet;
        if (OptionUtils.a(emptySet, AllowWeakRSAKey.class)) {
            return;
        }
        int i = -1;
        if (z) {
            try {
                i = ((RSAPrivateKey) privateKey).getModulus().bitLength();
            } catch (Exception unused) {
            }
        }
        if (i > 0 && i < 2048) {
            throw new IllegalArgumentException("The RSA key size must be at least 2048 bits");
        }
    }

    /* JADX WARN: Type inference failed for: r0v30, types: [com.nimbusds.jose.CompletableJWSObjectSigning, java.lang.Object] */
    public final Base64URL a(JWSHeader jWSHeader, byte[] bArr) {
        Signature a2;
        Signature a3;
        JWSAlgorithm jWSAlgorithm = (JWSAlgorithm) jWSHeader.f15417f;
        if ((!jWSAlgorithm.equals(JWSAlgorithm.k) || (a2 = RSASSA.a("SHA256withRSA", null, null)) == null) && ((!jWSAlgorithm.equals(JWSAlgorithm.f15446l) || (a2 = RSASSA.a("SHA384withRSA", null, null)) == null) && (!jWSAlgorithm.equals(JWSAlgorithm.m) || (a2 = RSASSA.a("SHA512withRSA", null, null)) == null))) {
            JWSAlgorithm jWSAlgorithm2 = JWSAlgorithm.r;
            if (!jWSAlgorithm.equals(jWSAlgorithm2) || (a3 = RSASSA.a("RSASSA-PSS", null, new PSSParameterSpec(KeyUtil.HMAC_KEY_HASH_ALGORITHM, IDevicePopManager.MGF_1, MGF1ParameterSpec.SHA256, 32, 1))) == null) {
                if (!jWSAlgorithm.equals(jWSAlgorithm2) || (a2 = RSASSA.a("SHA256withRSAandMGF1", null, null)) == null) {
                    JWSAlgorithm jWSAlgorithm3 = JWSAlgorithm.s;
                    if (!jWSAlgorithm.equals(jWSAlgorithm3) || (a3 = RSASSA.a("RSASSA-PSS", null, new PSSParameterSpec("SHA-384", IDevicePopManager.MGF_1, MGF1ParameterSpec.SHA384, 48, 1))) == null) {
                        if (!jWSAlgorithm.equals(jWSAlgorithm3) || (a2 = RSASSA.a("SHA384withRSAandMGF1", null, null)) == null) {
                            JWSAlgorithm jWSAlgorithm4 = JWSAlgorithm.t;
                            if (!jWSAlgorithm.equals(jWSAlgorithm4) || (a3 = RSASSA.a("RSASSA-PSS", null, new PSSParameterSpec("SHA-512", IDevicePopManager.MGF_1, MGF1ParameterSpec.SHA512, 64, 1))) == null) {
                                if (!jWSAlgorithm.equals(jWSAlgorithm4) || (a2 = RSASSA.a("SHA512withRSAandMGF1", null, null)) == null) {
                                    Set set = RSASSAProvider.b;
                                    StringBuilder sb = new StringBuilder("Unsupported JWS algorithm ");
                                    sb.append(jWSAlgorithm);
                                    sb.append(", must be ");
                                    StringBuilder sb2 = new StringBuilder();
                                    Object[] array = set.toArray();
                                    for (int i = 0; i < array.length; i++) {
                                        if (i != 0) {
                                            if (i < array.length - 1) {
                                                sb2.append(", ");
                                            } else if (i == array.length - 1) {
                                                sb2.append(" or ");
                                            }
                                        }
                                        sb2.append(array[i].toString());
                                    }
                                    sb.append(sb2.toString());
                                    throw new Exception(sb.toString());
                                }
                            }
                        }
                    }
                }
            }
            a2 = a3;
        }
        try {
            a2.initSign(this.c);
            if (OptionUtils.a(this.d, UserAuthenticationRequired.class)) {
                throw new ActionRequiredForJWSCompletionException("Authenticate user to complete signing", UserAuthenticationRequired.f15469a, new Object());
            }
            try {
                a2.update(bArr);
                return Base64URL.e(a2.sign());
            } catch (SignatureException e) {
                throw new Exception("RSA signature exception: " + e.getMessage(), e);
            }
        } catch (InvalidKeyException e2) {
            throw new Exception("Invalid private RSA key: " + e2.getMessage(), e2);
        }
    }
}
