package com.nimbusds.jose.crypto;

import com.nimbusds.jose.ActionRequiredForJWSCompletionException;
import com.nimbusds.jose.CompletableJWSObjectSigning;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.JWSSignerOption;
import com.nimbusds.jose.crypto.impl.RSAKeyUtils;
import com.nimbusds.jose.crypto.impl.RSASSA;
import com.nimbusds.jose.crypto.impl.RSASSAProvider;
import com.nimbusds.jose.crypto.opts.AllowWeakRSAKey;
import com.nimbusds.jose.crypto.opts.OptionUtils;
import com.nimbusds.jose.crypto.opts.UserAuthenticationRequired;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64URL;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.util.Collections;
import java.util.Set;
import net.jcip.annotations.ThreadSafe;

@ThreadSafe
/* loaded from: classes3.dex */
public class RSASSASigner extends RSASSAProvider implements JWSSigner {

    /* renamed from: d, reason: collision with root package name */
    private final PrivateKey f38104d;

    /* renamed from: e, reason: collision with root package name */
    private final Set<JWSSignerOption> f38105e;

    /* loaded from: classes3.dex */
    class a implements CompletableJWSObjectSigning {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ byte[] f38106a;

        /* renamed from: b, reason: collision with root package name */
        final /* synthetic */ Signature f38107b;

        a(byte[] bArr, Signature signature) {
            this.f38106a = bArr;
            this.f38107b = signature;
        }

        @Override // com.nimbusds.jose.CompletableJWSObjectSigning
        public Base64URL b() throws JOSEException {
            return RSASSASigner.this.r(this.f38106a, this.f38107b);
        }
    }

    public RSASSASigner(RSAKey rSAKey) throws JOSEException {
        this(RSAKeyUtils.b(rSAKey));
    }

    @Deprecated
    public RSASSASigner(RSAKey rSAKey, boolean z2) throws JOSEException {
        this(RSAKeyUtils.b(rSAKey), z2);
    }

    public RSASSASigner(PrivateKey privateKey) {
        this(privateKey, false);
    }

    public RSASSASigner(PrivateKey privateKey, Set<JWSSignerOption> set) {
        int a2;
        if (!(privateKey instanceof RSAPrivateKey) && !"RSA".equalsIgnoreCase(privateKey.getAlgorithm())) {
            throw new IllegalArgumentException("The private key algorithm must be RSA");
        }
        this.f38104d = privateKey;
        set = set == null ? Collections.emptySet() : set;
        this.f38105e = set;
        if (!OptionUtils.a(set, AllowWeakRSAKey.class) && (a2 = RSAKeyUtils.a(privateKey)) > 0 && a2 < 2048) {
            throw new IllegalArgumentException("The RSA key size must be at least 2048 bits");
        }
    }

    @Deprecated
    public RSASSASigner(PrivateKey privateKey, boolean z2) {
        this(privateKey, (Set<JWSSignerOption>) (z2 ? Collections.singleton(AllowWeakRSAKey.a()) : Collections.emptySet()));
    }

    private Signature p(JWSHeader jWSHeader) throws JOSEException {
        Signature a2 = RSASSA.a(jWSHeader.a(), d().a());
        try {
            a2.initSign(this.f38104d);
            return a2;
        } catch (InvalidKeyException e2) {
            throw new JOSEException("Invalid private RSA key: " + e2.getMessage(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Base64URL r(byte[] bArr, Signature signature) throws JOSEException {
        try {
            signature.update(bArr);
            return Base64URL.k(signature.sign());
        } catch (SignatureException e2) {
            throw new JOSEException("RSA signature exception: " + e2.getMessage(), e2);
        }
    }

    @Override // com.nimbusds.jose.JWSSigner
    public Base64URL c(JWSHeader jWSHeader, byte[] bArr) throws JOSEException {
        Signature p2 = p(jWSHeader);
        if (OptionUtils.a(this.f38105e, UserAuthenticationRequired.class)) {
            throw new ActionRequiredForJWSCompletionException("Authenticate user to complete signing", UserAuthenticationRequired.a(), new a(bArr, p2));
        }
        return r(bArr, p2);
    }

    public PrivateKey q() {
        return this.f38104d;
    }
}
