package com.microsoft.onlineid.sts;

import android.net.Uri;
import android.util.Base64;
import com.microsoft.onlineid.internal.Strings;
import com.microsoft.onlineid.sts.SharedKeyGenerator;
import com.microsoft.onlineid.sts.request.AbstractStsRequest;
import java.security.SecureRandom;
import java.util.Date;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class OneTimeCredentialSigner {
    private static final String ApplicationIDLabel = "appid";
    private static final String BinaryVersionLabel = "bver";
    private static final String CurrentTimeLabel = "ct";
    private static final String DATokenLabel = "da";
    private static final String HashAlgorithmLabel = "hashalg";
    private static final String HashAlgorithmValue = "SHA256";
    private static final String HashLabel = "hash";
    private static final String HmacSha256Algorithm = "HmacSHA256";
    private static final String NonceLabel = "nonce";
    private final Date _currentServerTime;
    private final DAToken _daToken;
    private final SecureRandom _secureRandom;
    private final SharedKeyGenerator _sharedKeyGenerator;

    OneTimeCredentialSigner(DAToken dAToken, Date date, SecureRandom secureRandom, SharedKeyGenerator sharedKeyGenerator) {
        this._daToken = dAToken;
        this._currentServerTime = date;
        this._secureRandom = secureRandom;
        this._sharedKeyGenerator = sharedKeyGenerator;
    }

    public OneTimeCredentialSigner(Date date, DAToken dAToken) {
        this._daToken = dAToken;
        this._currentServerTime = date;
        this._secureRandom = new SecureRandom();
        this._sharedKeyGenerator = new SharedKeyGenerator(dAToken.getSessionKey());
    }

    public String generateOneTimeSignedCredential(String str) {
        byte[] bArr = new byte[32];
        this._secureRandom.nextBytes(bArr);
        Uri.Builder appendQueryParameter = new Uri.Builder().appendQueryParameter("ct", Long.toString(this._currentServerTime.getTime() / 1000)).appendQueryParameter(HashAlgorithmLabel, "SHA256").appendQueryParameter(BinaryVersionLabel, AbstractStsRequest.StsBinaryVersion).appendQueryParameter("appid", str).appendQueryParameter(DATokenLabel, this._daToken.getToken()).appendQueryParameter("nonce", Base64.encodeToString(bArr, 2));
        return appendQueryParameter.appendQueryParameter(HashLabel, Base64.encodeToString(Cryptography.getInitializedHmacSha256Digester(new SecretKeySpec(this._sharedKeyGenerator.generateKey(SharedKeyGenerator.KeyPurpose.CredentialSignature, bArr), "HmacSHA256")).doFinal(appendQueryParameter.build().getEncodedQuery().getBytes(Strings.Utf8Charset)), 2)).build().getEncodedQuery();
    }
}
