package defpackage;

import com.microsoft.identity.common.internal.platform.DevicePopManager;
import com.nimbusds.jose.util.Base64URL;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collections;
import java.util.Set;

/* loaded from: classes3.dex */
public class fl3 extends el3 implements zx1 {

    /* renamed from: d, reason: collision with root package name */
    public final PrivateKey f10089d;
    public final Set<ay1> e;

    /* loaded from: classes3.dex */
    public class a implements i00 {

        /* renamed from: a, reason: collision with root package name */
        public final /* synthetic */ byte[] f10090a;

        /* renamed from: b, reason: collision with root package name */
        public final /* synthetic */ Signature f10091b;

        public a(byte[] bArr, Signature signature) {
            this.f10090a = bArr;
            this.f10091b = signature;
        }
    }

    public fl3(PrivateKey privateKey) {
        this(privateKey, false);
    }

    public fl3(PrivateKey privateKey, Set<ay1> set) {
        int a2;
        if (!DevicePopManager.KeyPairGeneratorAlgorithms.RSA.equalsIgnoreCase(privateKey.getAlgorithm())) {
            throw new IllegalArgumentException("The private key algorithm must be RSA");
        }
        this.f10089d = privateKey;
        set = set == null ? Collections.emptySet() : set;
        this.e = set;
        if (!cv2.a(set, r3.class) && (a2 = cl3.a(privateKey)) > 0 && a2 < 2048) {
            throw new IllegalArgumentException("The RSA key size must be at least 2048 bits");
        }
    }

    @Deprecated
    public fl3(PrivateKey privateKey, boolean z) {
        this(privateKey, (Set<ay1>) (z ? Collections.singleton(r3.a()) : Collections.emptySet()));
    }

    @Override // defpackage.zx1
    public Base64URL a(wx1 wx1Var, byte[] bArr) throws sw1 {
        Signature d2 = d(wx1Var);
        if (cv2.a(this.e, ks4.class)) {
            throw new q1("Authenticate user to complete signing", ks4.a(), new a(bArr, d2));
        }
        return e(bArr, d2);
    }

    public final Signature d(wx1 wx1Var) throws sw1 {
        Signature a2 = dl3.a(wx1Var.f(), c().a());
        try {
            a2.initSign(this.f10089d);
            return a2;
        } catch (InvalidKeyException e) {
            throw new sw1("Invalid private RSA key: " + e.getMessage(), e);
        }
    }

    public final Base64URL e(byte[] bArr, Signature signature) throws sw1 {
        try {
            signature.update(bArr);
            return Base64URL.h(signature.sign());
        } catch (SignatureException e) {
            throw new sw1("RSA signature exception: " + e.getMessage(), e);
        }
    }
}
