package com.auth0.client.auth;

import com.auth0.exception.ClientAssertionSigningException;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTCreationException;
import com.auth0.utils.Asserts;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Instant;
import java.util.UUID;

/* loaded from: input_file:com/auth0/client/auth/RSAClientAssertionSigner.class */
public class RSAClientAssertionSigner implements ClientAssertionSigner {
    private final RSAPrivateKey assertionSigningKey;
    private final RSASigningAlgorithm assertionSigningAlgorithm;

    /* loaded from: input_file:com/auth0/client/auth/RSAClientAssertionSigner$RSASigningAlgorithm.class */
    public enum RSASigningAlgorithm {
        RSA256,
        RSA384
    }

    public RSAClientAssertionSigner(RSAPrivateKey rSAPrivateKey, RSASigningAlgorithm rSASigningAlgorithm) {
        Asserts.assertNotNull(rSAPrivateKey, "assertion signing key");
        Asserts.assertNotNull(rSASigningAlgorithm, "assertion signing algorithm");
        this.assertionSigningKey = rSAPrivateKey;
        this.assertionSigningAlgorithm = rSASigningAlgorithm;
    }

    public RSAClientAssertionSigner(RSAPrivateKey rSAPrivateKey) {
        this(rSAPrivateKey, RSASigningAlgorithm.RSA256);
    }

    @Override // com.auth0.client.auth.ClientAssertionSigner
    public String createSignedClientAssertion(String str, String str2, String str3) {
        Instant now = Instant.now();
        JWTCreator.Builder withClaim = JWT.create().withIssuer(str).withAudience(new String[]{str2}).withSubject(str3).withIssuedAt(now).withExpiresAt(now.plusSeconds(180L)).withClaim("jti", UUID.randomUUID().toString());
        switch (this.assertionSigningAlgorithm) {
            case RSA256:
                try {
                    return withClaim.sign(Algorithm.RSA256((RSAPublicKey) null, this.assertionSigningKey));
                } catch (JWTCreationException e) {
                    throw new ClientAssertionSigningException("Error creating the JWT used for client assertion using the RSA256 signing algorithm", e);
                }
            case RSA384:
                try {
                    return withClaim.sign(Algorithm.RSA384((RSAPublicKey) null, this.assertionSigningKey));
                } catch (JWTCreationException e2) {
                    throw new ClientAssertionSigningException("Error creating the JWT used for client assertion using the RSA384 signing algorithm", e2);
                }
            default:
                throw new ClientAssertionSigningException("Error creating the JWT used for client assertion. Unknown algorithm.");
        }
    }

    RSASigningAlgorithm getAssertionSigningAlgorithm() {
        return this.assertionSigningAlgorithm;
    }
}
