package com.microsoft.onlineid.sts;

import android.net.Uri;
import android.util.Base64;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.onlineid.internal.Strings;
import com.microsoft.onlineid.sts.SharedKeyGenerator;
import java.security.SecureRandom;
import java.util.Date;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class OneTimeCredentialSigner {
    private final Date _currentServerTime;
    private final DAToken _daToken;
    private final SecureRandom _secureRandom = new SecureRandom();
    private final SharedKeyGenerator _sharedKeyGenerator;

    public OneTimeCredentialSigner(Date date, DAToken dAToken) {
        this._daToken = dAToken;
        this._currentServerTime = date;
        this._sharedKeyGenerator = new SharedKeyGenerator(dAToken.getSessionKey());
    }

    public String generateOneTimeSignedCredential(String str) {
        byte[] bArr = new byte[32];
        this._secureRandom.nextBytes(bArr);
        Uri.Builder appendQueryParameter = new Uri.Builder().appendQueryParameter("ct", Long.toString(this._currentServerTime.getTime() / 1000)).appendQueryParameter("hashalg", "SHA256").appendQueryParameter("bver", "11").appendQueryParameter("appid", str).appendQueryParameter("da", this._daToken.getToken()).appendQueryParameter(AuthenticationConstants.Broker.PRT_NONCE, Base64.encodeToString(bArr, 2));
        return appendQueryParameter.appendQueryParameter("hash", Base64.encodeToString(Cryptography.getInitializedHmacSha256Digester(new SecretKeySpec(this._sharedKeyGenerator.generateKey(SharedKeyGenerator.KeyPurpose.CredentialSignature, bArr), "HmacSHA256")).doFinal(appendQueryParameter.build().getEncodedQuery().getBytes(Strings.Utf8Charset)), 2)).build().getEncodedQuery();
    }
}
