package com.microsoft.aad.adal;

import com.microsoft.b.a.a.a.c.d;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;

/* loaded from: classes.dex */
class ChallengeResponseBuilder {

    /* renamed from: a, reason: collision with root package name */
    private final IJWSBuilder f4949a;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class ChallengeRequest {

        /* renamed from: d, reason: collision with root package name */
        private List<String> f4953d;

        /* renamed from: b, reason: collision with root package name */
        private String f4951b = "";

        /* renamed from: c, reason: collision with root package name */
        private String f4952c = "";
        private String e = "";
        private String f = null;
        private String g = "";

        ChallengeRequest() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class ChallengeResponse {

        /* renamed from: b, reason: collision with root package name */
        private String f4955b;

        /* renamed from: c, reason: collision with root package name */
        private String f4956c;

        ChallengeResponse() {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String a() {
            return this.f4955b;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String b() {
            return this.f4956c;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ChallengeResponseBuilder(IJWSBuilder iJWSBuilder) {
        this.f4949a = iJWSBuilder;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ChallengeResponse a(ChallengeRequest challengeRequest) throws AuthenticationException {
        ChallengeResponse b2 = b(challengeRequest);
        b2.f4955b = challengeRequest.g;
        Class<?> deviceCertificateProxy = AuthenticationSettings.INSTANCE.getDeviceCertificateProxy();
        if (deviceCertificateProxy != null) {
            IDeviceCertificate a2 = a((Class<IDeviceCertificate>) deviceCertificateProxy);
            if (a2.a(challengeRequest.f4953d) || (a2.c() != null && a2.c().equalsIgnoreCase(challengeRequest.e))) {
                RSAPrivateKey b3 = a2.b();
                if (b3 == null) {
                    throw new AuthenticationException(ADALError.KEY_CHAIN_PRIVATE_KEY_EXCEPTION);
                }
                b2.f4956c = String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", "PKeyAuth", this.f4949a.a(challengeRequest.f4951b, challengeRequest.g, b3, a2.d(), a2.a()), challengeRequest.f4952c, challengeRequest.f);
                Logger.b("ChallengeResponseBuilder", "Receive challenge response. ", "Challenge response:" + b2.f4956c, null);
            }
        }
        return b2;
    }

    private IDeviceCertificate a(Class<IDeviceCertificate> cls) throws AuthenticationException {
        try {
            return cls.getDeclaredConstructor(new Class[0]).newInstance((Object[]) null);
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e);
        }
    }

    private void a(Map<String, String> map, boolean z) throws AuthenticationException {
        if (!map.containsKey(RequestField.Nonce.name()) && !map.containsKey(RequestField.Nonce.name().toLowerCase(Locale.US))) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Nonce");
        }
        if (!map.containsKey(RequestField.Version.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Version");
        }
        if (z && !map.containsKey(RequestField.SubmitUrl.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "SubmitUrl");
        }
        if (!map.containsKey(RequestField.Context.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Context");
        }
        if (z && !map.containsKey(RequestField.CertAuthorities.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "CertAuthorities");
        }
    }

    private boolean a() {
        return AuthenticationSettings.INSTANCE.getDeviceCertificateProxy() != null;
    }

    private ChallengeRequest b(String str) throws UnsupportedEncodingException, AuthenticationException {
        if (d.a(str)) {
            throw new AuthenticationServerProtocolException("headerValue");
        }
        if (!d.b(str, "PKeyAuth")) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, str);
        }
        ChallengeRequest challengeRequest = new ChallengeRequest();
        String substring = str.substring("PKeyAuth".length());
        ArrayList<String> a2 = d.a(substring, ',');
        HashMap hashMap = new HashMap();
        Iterator<String> it = a2.iterator();
        while (it.hasNext()) {
            ArrayList<String> a3 = d.a(it.next(), '=');
            if (a3.size() == 2 && !d.a(a3.get(0)) && !d.a(a3.get(1))) {
                String str2 = a3.get(0);
                String str3 = a3.get(1);
                hashMap.put(d.d(str2).trim(), d.g(d.d(str3).trim()));
            } else {
                if (a3.size() != 1 || d.a(a3.get(0))) {
                    throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, substring);
                }
                hashMap.put(d.d(a3.get(0)).trim(), d.d(""));
            }
        }
        a((Map<String, String>) hashMap, false);
        challengeRequest.f4951b = hashMap.get(RequestField.Nonce.name());
        if (d.a(challengeRequest.f4951b)) {
            challengeRequest.f4951b = hashMap.get(RequestField.Nonce.name().toLowerCase(Locale.US));
        }
        if (!a()) {
            Logger.b("ChallengeResponseBuilder:getChallengeRequestFromHeader", "Device is not workplace joined. ");
        } else if (!d.a(hashMap.get(RequestField.CertThumbprint.name()))) {
            Logger.b("ChallengeResponseBuilder:getChallengeRequestFromHeader", "CertThumbprint exists in the device auth challenge.");
            challengeRequest.e = hashMap.get(RequestField.CertThumbprint.name());
        } else {
            if (!hashMap.containsKey(RequestField.CertAuthorities.name())) {
                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Both certThumbprint and certauthorities are not present");
            }
            Logger.b("ChallengeResponseBuilder:getChallengeRequestFromHeader", "CertAuthorities exists in the device auth challenge.");
            challengeRequest.f4953d = d.a(hashMap.get(RequestField.CertAuthorities.name()), ";");
        }
        challengeRequest.f = hashMap.get(RequestField.Version.name());
        challengeRequest.f4952c = hashMap.get(RequestField.Context.name());
        return challengeRequest;
    }

    private ChallengeResponse b(ChallengeRequest challengeRequest) {
        ChallengeResponse challengeResponse = new ChallengeResponse();
        challengeResponse.f4955b = challengeRequest.g;
        challengeResponse.f4956c = String.format("%s Context=\"%s\",Version=\"%s\"", "PKeyAuth", challengeRequest.f4952c, challengeRequest.f);
        return challengeResponse;
    }

    private ChallengeRequest c(String str) throws AuthenticationException {
        if (d.a(str)) {
            throw new AuthenticationServerProtocolException("redirectUri");
        }
        ChallengeRequest challengeRequest = new ChallengeRequest();
        HashMap<String, String> f = d.f(str);
        a((Map<String, String>) f, true);
        challengeRequest.f4951b = f.get(RequestField.Nonce.name());
        if (d.a(challengeRequest.f4951b)) {
            challengeRequest.f4951b = f.get(RequestField.Nonce.name().toLowerCase(Locale.US));
        }
        String str2 = f.get(RequestField.CertAuthorities.name());
        Logger.b("ChallengeResponseBuilder:getChallengeRequest", "Get cert authorities. ", "Authorities: " + str2, null);
        challengeRequest.f4953d = d.a(str2, ";");
        challengeRequest.f = f.get(RequestField.Version.name());
        challengeRequest.g = f.get(RequestField.SubmitUrl.name());
        challengeRequest.f4952c = f.get(RequestField.Context.name());
        return challengeRequest;
    }

    public ChallengeResponse a(String str) throws AuthenticationException {
        return a(c(str));
    }

    public ChallengeResponse a(String str, String str2) throws UnsupportedEncodingException, AuthenticationException {
        ChallengeRequest b2 = b(str);
        b2.g = str2;
        return a(b2);
    }
}
