package com.microsoft.aad.adal;

import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;

/* loaded from: classes.dex */
class ChallangeResponseBuilder {
    private static final String TAG = "ChallangeResponseBuilder";
    private IJWSBuilder mJWSBuilder;

    /* loaded from: classes.dex */
    public class ChallangeRequest {
        List<String> mCertAuthorities;
        String mNonce = "";
        String mContext = "";
        String mThumbprint = "";
        String mVersion = null;
        String mSubmitUrl = "";

        public ChallangeRequest() {
        }
    }

    /* loaded from: classes.dex */
    public class ChallangeResponse {
        String mAuthorizationHeaderValue;
        String mSubmitUrl;

        public ChallangeResponse() {
        }

        public String getAuthorizationHeaderValue() {
            return this.mAuthorizationHeaderValue;
        }

        public String getSubmitUrl() {
            return this.mSubmitUrl;
        }
    }

    /* loaded from: classes10.dex */
    public enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint
    }

    public ChallangeResponseBuilder(IJWSBuilder iJWSBuilder) {
        this.mJWSBuilder = iJWSBuilder;
    }

    private ChallangeRequest getChallangeRequest(String str) {
        if (StringExtensions.IsNullOrBlank(str)) {
            throw new IllegalArgumentException("redirectUri");
        }
        ChallangeRequest challangeRequest = new ChallangeRequest();
        HashMap<String, String> urlParameters = StringExtensions.getUrlParameters(str);
        validateChallangeRequest(urlParameters, true);
        RequestField requestField = RequestField.Nonce;
        String str2 = urlParameters.get(requestField.name());
        challangeRequest.mNonce = str2;
        if (StringExtensions.IsNullOrBlank(str2)) {
            challangeRequest.mNonce = urlParameters.get(requestField.name().toLowerCase(Locale.US));
        }
        String str3 = urlParameters.get(RequestField.CertAuthorities.name());
        Logger.v(TAG, "Cert authorities:" + str3);
        challangeRequest.mCertAuthorities = StringExtensions.getStringTokens(str3, ";");
        challangeRequest.mVersion = urlParameters.get(RequestField.Version.name());
        challangeRequest.mSubmitUrl = urlParameters.get(RequestField.SubmitUrl.name());
        challangeRequest.mContext = urlParameters.get(RequestField.Context.name());
        return challangeRequest;
    }

    private ChallangeRequest getChallangeRequestFromHeader(String str) throws UnsupportedEncodingException {
        if (StringExtensions.IsNullOrBlank(str)) {
            throw new IllegalArgumentException("headerValue");
        }
        if (!StringExtensions.hasPrefixInHeader(str, "PKeyAuth")) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, str);
        }
        ChallangeRequest challangeRequest = new ChallangeRequest();
        String substring = str.substring(8);
        ArrayList<String> splitWithQuotes = StringExtensions.splitWithQuotes(substring, ',');
        HashMap<String, String> hashMap = new HashMap<>();
        Iterator<String> it = splitWithQuotes.iterator();
        while (it.hasNext()) {
            ArrayList<String> splitWithQuotes2 = StringExtensions.splitWithQuotes(it.next(), '=');
            if (splitWithQuotes2.size() != 2 || StringExtensions.IsNullOrBlank(splitWithQuotes2.get(0)) || StringExtensions.IsNullOrBlank(splitWithQuotes2.get(1))) {
                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, substring);
            }
            String str2 = splitWithQuotes2.get(0);
            String str3 = splitWithQuotes2.get(1);
            hashMap.put(StringExtensions.URLFormDecode(str2).trim(), StringExtensions.removeQuoteInHeaderValue(StringExtensions.URLFormDecode(str3).trim()));
        }
        validateChallangeRequest(hashMap, false);
        RequestField requestField = RequestField.Nonce;
        String str4 = hashMap.get(requestField.name());
        challangeRequest.mNonce = str4;
        if (StringExtensions.IsNullOrBlank(str4)) {
            challangeRequest.mNonce = hashMap.get(requestField.name().toLowerCase(Locale.US));
        }
        String str5 = hashMap.get(RequestField.CertThumbprint.name());
        challangeRequest.mThumbprint = str5;
        if (StringExtensions.IsNullOrBlank(str5)) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "CertThumbprint is not present in the header");
        }
        challangeRequest.mVersion = hashMap.get(RequestField.Version.name());
        challangeRequest.mContext = hashMap.get(RequestField.Context.name());
        return challangeRequest;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ChallangeResponse getDeviceCertResponse(ChallangeRequest challangeRequest) {
        ChallangeResponse noDeviceCertResponse = getNoDeviceCertResponse(challangeRequest);
        noDeviceCertResponse.mSubmitUrl = challangeRequest.mSubmitUrl;
        Class<?> deviceCertificateProxy = AuthenticationSettings.INSTANCE.getDeviceCertificateProxy();
        if (deviceCertificateProxy != null) {
            IDeviceCertificate wPJAPIInstance = getWPJAPIInstance(deviceCertificateProxy);
            if (wPJAPIInstance.isValidIssuer(challangeRequest.mCertAuthorities) || (wPJAPIInstance.getThumbPrint() != null && wPJAPIInstance.getThumbPrint().equalsIgnoreCase(challangeRequest.mThumbprint))) {
                RSAPrivateKey rSAPrivateKey = wPJAPIInstance.getRSAPrivateKey();
                if (rSAPrivateKey == null) {
                    throw new AuthenticationException(ADALError.KEY_CHAIN_PRIVATE_KEY_EXCEPTION);
                }
                noDeviceCertResponse.mAuthorizationHeaderValue = String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", "PKeyAuth", this.mJWSBuilder.generateSignedJWT(challangeRequest.mNonce, challangeRequest.mSubmitUrl, rSAPrivateKey, wPJAPIInstance.getRSAPublicKey(), wPJAPIInstance.getCertificate()), challangeRequest.mContext, challangeRequest.mVersion);
                Logger.v(TAG, "Challange response:" + noDeviceCertResponse.mAuthorizationHeaderValue);
            }
        }
        return noDeviceCertResponse;
    }

    private ChallangeResponse getNoDeviceCertResponse(ChallangeRequest challangeRequest) {
        ChallangeResponse challangeResponse = new ChallangeResponse();
        challangeResponse.mSubmitUrl = challangeRequest.mSubmitUrl;
        challangeResponse.mAuthorizationHeaderValue = String.format("%s Context=\"%s\",Version=\"%s\"", "PKeyAuth", challangeRequest.mContext, challangeRequest.mVersion);
        return challangeResponse;
    }

    private IDeviceCertificate getWPJAPIInstance(Class<IDeviceCertificate> cls) {
        try {
            return cls.getDeclaredConstructor(new Class[0]).newInstance(null);
        } catch (IllegalAccessException e10) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e10);
        } catch (IllegalArgumentException e11) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e11);
        } catch (InstantiationException e12) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e12);
        } catch (NoSuchMethodException e13) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e13);
        } catch (InvocationTargetException e14) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e14);
        }
    }

    private void validateChallangeRequest(HashMap<String, String> hashMap, boolean z10) {
        RequestField requestField = RequestField.Nonce;
        if (!hashMap.containsKey(requestField.name()) && !hashMap.containsKey(requestField.name().toLowerCase(Locale.US))) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Nonce");
        }
        if (!hashMap.containsKey(RequestField.Version.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Version");
        }
        if (z10 && !hashMap.containsKey(RequestField.SubmitUrl.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "SubmitUrl");
        }
        if (!hashMap.containsKey(RequestField.Context.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Context");
        }
        if (z10 && !hashMap.containsKey(RequestField.CertAuthorities.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "CertAuthorities");
        }
    }

    public ChallangeResponse getChallangeResponseFromHeader(String str, String str2) throws UnsupportedEncodingException {
        ChallangeRequest challangeRequestFromHeader = getChallangeRequestFromHeader(str);
        challangeRequestFromHeader.mSubmitUrl = str2;
        return getDeviceCertResponse(challangeRequestFromHeader);
    }

    public ChallangeResponse getChallangeResponseFromUri(String str) {
        return getDeviceCertResponse(getChallangeRequest(str));
    }
}
