package com.microsoft.aad.adal;

import defpackage.C2588vR;
import defpackage.InterfaceC2571vA;
import defpackage.InterfaceC2574vD;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;

/* compiled from: PG */
/* loaded from: classes2.dex */
public class ChallengeResponseBuilder {

    /* renamed from: a, reason: collision with root package name */
    private final InterfaceC2574vD f4701a;

    /* compiled from: PG */
    /* loaded from: classes2.dex */
    public enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint
    }

    /* compiled from: PG */
    /* loaded from: classes2.dex */
    public class a {

        /* renamed from: a, reason: collision with root package name */
        public String f4702a = "";
        public String b = "";
        String c = "";
        public String d = null;
        public String e = "";
    }

    /* compiled from: PG */
    /* loaded from: classes2.dex */
    public class b {

        /* renamed from: a, reason: collision with root package name */
        public String f4703a;
        public String b;

        b() {
        }
    }

    public ChallengeResponseBuilder(InterfaceC2574vD interfaceC2574vD) {
        this.f4701a = interfaceC2574vD;
    }

    private static InterfaceC2571vA a(Class<InterfaceC2571vA> cls) throws AuthenticationException {
        try {
            return cls.getDeclaredConstructor(new Class[0]).newInstance(null);
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e);
        }
    }

    public static void a(Map<String, String> map, boolean z) throws AuthenticationException {
        if (!map.containsKey(RequestField.Nonce.name()) && !map.containsKey(RequestField.Nonce.name().toLowerCase(Locale.US))) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Nonce");
        }
        if (!map.containsKey(RequestField.Version.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Version");
        }
        if (z && !map.containsKey(RequestField.SubmitUrl.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "SubmitUrl");
        }
        if (!map.containsKey(RequestField.Context.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Context");
        }
        if (z && !map.containsKey(RequestField.CertAuthorities.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "CertAuthorities");
        }
    }

    public final b a(a aVar) throws AuthenticationException {
        b bVar = new b();
        bVar.f4703a = aVar.e;
        bVar.b = String.format("%s Context=\"%s\",Version=\"%s\"", "PKeyAuth", aVar.b, aVar.d);
        bVar.f4703a = aVar.e;
        Class<?> deviceCertificateProxy = AuthenticationSettings.INSTANCE.getDeviceCertificateProxy();
        if (deviceCertificateProxy != null) {
            InterfaceC2571vA a2 = a((Class<InterfaceC2571vA>) deviceCertificateProxy);
            if (a2.a() || (a2.d() != null && a2.d().equalsIgnoreCase(aVar.c))) {
                RSAPrivateKey c = a2.c();
                if (c == null) {
                    throw new AuthenticationException(ADALError.KEY_CHAIN_PRIVATE_KEY_EXCEPTION);
                }
                bVar.b = String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", "PKeyAuth", this.f4701a.a(aVar.f4702a, aVar.e, c, a2.e(), a2.b()), aVar.b, aVar.d);
                Logger.b("ChallengeResponseBuilder", "Challenge response:" + bVar.b);
            }
        }
        return bVar;
    }

    public final b a(String str, String str2) throws UnsupportedEncodingException, AuthenticationException {
        if (C2588vR.a(str)) {
            throw new AuthenticationServerProtocolException("headerValue");
        }
        if (!C2588vR.b(str, "PKeyAuth")) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, str);
        }
        a aVar = new a();
        String substring = str.substring(8);
        ArrayList<String> a2 = C2588vR.a(substring, ',');
        HashMap hashMap = new HashMap();
        Iterator<String> it = a2.iterator();
        while (it.hasNext()) {
            ArrayList<String> a3 = C2588vR.a(it.next(), '=');
            if (a3.size() != 2 || C2588vR.a(a3.get(0)) || C2588vR.a(a3.get(1))) {
                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, substring);
            }
            hashMap.put(C2588vR.d(a3.get(0)).trim(), C2588vR.g(C2588vR.d(a3.get(1)).trim()));
        }
        a((Map<String, String>) hashMap, false);
        aVar.f4702a = (String) hashMap.get(RequestField.Nonce.name());
        if (C2588vR.a(aVar.f4702a)) {
            aVar.f4702a = (String) hashMap.get(RequestField.Nonce.name().toLowerCase(Locale.US));
        }
        if (!(AuthenticationSettings.INSTANCE.getDeviceCertificateProxy() != null)) {
            Logger.b("ChallengeResponseBuilder:getChallengeRequestFromHeader", "Device is not workplace joined. ");
        } else if (!C2588vR.a((String) hashMap.get(RequestField.CertThumbprint.name()))) {
            Logger.b("ChallengeResponseBuilder:getChallengeRequestFromHeader", "CertThumbprint exists in the device auth challenge.");
            aVar.c = (String) hashMap.get(RequestField.CertThumbprint.name());
        } else {
            if (!hashMap.containsKey(RequestField.CertAuthorities.name())) {
                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Both certThumbprint and certauthorities are not present");
            }
            Logger.b("ChallengeResponseBuilder:getChallengeRequestFromHeader", "CertAuthorities exists in the device auth challenge.");
            C2588vR.a((String) hashMap.get(RequestField.CertAuthorities.name()), ";");
        }
        aVar.d = (String) hashMap.get(RequestField.Version.name());
        aVar.b = (String) hashMap.get(RequestField.Context.name());
        aVar.e = str2;
        return a(aVar);
    }
}
