package com.microsoft.aad.adal;

import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class ChallengeResponseBuilder {

    /* renamed from: a, reason: collision with root package name */
    private final aF f1568a;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ChallengeResponseBuilder(aF aFVar) {
        this.f1568a = aFVar;
    }

    private static aC a(Class<aC> cls) throws AuthenticationException {
        try {
            return cls.getDeclaredConstructor(new Class[0]).newInstance(null);
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(Map<String, String> map, boolean z) throws AuthenticationException {
        if (!map.containsKey(RequestField.Nonce.name()) && !map.containsKey(RequestField.Nonce.name().toLowerCase(Locale.US))) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Nonce");
        }
        if (!map.containsKey(RequestField.Version.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Version");
        }
        if (z && !map.containsKey(RequestField.SubmitUrl.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "SubmitUrl");
        }
        if (!map.containsKey(RequestField.Context.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Context");
        }
        if (z && !map.containsKey(RequestField.CertAuthorities.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "CertAuthorities");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final C0607af a(C0606ae c0606ae) throws AuthenticationException {
        C0607af c0607af = new C0607af();
        c0607af.f1614a = c0606ae.e;
        c0607af.b = String.format("%s Context=\"%s\",Version=\"%s\"", "PKeyAuth", c0606ae.b, c0606ae.d);
        c0607af.f1614a = c0606ae.e;
        Class<?> deviceCertificateProxy = AuthenticationSettings.INSTANCE.getDeviceCertificateProxy();
        if (deviceCertificateProxy != null) {
            aC a2 = a((Class<aC>) deviceCertificateProxy);
            if (a2.a() || (a2.d() != null && a2.d().equalsIgnoreCase(c0606ae.c))) {
                RSAPrivateKey c = a2.c();
                if (c == null) {
                    throw new AuthenticationException(ADALError.KEY_CHAIN_PRIVATE_KEY_EXCEPTION);
                }
                c0607af.b = String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", "PKeyAuth", this.f1568a.a(c0606ae.f1613a, c0606ae.e, c, a2.e(), a2.b()), c0606ae.b, c0606ae.d);
                Logger.a("ChallengeResponseBuilder", "Challenge response:" + c0607af.b);
            }
        }
        return c0607af;
    }

    public final C0607af a(String str, String str2) throws UnsupportedEncodingException, AuthenticationException {
        if (aZ.a(str)) {
            throw new AuthenticationServerProtocolException("headerValue");
        }
        if (!aZ.b(str, "PKeyAuth")) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, str);
        }
        C0606ae c0606ae = new C0606ae();
        String substring = str.substring(8);
        ArrayList<String> a2 = aZ.a(substring, ',');
        HashMap hashMap = new HashMap();
        Iterator<String> it = a2.iterator();
        while (it.hasNext()) {
            ArrayList<String> a3 = aZ.a(it.next(), '=');
            if (a3.size() != 2 || aZ.a(a3.get(0)) || aZ.a(a3.get(1))) {
                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, substring);
            }
            hashMap.put(aZ.d(a3.get(0)).trim(), aZ.g(aZ.d(a3.get(1)).trim()));
        }
        a((Map<String, String>) hashMap, false);
        c0606ae.f1613a = (String) hashMap.get(RequestField.Nonce.name());
        if (aZ.a(c0606ae.f1613a)) {
            c0606ae.f1613a = (String) hashMap.get(RequestField.Nonce.name().toLowerCase(Locale.US));
        }
        if (!(AuthenticationSettings.INSTANCE.getDeviceCertificateProxy() != null)) {
            Logger.a("ChallengeResponseBuilder:getChallengeRequestFromHeader", "Device is not workplace joined. ");
        } else if (!aZ.a((String) hashMap.get(RequestField.CertThumbprint.name()))) {
            Logger.a("ChallengeResponseBuilder:getChallengeRequestFromHeader", "CertThumbprint exists in the device auth challenge.");
            c0606ae.c = (String) hashMap.get(RequestField.CertThumbprint.name());
        } else {
            if (!hashMap.containsKey(RequestField.CertAuthorities.name())) {
                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Both certThumbprint and certauthorities are not present");
            }
            Logger.a("ChallengeResponseBuilder:getChallengeRequestFromHeader", "CertAuthorities exists in the device auth challenge.");
            aZ.a((String) hashMap.get(RequestField.CertAuthorities.name()), ";");
        }
        c0606ae.d = (String) hashMap.get(RequestField.Version.name());
        c0606ae.b = (String) hashMap.get(RequestField.Context.name());
        c0606ae.e = str2;
        return a(c0606ae);
    }
}
